Fortify on Demand Security Review. Fortify Open Review

Transcription

1 Fortify on Demand Security Review Company: Project: Version: Latest Analysis: Fortify Open Review GNU m /17/ :16:24 PM

2 Executive Summary Company: Project: Version: Static Analysis Date: Dynamic Analysis Date: Fortify Open Review GNU m /17/ :16:24 PM Fortify Security Rating 14 issues Application Details Risk Totals by Severity Risk Totals by Instance Count Likelihood Most Prevalent Issues (by Category) Remediation Roadmap To Achieve Major Fixes Minor Fixes Issue Status New Existing Reopened

3 Issue Breakdown Issues are divided based on their impact (potential damage) and likelihood (probability of identification and exploit). High impact / high likelihood issues represent the highest priority and present the greatest threat. Low impact / low likelihood issues are the lowest priority and present the smallest threat. See Appendix for more information. Rating Category Test Type Instance Count High Memory Leak Static 7 High Null Dereference Static 3 High Unreleased Resource Static 2 High Use After Free Static 2 3

4 Issue Breakdown by OWASP Top PCI Sections 6.3, 6.5 & 6.6 The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. The PCI compliance standards, particularly sections 6.3, 6.5, and 6.6, reference the OWASP Top Ten vulnerability categories as the core categories that must be tested for and remediated. OWASP 2013 Category Critical High None 14 Total 14 Severity Medium Low 4

5 Issue Breakdown by Analysis Type Issues are divided based on their impact (potential damage) and likelihood (probability of identification and exploit). High impact / high likelihood issues represent the highest priority and present the greatest threat. Low impact / low likelihood issues are the lowest priority and present the smallest threat. See Appendix for more information. Category Static Dynamic Memory Leak 7 0 Null Dereference 3 0 Unreleased Resource 2 0 Use After Free 2 0 Total

6 Issue Details Below is an enumeration of all issues found in the project. The issues are organized by priority and category and then broken down by the package, namespace, or location in which they occur. The priority of an issue can be Critical, High, Medium, or Low. Issues from static analysis reported on at same line number with the same category originate from different taint sources Memory Leak High CWE ID 401 OWASP Top 10: None PCI 3.0: Requirement Summary The function in allocates memory on line and fails to free it.memory is allocated but never freed. Explanation Memory leaks have two common and sometimes overlapping causes: - Error conditions and other exceptional circumstances. - Confusion over which part of the program is responsible for freeing the memory. In this case the memory allocated in clean-temp.c at line 409 is not always freed or returned by the function. Most memory leaks result in general software reliability problems, but if an attacker can intentionally trigger a memory leak, the attacker may be able to launch a denial of service attack (by crashing the program) or take advantage of other unexpected program behavior resulting from a low memory condition [1]. Example 1: The following C function leaks a block of allocated memory if the call to read() fails to return the expected number of bytes: char* getblock(int fd) char* buf = (char*) malloc(block_size); if (!buf) return NULL; if (read(fd, buf, BLOCK_SIZE)!= BLOCK_SIZE) return NULL; return buf; Recommendation Because memory leaks can be difficult to track down, you should establish a set of memory management patterns and idioms for your software. Do not tolerate deviations from your conventions. One good pattern for addressing the error handling mistake in the example is to use forward-reaching goto statements so that the function has a single well-defined region for handling errors, as follows: char* getblock(int fd) char* buf = (char*) malloc(block_size); if (!buf) goto ERR; if (read(fd, buf, BLOCK_SIZE)!= BLOCK_SIZE) goto ERR; 6

7 return buf; ERR: if (buf) free(buf); return NULL; References 2003 Instances Memory Leak High Package: N/A Location Analysis Info Analyzer ID lib/clean-temp.c:409 ID lib/clean-temp.c:317 ID lib/clean-temp.c:374 ID lib/closein.c:102 ID lib/closeout.c:114 ID lib/gl_anytree_oset.h:147 ID lib/localcharset.c:224 Sink:gl_list_add_first(?, xstrdup(absolute_dir _name)) in clean-temp.c:409 Enclosing Method:register_temp_subdir Sink:tmpdir = xmalloc(...) in clean-temp.c:317 Enclosing Method:create_temp_dir Sink:gl_list_add_first(?, xstrdup(absolute_file _name)) in clean-temp.c:374 Enclosing Method:register_temp_file Sink:quotearg_colon(...) in closein.c:102 Enclosing Method:close_stdin Sink:quotearg_colon(...) in closeout.c:114 Enclosing Method:close_stdout Sink:gl_tree_nx_add_first(...) in gl_anytree_oset.h:147 Enclosing Method:gl_tree_nx_add Sink:res_ptr = malloc(...) in localcharset.c:224 Enclosing Method:get_charset_aliases controlflow controlflow controlflow controlflow controlflow controlflow controlflow 7

8 6.1.2 Null Dereference High CWE ID 476 OWASP Top 10: None PCI 3.0: Requirement Summary The function in can crash the program by dereferencing a null pointer on line.the program can potentially dereference a null pointer, thereby causing a segmentation fault. Explanation Null pointer exceptions usually occur when one or more of the programmer's assumptions is violated. There are at least three flavors of this problem: check-after-dereference, dereference-after-check, and dereference-after-store. A check-after-dereference error occurs when a program dereferences a pointer that can be null before checking if the pointer is null. Dereference-after-check errors occur when a program makes an explicit check for null, but proceeds to dereference the pointer when it is known to be null. Errors of this type are often the result of a typo or programmer oversight. A dereference-after-store error occurs when a program explicitly sets a pointer to null and dereferences it later. This error is often the result of a programmer initializing a variable to null when it is declared. In this case the variable can be null when it is dereferenced at line 4937, thereby causing a segmentation fault. Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker may be able to use the resulting exception to bypass security logic in order to mount a denial of service attack, or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks. Example 1: In the following code, the programmer assumes that the variable ptr is not NULL. That assumption is made explicit when the programmer dereferences the pointer. This assumption is later contradicted when the programmer checks ptr against NULL. If ptr can be NULL when it is checked in the if statement then it can also be NULL when it dereferenced and may cause a segmentation fault. ptr->field = val;... if (ptr!= NULL)... Example 2: In the following code, the programmer confirms that the variable ptr is NULL and subsequently dereferences it erroneously. If ptr is NULL when it is checked in the if statement, then a null dereference will occur, thereby causing a segmentation fault. if (ptr == null) ptr->field = val;... Example 3: In the following code, the programmer forgets that the string '\0' is actually 0 or NULL, thereby dereferencing a null pointer and causing a segmentation fault. if (ptr == '\0') *ptr = val;... Example 4: In the following code, the programmer explicitly sets the variable ptr to NULL. Later, the programmer dereferences ptr before checking the object for a null value. *ptr = NULL;... ptr->field = val;... 8

9 Recommendation Security problems caused by dereferencing NULL pointers almost always take the form of denial of service attacks. If an attacker can consistently trigger a null pointer dereference then other users may be prevented from gaining legitimate access to the application. Apart from situations where an attacker can deliberately trigger a segmentation fault, dereferencing a null pointer may cause sporadic crashes that can be hard to track down. Implement careful checks before dereferencing objects that might be null. When possible, abstract null checks into wrappers around code that manipulates resources to ensure that they are applied in all cases and to minimize the places where mistakes can occur. Instances Null Dereference High Package: N/A Location Analysis Info Analyzer ID lib/vasnprintf.c:4937 ID lib/vasnprintf.c:5549 ID lib/vasnprintf.c:1905 Sink:Dereferenced : result in vasnprintf.c:4937 Enclosing Method:vasnprintf Sink:Dereferenced : result in vasnprintf.c:5549 Enclosing Method:vasnprintf Sink:Dereferenced : result in vasnprintf.c:1905 Enclosing Method:vasnprintf controlflow controlflow controlflow 9

10 6.1.3 Unreleased Resource High CWE ID 404 OWASP Top 10: None PCI 3.0: Requirement Summary The function in sometimes fails to release a system resource allocated by on line.the program can potentially fail to release a system resource. Explanation The program can potentially fail to release a system resource. In this case, there are program paths on which the resource allocated in builtin.c at line 1348 is not always released. Resource leaks have at least two common causes: - Error conditions and other exceptional circumstances. - Confusion over which part of the program is responsible for releasing the resource. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker may be able to launch a denial of service by depleting the resource pool. Example: The following function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles. int decodefile(char* fname) char buf[buf_sz]; FILE* f = fopen(fname, "r"); if (!f) printf("cannot open %s\n", fname); return DECODE_FAIL; else while (fgets(buf, BUF_SZ, f)) if (!checkchecksum(buf)) return DECODE_FAIL; else decodeblock(buf); fclose(f); return DECODE_SUCCESS; Recommendation Because resource leaks can be hard to track down, establish a set of resource management patterns and idioms for your software and do not tolerate deviations from your conventions. One good pattern for addressing the error handling mistake in this example is to use forward-reaching goto statements so that the function has a single well-defined region for handling errors, as follows: int decodefile(char* fname) char buf[buf_sz]; FILE* f = fopen(fname, "r"); if (!f) goto ERR; 10

11 else while (fgets(buf, BUF_SZ, f)) if (!checkchecksum(buf)) goto ERR; else decodeblock(buf); fclose(f); return DECODE_SUCCESS; ERR: if (!f) printf("cannot open %s\n", fname); else fclose(f); return DECODE_FAIL; Instances Unreleased Resource High Package: N/A Location Analysis Info Analyzer ID src/builtin.c:1348 ID src/m4.c:338 Sink:fp = m4_path_search(...) in builtin.c:1348 Enclosing Method:include Sink:fp = m4_path_search(...) in m4.c:338 Enclosing Method:process_file controlflow controlflow 11

12 6.1.4 Use After Free High CWE ID 416 OWASP Top 10: None PCI 3.0: Requirement Summary The function in references a freed memory location on line.referencing memory after it has been freed can cause a program to crash. Explanation Use after free errors occur when a program continues to use a pointer after it has been freed. Like double free errors and memory leaks, use after free errors have two common and sometimes overlapping causes: - Error conditions and other exceptional circumstances. - Confusion over which part of the program is responsible for freeing the memory In this case the data is freed in clean-temp.c at line 511 and used again in clean-temp.c at line 525. Use after free errors sometimes have no effect and other times cause a program to crash. While it is technically feasible for the freed memory to be re-allocated and for an attacker to use this reallocation to launch a buffer overflow attack, we are unaware of any exploits based on this type of attack. Example: The following code illustrates a use after free error: char* ptr = (char*)malloc (SIZE);... if (err) abrt = 1; free(ptr);... if (abrt) logerror("operation aborted before commit", ptr); Recommendation Guard against using memory after it has been freed by giving up all references to the memory immediately after calling free(). This is commonly achieved by replacing calls to free() with a macro that assigns NULL to the pointer immediately after it is freed: #define FREE( ptr ) free(ptr); ptr = NULL; While this technique prevents the freed memory from being used again, if there is still confusion about when the memory is supposed to be freed, assigning the NULL to the pointer can result in a null pointer dereference. In most cases this is probably an improvement, because the error is more likely to be caught during testing and is less likely to lead to an exploitable vulnerability. It transforms an error with unpredictable behavior into an error that is easier to debug. Instances Use After Free High Package: N/A Location Analysis Info Analyzer ID lib/clean-temp.c:525 Sink:gl_list_remove_node(..., node) : Pointer node used after it was previously freed in clean-temp.c:525 Enclosing Method:cleanup_temp_dir_contents controlflow 12

13 ID lib/clean-temp.c:511 Sink:gl_list_remove_node(..., node) : Pointer node used after it was previously freed in clean-temp.c:511 Enclosing Method:cleanup_temp_dir_contents controlflow 13

14 Analysis Traces Below is an enumeration of all static issues with their stack trace sections. ID Memory Leak High gl_list.h:690 - return Analysis Trace clean-temp.c:408 - Branch taken: clean-temp.c:409 - xstrdup(...) clean-temp.c:409 - gl_list_add_first(?, gl_xlist.h:117 - elt refers to dynamically allocated gl_xlist.h:119 - gl_list_nx_add_first(?, elt) gl_list.h:688 - elt refers to dynamically allocated gl_list.h:691 - gl_linked_nx_add_first(?, elt) gl_anylinked_list2.h:596 - elt refers to dynamically gl_anylinked_list2.h:601 - Branch taken: (node == gl_anylinked_list2.h:602 - return gl_xlist.h:120 - Branch not taken: (result!= NULL) gl_xlist.h:122 - return clean-temp.c:409 - <inline expression> no longer refers to clean-temp.c:409 - end scope : Memory leaked lib/clean-temp.c: struct tempdir *tmpdir = (struct tempdir *)dir; /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */ if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL) gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name)); lib/clean-temp.c: /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */ if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL) gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name)); lib/gl_xlist.h: GL_XLIST_INLINE gl_list_node_t gl_list_add_first (gl_list_t list, const void *elt) gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) Source /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR, GL_XLIST_INLINE gl_list_node_t gl_list_add_first (gl_list_t list, const void *elt) gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) xalloc_die (); return result; #if GNUC > 3 ( GNUC == 3 && GNUC_MINOR >= 4) attribute (( warn_unused_result )) #endif gl_list_nx_add_first (gl_list_t list, const void *elt) return ((const struct gl_list_impl_base *) list)->vtable ->nx_add_first (list, elt); gl_list_nx_add_first (gl_list_t list, const void *elt) return ((const struct gl_list_impl_base *) list)->vtable ->nx_add_first (list, elt); GL_LIST_INLINE gl_list_node_t lib/gl_xlist.h: lib/gl_list.h: lib/gl_list.h: lib/gl_anylinked_list2.h: static gl_list_node_t gl_linked_nx_add_first (gl_list_t list, const void *elt) gl_list_node_t node = (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); lib/gl_anylinked_list2.h: gl_list_node_t node = (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); if (node == NULL) return NULL; ASYNCSAFE(const void *) node->value = elt; lib/gl_anylinked_list2.h: (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); if (node == NULL) return NULL; ASYNCSAFE(const void *) node->value = elt; #if WITH_HASHTABLE 14

15 lib/gl_list.h: #endif gl_list_nx_add_first (gl_list_t list, const void *elt) return ((const struct gl_list_impl_base *) list)->vtable ->nx_add_first (list, elt); lib/gl_xlist.h: gl_list_add_first (gl_list_t list, const void *elt) gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) xalloc_die (); return result; lib/gl_xlist.h: gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) xalloc_die (); return result; GL_XLIST_INLINE gl_list_node_t lib/clean-temp.c: /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */ if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL) gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name)); /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR, 15

16 Analysis Trace Diagram.register_temp_subdir gl_xlist.h.gl_list_nx_add_first clean-temp.c.gl_list_add_first.gl_linked_nx_add_first gl_anylinked_list2.h <inline expression> no longer refers to dynamically allocated memory Branch not taken: (result!= NULL) return xstrdup(...) Branch taken: (gl_list_search(tmpdir->subdirs, absolute_dir_name) == NULL) gl_list_add_first(?, xstrdup(absolute_dir_name)) elt refers to dynamically allocated memory gl_list_nx_add_first(?, elt) elt refers to dynamically allocated memory gl_linked_nx_add_first(?, elt) elt refers to dynamically allocated memory Branch taken: (node == NULL) return return end scope : Memory leaked 16

17 ID Memory Leak High clean-temp.c:317 - tmpdir = xmalloc(...) clean-temp.c:317 - tmpdir refers to dynamically allocated clean-temp.c:329 - Branch taken: (path_search(xtemplate, clean-temp.c:333 - goto Analysis Trace clean-temp.c:360 - return clean-temp.c:360 - tmpdir no longer refers to dynamically clean-temp.c:360 - tmpdir end scope : Memory leaked lib/clean-temp.c: /* Initialize a 'struct tempdir'. */ tmpdir = XMALLOC (struct tempdir); tmpdir->dirname = NULL; tmpdir->cleanup_verbose = cleanup_verbose; tmpdir->subdirs = gl_list_create_empty (GL_LINKEDHASH_LIST, lib/clean-temp.c: Source /* Create the temporary directory. */ xtemplate = (char *) xmalloca (PATH_MAX); if (path_search (xtemplate, PATH_MAX, parentdir, prefix, parentdir == NULL)) error (0, errno, _("cannot find a temporary directory, try setting $TMPDIR")); lib/clean-temp.c: error (0, errno, _("cannot find a temporary directory, try setting $TMPDIR")); goto quit; block_fatal_signals (); tmpdirname = mkdtemp (xtemplate); lib/clean-temp.c: quit: freea (xtemplate); return NULL; /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that 17

18 Analysis Trace Diagram.create_temp_dir clean-temp.c tmpdir = xmalloc(...) tmpdir refers to dynamically allocated memory Branch taken: (path_search(xtemplate, 4096, parentdir, prefix, ((parentdir == goto return tmpdir no longer refers to dynamically allocated memory tmpdir end scope : Memory leaked 18

19 ID Memory Leak High gl_list.h:690 - return Analysis Trace clean-temp.c:373 - Branch taken: clean-temp.c:374 - xstrdup(...) clean-temp.c:374 - gl_list_add_first(?, gl_xlist.h:117 - elt refers to dynamically allocated gl_xlist.h:119 - gl_list_nx_add_first(?, elt) gl_list.h:688 - elt refers to dynamically allocated gl_list.h:691 - gl_linked_nx_add_first(?, elt) gl_anylinked_list2.h:596 - elt refers to dynamically gl_anylinked_list2.h:601 - Branch taken: (node == gl_anylinked_list2.h:602 - return gl_xlist.h:120 - Branch not taken: (result!= NULL) gl_xlist.h:122 - return clean-temp.c:374 - <inline expression> no longer refers to clean-temp.c:374 - end scope : Memory leaked lib/clean-temp.c: struct tempdir *tmpdir = (struct tempdir *)dir; /* Add absolute_file_name to tmpdir->files, without duplicates. */ if (gl_list_search (tmpdir->files, absolute_file_name) == NULL) gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name)); lib/clean-temp.c: /* Add absolute_file_name to tmpdir->files, without duplicates. */ if (gl_list_search (tmpdir->files, absolute_file_name) == NULL) gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name)); lib/gl_xlist.h: GL_XLIST_INLINE gl_list_node_t gl_list_add_first (gl_list_t list, const void *elt) gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) Source /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that #if GNUC > 3 ( GNUC == 3 && GNUC_MINOR >= 4) attribute (( warn_unused_result )) #endif gl_list_nx_add_first (gl_list_t list, const void *elt) return ((const struct gl_list_impl_base *) list)->vtable ->nx_add_first (list, elt); gl_list_nx_add_first (gl_list_t list, const void *elt) return ((const struct gl_list_impl_base *) list)->vtable ->nx_add_first (list, elt); GL_LIST_INLINE gl_list_node_t lib/gl_xlist.h: GL_XLIST_INLINE gl_list_node_t gl_list_add_first (gl_list_t list, const void *elt) gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) xalloc_die (); return result; lib/gl_list.h: lib/gl_list.h: lib/gl_anylinked_list2.h: static gl_list_node_t gl_linked_nx_add_first (gl_list_t list, const void *elt) gl_list_node_t node = (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); lib/gl_anylinked_list2.h: gl_list_node_t node = (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); if (node == NULL) return NULL; ASYNCSAFE(const void *) node->value = elt; lib/gl_anylinked_list2.h: (struct gl_list_node_impl *) malloc (sizeof (struct gl_list_node_impl)); if (node == NULL) return NULL; ASYNCSAFE(const void *) node->value = elt; #if WITH_HASHTABLE lib/gl_list.h:

20 #endif gl_list_nx_add_first (gl_list_t list, const void *elt) return ((const struct gl_list_impl_base *) list)->vtable ->nx_add_first (list, elt); lib/gl_xlist.h: gl_list_add_first (gl_list_t list, const void *elt) gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) xalloc_die (); return result; lib/gl_xlist.h: gl_list_node_t result = gl_list_nx_add_first (list, elt); if (result == NULL) xalloc_die (); return result; GL_XLIST_INLINE gl_list_node_t lib/clean-temp.c: /* Add absolute_file_name to tmpdir->files, without duplicates. */ if (gl_list_search (tmpdir->files, absolute_file_name) == NULL) gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name)); /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that 20

21 Analysis Trace Diagram.register_temp_file gl_xlist.h.gl_list_nx_add_first clean-temp.c.gl_list_add_first.gl_linked_nx_add_first gl_anylinked_list2.h <inline expression> no longer refers to dynamically allocated memory Branch not taken: (result!= NULL) return xstrdup(...) Branch taken: (gl_list_search(tmpdir->files, absolute_file_name) == NULL) gl_list_add_first(?, xstrdup(absolute_file_name)) elt refers to dynamically allocated memory gl_list_nx_add_first(?, elt) elt refers to dynamically allocated memory gl_linked_nx_add_first(?, elt) elt refers to dynamically allocated memory Branch taken: (node == NULL) return return end scope : Memory leaked 21

22 ID Memory Leak High Analysis Trace Source closein.c:96 - Branch taken: (fail!= 0) closein.c:101 - Branch taken: (file_name!= 0) closein.c:102 - quotearg_colon(...) quotearg.c:894 - quotearg_char(...) quotearg.c:888 - quotearg_char_mem(...) quotearg.c:882 - quotearg_n_options(...) quotearg.c:777 - Branch not taken: (nslots > n0) quotearg.c:808 - Branch taken: (size <= qsize) quotearg.c:813 - val = xcharalloc(...) xalloc.h:220 - xmalloc(...) xalloc.h:220 - return quotearg.c:813 - val refers to dynamically allocated quotearg.c:821 - return quotearg.c:882 - return quotearg.c:888 - return quotearg.c:894 - return closein.c:103 - <inline expression> no longer refers to closein.c:103 - end scope : Memory leaked lib/closein.c:93-99 if (close_stream (stdin)!= 0) fail = true; if (fail) /* Report failure, but defer exit until after closing stdout, since the failure report should still be flushed. */ lib/closein.c: /* Report failure, but defer exit until after closing stdout, since the failure report should still be flushed. */ char const *close_error = _("error closing file"); if (file_name) error (0, errno, "%s: %s", quotearg_colon (file_name), close_error); else lib/closein.c: since the failure report should still be flushed. */ char const *close_error = _("error closing file"); if (file_name) error (0, errno, "%s: %s", quotearg_colon (file_name), close_error); else error (0, errno, "%s", close_error); lib/quotearg.c: char * quotearg_colon (char const *arg) return quotearg_char (arg, ':'); char * lib/quotearg.c: char * quotearg_char (char const *arg, char ch) return quotearg_char_mem (arg, SIZE_MAX, ch); char * lib/quotearg.c: struct quoting_options options; options = default_quoting_options; set_char_quoting (&options, ch, 1); return quotearg_n_options (0, arg, argsize, &options); char * lib/quotearg.c: if (n < 0) abort (); if (nslots <= n0) /* FIXME: technically, the type of n1 should be 'unsigned int', but that evokes an unsuppressible warning from gcc and lib/quotearg.c: if (size <= qsize) sv[n].size = size = qsize + 1; if (val!= slot0) lib/quotearg.c: sv[n].size = size = qsize + 1; if (val!= slot0) free (val); sv[n].val = val = xcharalloc (size); quotearg_buffer_restyled (val, size, arg, argsize, options->style, flags, options->quote_these_too, options->left_quote, lib/xalloc.h: options->left_quote, options->right_quote); 22

23 XALLOC_INLINE char * xcharalloc (size_t n) return XNMALLOC (n, char); #ifdef cplusplus lib/quotearg.c: sv[n].size = size = qsize + 1; if (val!= slot0) free (val); sv[n].val = val = xcharalloc (size); quotearg_buffer_restyled (val, size, arg, argsize, options->style, flags, options->quote_these_too, options->left_quote, lib/quotearg.c: errno = e; return val; struct quoting_options options; options = default_quoting_options; set_char_quoting (&options, ch, 1); return quotearg_n_options (0, arg, argsize, &options); char * char * quotearg_char (char const *arg, char ch) return quotearg_char_mem (arg, SIZE_MAX, ch); lib/quotearg.c: lib/quotearg.c: char * lib/quotearg.c: char * quotearg_colon (char const *arg) return quotearg_char (arg, ':'); char * lib/closein.c: char const *close_error = _("error closing file"); if (file_name) error (0, errno, "%s: %s", quotearg_colon (file_name), close_error); else error (0, errno, "%s", close_error); 23

24 Analysis Trace Diagram.close_stdin.quotearg_colon.quotearg_char.quotearg_char_mem.quotearg_n_options closein.c quotearg.c.xcharalloc <inline expression> no longer refers to dynamically allocated memory return return return val refers to dynamically allocated memory Branch taken: (fail!= 0) Branch taken: (file_name!= 0) quotearg_colon(...) quotearg_char(...) quotearg_char_mem(...) quotearg_n_options(...) Branch not taken: (nslots > n0) Branch taken: (size <= qsize) val = xcharalloc(...) xmalloc(...) return return end scope : Memory leaked 24

25 ID Memory Leak High Analysis Trace Source closeout.c:109 - Branch taken: (close_stream(stdout)!= 0) closeout.c:110 - Branch taken: (ignore_epipe == 0) closeout.c:113 - Branch taken: (file_name!= 0) closeout.c:114 - quotearg_colon(...) quotearg.c:894 - quotearg_char(...) quotearg.c:888 - quotearg_char_mem(...) quotearg.c:882 - quotearg_n_options(...) quotearg.c:777 - Branch not taken: (nslots > n0) quotearg.c:808 - Branch taken: (size <= qsize) quotearg.c:813 - val = xcharalloc(...) xalloc.h:220 - xmalloc(...) xalloc.h:220 - return quotearg.c:813 - val refers to dynamically allocated quotearg.c:821 - return quotearg.c:882 - return quotearg.c:888 - return quotearg.c:894 - return closeout.c:115 - <inline expression> no longer refers to closeout.c:115 - end scope : Memory leaked lib/closeout.c: void close_stdout (void) if (close_stream (stdout)!= 0 &&!(ignore_epipe && errno == EPIPE)) char const *write_error = _("write error"); lib/closeout.c: close_stdout (void) if (close_stream (stdout)!= 0 &&!(ignore_epipe && errno == EPIPE)) char const *write_error = _("write error"); if (file_name) lib/closeout.c: &&!(ignore_epipe && errno == EPIPE)) char const *write_error = _("write error"); if (file_name) error (0, errno, "%s: %s", quotearg_colon (file_name), write_error); else lib/closeout.c: char const *write_error = _("write error"); if (file_name) error (0, errno, "%s: %s", quotearg_colon (file_name), write_error); else error (0, errno, "%s", write_error); lib/quotearg.c: char * quotearg_colon (char const *arg) return quotearg_char (arg, ':'); char * lib/quotearg.c: char * quotearg_char (char const *arg, char ch) return quotearg_char_mem (arg, SIZE_MAX, ch); char * lib/quotearg.c: struct quoting_options options; options = default_quoting_options; set_char_quoting (&options, ch, 1); return quotearg_n_options (0, arg, argsize, &options); char * lib/quotearg.c: if (n < 0) abort (); if (nslots <= n0) /* FIXME: technically, the type of n1 should be 'unsigned int', but that evokes an unsuppressible warning from gcc and lib/quotearg.c: if (size <= qsize) sv[n].size = size = qsize + 1; if (val!= slot0) lib/quotearg.c: options->left_quote, options->right_quote); 25

26 sv[n].size = size = qsize + 1; if (val!= slot0) free (val); sv[n].val = val = xcharalloc (size); quotearg_buffer_restyled (val, size, arg, argsize, options->style, flags, options->quote_these_too, options->left_quote, XALLOC_INLINE char * xcharalloc (size_t n) return XNMALLOC (n, char); lib/xalloc.h: #ifdef cplusplus lib/quotearg.c: sv[n].size = size = qsize + 1; if (val!= slot0) free (val); sv[n].val = val = xcharalloc (size); quotearg_buffer_restyled (val, size, arg, argsize, options->style, flags, options->quote_these_too, options->left_quote, lib/quotearg.c: errno = e; return val; lib/quotearg.c: struct quoting_options options; options = default_quoting_options; set_char_quoting (&options, ch, 1); return quotearg_n_options (0, arg, argsize, &options); char * lib/quotearg.c: char * quotearg_char (char const *arg, char ch) return quotearg_char_mem (arg, SIZE_MAX, ch); char * lib/quotearg.c: char * quotearg_colon (char const *arg) return quotearg_char (arg, ':'); char * lib/closeout.c: char const *write_error = _("write error"); if (file_name) error (0, errno, "%s: %s", quotearg_colon (file_name), write_error); else error (0, errno, "%s", write_error); 26

27 Analysis Trace Diagram.close_stdout.quotearg_colon.quotearg_char.quotearg_char_mem.quotearg_n_options closeout.c quotearg.c.xcharalloc <inline expression> no longer refers to dynamically allocated memory return return return val refers to dynamically allocated memory Branch taken: (close_stream(stdout)!= 0) Branch taken: (ignore_epipe == 0) Branch taken: (file_name!= 0) quotearg_colon(...) quotearg_char(...) quotearg_char_mem(...) quotearg_n_options(...) Branch not taken: (nslots > n0) Branch taken: (size <= qsize) val = xcharalloc(...) xmalloc(...) return return end scope : Memory leaked 27

28 ID Memory Leak High Analysis Trace gl_anytree_oset.h:145 - Branch taken: (node == NULL) gl_anytree_oset.h:147 - gl_tree_nx_add_first(...) gl_avltree_oset.c:310 - new_node = malloc(...) gl_avltree_oset.c:310 - new_node refers to dynamically gl_avltree_oset.c:313 - Branch not taken: (new_node!= gl_avltree_oset.c:322 - Branch not taken: (set->root!= gl_avltree_oset.c:334 - new_node refers to dynamically gl_avltree_oset.c:341 - new_node no longer refers to gl_avltree_oset.c:344 - return gl_anytree_oset.h:147 - Branch not taken: gl_anytree_oset.h:148 - <inline expression> no longer gl_anytree_oset.h:148 - end scope : Memory leaked lib/gl_anytree_oset.h: gl_setelement_compar_fn compar; gl_oset_node_t node = set->root; if (node == NULL) if (gl_tree_nx_add_first (set, elt) == NULL) return -1; lib/gl_anytree_oset.h: if (node == NULL) if (gl_tree_nx_add_first (set, elt) == NULL) return -1; return true; lib/gl_avltree_oset.c: gl_tree_nx_add_first (gl_oset_t set, const void *elt) /* Create new node. */ gl_oset_node_t new_node = (struct gl_oset_node_impl *) malloc (sizeof (struct gl_oset_node_impl)); if (new_node == NULL) Source lib/gl_avltree_oset.c: gl_oset_node_t new_node = (struct gl_oset_node_impl *) malloc (sizeof (struct gl_oset_node_impl)); if (new_node == NULL) return NULL; new_node->left = NULL; lib/gl_avltree_oset.c: new_node->value = elt; /* Add it to the tree. */ if (set->root == NULL) set->root = new_node; new_node->parent = NULL; lib/gl_avltree_oset.c: for (node = set->root; node->left!= NULL; ) node = node->left; node->left = new_node; new_node->parent = node; node->balance--; lib/gl_avltree_oset.c: /* Rebalance. */ if (node->right == NULL && node->parent!= NULL) rebalance (set, node, 1, node->parent); set->count++; return new_node; lib/gl_avltree_oset.c: set->count++; return new_node; static gl_oset_node_t lib/gl_anytree_oset.h: if (node == NULL) if (gl_tree_nx_add_first (set, elt) == NULL) return -1; return true; lib/gl_anytree_oset.h:

29 if (node == NULL) if (gl_tree_nx_add_first (set, elt) == NULL) return -1; return true; 29

30 Analysis Trace Diagram gl_anytree_oset.h.gl_tree_nx_add.gl_tree_nx_add_first gl_avltree_oset.c Branch not taken: (gl_tree_nx_add_first(set, elt)!= NULL) Branch taken: (node == NULL) gl_tree_nx_add_first(...) new_node = malloc(...) new_node refers to dynamically allocated memory Branch not taken: (new_node!= NULL) Branch not taken: (set->root!= NULL) new_node refers to dynamically allocated memory new_node no longer refers to dynamically allocated memory return <inline expression> no longer refers to dynamically allocated memory end scope : Memory leaked 30

31 ID Memory Leak High localcharset.c:128 - Branch taken: (cp == NULL) localcharset.c:156 - Branch not taken: (file_name!= NULL) localcharset.c:172 - Branch not taken: (fd >= 0) localcharset.c:180 - Branch not taken: (fp!= NULL) localcharset.c:201 - Branch not taken: (c!= -1) localcharset.c:203 - Branch not taken: (c!= 10) localcharset.c:203 - Branch not taken: (c!= 32) localcharset.c:203 - Branch not taken: (c!= 9) localcharset.c:205 - Branch not taken: (c!= 35) localcharset.c:216 - Branch not taken: (fscanf(fp, "%50s localcharset.c:221 - Branch taken: (res_size == 0) localcharset.c:224 - res_ptr = malloc(...) localcharset.c:224 - res_ptr refers to dynamically localcharset.c:231 - Branch not taken: (res_ptr!= NULL) localcharset.c:201 - Branch taken: (c == -1) localcharset.c:202 - goto Analysis Trace localcharset.c:242 - Branch taken: (res_size == 0) localcharset.c:249 - res_ptr no longer refers to localcharset.c:249 - res_ptr end scope : Memory leaked lib/localcharset.c: const char *cp; lib/localcharset.c: if (file_name == NULL) /* Out of memory. Treat the file as empty. */ cp = ""; else lib/localcharset.c: lib/localcharset.c: FILE *fp; fp = fdopen (fd, "r"); if (fp == NULL) /* Out of memory. Treat the file as empty. */ close (fd); Source cp = charset_aliases; if (cp == NULL) #if!(defined DARWIN7 defined VMS defined WINDOWS_NATIVE defined CYGWIN ) const char *dir; CHARSETALIASDIR to point to that directory. */ fd = open (file_name, O_RDONLY (HAVE_WORKING_O_NOFOLLOW? O_NOFOLLOW : 0)); if (fd < 0) /* File not found. Treat it as empty. */ cp = ""; else lib/localcharset.c: char *old_res_ptr; c = getc (fp); if (c == EOF) break; if (c == '\n' c == ' ' c == '\t') continue; lib/localcharset.c: c = getc (fp); if (c == EOF) break; if (c == '\n' c == ' ' c == '\t') continue; if (c == '#') lib/localcharset.c: break; if (c == '\n' c == ' ' c == '\t') continue; if (c == '#') /* Skip comment, to end of line. */ do lib/localcharset.c: continue; ungetc (c, fp); if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) break; l1 = strlen (buf1); l2 = strlen (buf2); lib/localcharset.c: l1 = strlen (buf1); l2 = strlen (buf2); old_res_ptr = res_ptr; if (res_size == 0) res_size = l l2 + 1; res_ptr = (char *) malloc (res_size + 1); lib/localcharset.c:

32 if (res_size == 0) res_size = l l2 + 1; res_ptr = (char *) malloc (res_size + 1); else lib/localcharset.c: res_size += l l2 + 1; res_ptr = (char *) realloc (res_ptr, res_size + 1); if (res_ptr == NULL) /* Out of memory. */ res_size = 0; lib/localcharset.c: char *old_res_ptr; c = getc (fp); if (c == EOF) break; if (c == '\n' c == ' ' c == '\t') continue; lib/localcharset.c: c = getc (fp); if (c == EOF) break; if (c == '\n' c == ' ' c == '\t') continue; if (c == '#') lib/localcharset.c: strcpy (res_ptr + res_size - (l2 + 1), buf2); fclose (fp); if (res_size == 0) cp = ""; else lib/localcharset.c: *(res_ptr + res_size) = '\0'; cp = res_ptr; free (file_name); 32

33 Analysis Trace Diagram localcharset.c.get_charset_aliases Branch taken: (cp == NULL) Branch not taken: (file_name!= NULL) Branch not taken: (fd >= 0) Branch not taken: (fp!= NULL) Branch not taken: (c!= -1) Branch not taken: (c!= 10) Branch not taken: (c!= 32) Branch not taken: (c!= 9) Branch not taken: (c!= 35) Branch not taken: (fscanf(fp, "%50s %50s", buf1, buf2) >= 2) Branch taken: (res_size == 0) res_ptr = malloc(...) res_ptr refers to dynamically allocated memory Branch not taken: (res_ptr!= NULL) Branch taken: (c == -1) goto Branch taken: (res_size == 0) res_ptr no longer refers to dynamically allocated memory res_ptr end scope : Memory leaked 33

34 ID Null Dereference High Analysis Trace vasnprintf.c: Assigned null : result vasnprintf.c: Branch not taken: (cp == dp->dir_start) vasnprintf.c: Branch not taken: (i!= d.count) vasnprintf.c: Branch not taken: (dp->arg_index!= vasnprintf.c: Branch not taken: (dp->conversion!= vasnprintf.c: Branch taken: (dp->conversion == 102) vasnprintf.c: Branch not taken: vasnprintf.c: Branch not taken: vasnprintf.c: Branch not taken: (xsum(length, 2) <= vasnprintf.c: Dereferenced : result lib/vasnprintf.c: else result = NULL; allocated = 0; length = 0; lib/vasnprintf.c: for (cp = format, i = 0, dp = &d.dir[0]; ; cp = dp->dir_end, i++, dp++) if (cp!= dp->dir_start) size_t n = dp->dir_start - cp; size_t augmented_length = xsum (length, n); lib/vasnprintf.c: while (--n > 0); if (i == d.count) break; /* Execute a single directive. */ Source lib/vasnprintf.c: else if (!(dp->arg_index!= ARG_NONE)) abort (); if (dp->conversion == 'n') lib/vasnprintf.c: if (!(dp->arg_index!= ARG_NONE)) abort (); if (dp->conversion == 'n') switch (a.arg[dp->arg_index].type) lib/vasnprintf.c: #endif #if (NEED_PRINTF_INFINITE_DOUBLE NEED_PRINTF_DOUBLE NEED_PRINTF_INFINITE_LONG_DOUBLE NEED_PRINTF_LONG_DOUBLE) &&!defined IN_LIBINTL else if ((dp->conversion == 'f' dp->conversion == 'F' dp->conversion == 'e' dp->conversion == 'E' dp->conversion == 'g' dp->conversion == 'G' lib/vasnprintf.c: /* Construct the arguments for calling snprintf or sprintf. */ prefix_count = 0; if (!pad_ourselves && dp->width_arg_index!= ARG_NONE) if (!(a.arg[dp->width_arg_index].type == TYPE_INT)) abort (); lib/vasnprintf.c: abort (); prefixes[prefix_count++] = a.arg[dp->width_arg_index].a.a_int; if (!prec_ourselves && dp->precision_arg_index!= ARG_NONE) if (!(a.arg[dp->precision_arg_index].type == TYPE_INT)) abort (); lib/vasnprintf.c: # define TCHARS_PER_DCHAR (sizeof (DCHAR_T) / sizeof (TCHAR_T)) /* Ensure that maxlen below will be >= 2. Needed on BeOS, where an snprintf() with maxlen==1 acts like sprintf(). */ ENSURE_ALLOCATION (xsum (length, (2 + TCHARS_PER_DCHAR - 1) / TCHARS_PER_DCHAR)); /* Prepare checking whether snprintf returns the count lib/vasnprintf.c:

35 / TCHARS_PER_DCHAR)); /* Prepare checking whether snprintf returns the count via %n. */ *(TCHAR_T *) (result + length) = '\0'; #endif orig_errno = errno; 35

36 Analysis Trace Diagram.vasnprintf vasnprintf.c Assigned null : result Branch not taken: (cp == dp->dir_start) Branch not taken: (i!= d.count) Branch not taken: (dp->arg_index!= ) Branch not taken: (dp->conversion!= 110) Branch taken: (dp->conversion == 102) Branch not taken: (dp->width_arg_index == ) Branch not taken: (dp->precision_arg_index == Branch not taken: (xsum(length, 2) <= allocated) Dereferenced : result 36

37 ID Null Dereference High Analysis Trace Source vasnprintf.c: Assigned null : result vasnprintf.c: Branch not taken: (cp == dp->dir_start) vasnprintf.c: goto vasnprintf.c: Branch not taken: (xsum(length, 1) <= vasnprintf.c: Dereferenced : result lib/vasnprintf.c: else result = NULL; allocated = 0; length = 0; lib/vasnprintf.c: for (cp = format, i = 0, dp = &d.dir[0]; ; cp = dp->dir_end, i++, dp++) if (cp!= dp->dir_start) lib/vasnprintf.c: if (i == d.count) break; /* Execute a single directive. */ if (dp->conversion == '%') lib/vasnprintf.c: size_t n = dp->dir_start - cp; size_t augmented_length = xsum (length, n); /* Add the final NUL. */ ENSURE_ALLOCATION (xsum (length, 1)); result[length] = '\0'; if (result!= resultbuf && length + 1 < allocated) lib/vasnprintf.c: /* Add the final NUL. */ ENSURE_ALLOCATION (xsum (length, 1)); result[length] = '\0'; if (result!= resultbuf && length + 1 < allocated) 37

38 Analysis Trace Diagram.vasnprintf vasnprintf.c Assigned null : result Branch not taken: (cp == dp->dir_start) goto Branch not taken: (xsum(length, 1) <= allocated) Dereferenced : result 38

39 ID Null Dereference High Analysis Trace vasnprintf.c: Assigned null : result vasnprintf.c: Branch not taken: (cp == dp->dir_start) vasnprintf.c: Branch not taken: (i!= d.count) vasnprintf.c: Branch taken: (dp->conversion == 37) vasnprintf.c: Branch not taken: (dp->arg_index == vasnprintf.c: Branch not taken: (augmented_length vasnprintf.c: Dereferenced : result lib/vasnprintf.c: else result = NULL; allocated = 0; length = 0; lib/vasnprintf.c: for (cp = format, i = 0, dp = &d.dir[0]; ; cp = dp->dir_end, i++, dp++) if (cp!= dp->dir_start) Source size_t n = dp->dir_start - cp; size_t augmented_length = xsum (length, n); lib/vasnprintf.c: while (--n > 0); if (i == d.count) break; /* Execute a single directive. */ lib/vasnprintf.c: break; /* Execute a single directive. */ if (dp->conversion == '%') size_t augmented_length; lib/vasnprintf.c: size_t augmented_length; if (!(dp->arg_index == ARG_NONE)) abort (); augmented_length = xsum (length, 1); ENSURE_ALLOCATION (augmented_length); lib/vasnprintf.c: if (!(dp->arg_index == ARG_NONE)) abort (); augmented_length = xsum (length, 1); ENSURE_ALLOCATION (augmented_length); result[length] = '%'; length = augmented_length; lib/vasnprintf.c: abort (); augmented_length = xsum (length, 1); ENSURE_ALLOCATION (augmented_length); result[length] = '%'; length = augmented_length; else 39

40 Analysis Trace Diagram.vasnprintf vasnprintf.c Assigned null : result Branch not taken: (cp == dp->dir_start) Branch not taken: (i!= d.count) Branch taken: (dp->conversion == 37) Branch not taken: (dp->arg_index == ) Branch not taken: (augmented_length <= allocated) Dereferenced : result 40

41 ID Unreleased Resource High Analysis Trace Source builtin.c: Branch not taken: (bad_argc((*argv)[0], builtin.c: fp = m4_path_search(...) path.c:148 - Branch not taken: (*file!= 0) path.c:155 - fp = m4_fopen(...) path.c:113 - fp = fopen_safer(...) fopen-safer.c:33 - fp = fopen(...) fopen-safer.c:35 - Branch taken: (fp!= 0) fopen-safer.c:39 - Branch not taken: (0 > fd) fopen-safer.c:62 - return path.c:114 - Branch taken: (fp!= 0) path.c:118 - Branch not taken: (fstat(fd, (&st))!= 0) path.c:128 - return path.c:156 - Branch taken: (fp!= NULL) path.c:160 - return builtin.c: Branch not taken: (fp!= NULL) builtin.c: fp no longer refers to an open file builtin.c: fp end scope : File descriptor leaked src/builtin.c: FILE *fp; char *name; if (bad_argc (argv[0], argc, 2, 2)) return; fp = m4_path_search (ARG (1), &name); src/builtin.c: if (bad_argc (argv[0], argc, 2, 2)) return; fp = m4_path_search (ARG (1), &name); if (fp == NULL) if (!silent) src/path.c: *result = NULL; /* Reject empty file. */ if (!*file) errno = ENOENT; return NULL; src/path.c: /* Look in current working directory first. */ fp = m4_fopen (file); if (fp!= NULL) if (result) src/path.c: static FILE * m4_fopen (const char *file) FILE *fp = fopen (file, "r"); if (fp) struct stat st; lib/fopen-safer.c:30-36 FILE * fopen_safer (char const *file, char const *mode) FILE *fp = fopen (file, mode); if (fp) lib/fopen-safer.c:32-38 FILE *fp = fopen (file, mode); if (fp) int fd = fileno (fp); lib/fopen-safer.c:36-42 int fd = fileno (fp); if (0 <= fd && fd <= STDERR_FILENO) int f = dup_safer (fd); lib/fopen-safer.c:59-65 return fp; src/path.c:

42 m4_fopen (const char *file) FILE *fp = fopen (file, "r"); if (fp) struct stat st; int fd = fileno (fp); src/path.c: struct stat st; int fd = fileno (fp); if (fstat (fd, &st) == 0 && S_ISDIR (st.st_mode)) fclose (fp); errno = EISDIR; src/path.c: M4ERROR ((warning_status, errno, "Warning: cannot protect input file across forks")); return fp; /* Search for FILE, first in `.', then according to -I options. If src/path.c: /* Look in current working directory first. */ fp = m4_fopen (file); if (fp!= NULL) if (result) *result = xstrdup (file); src/path.c: if (result) *result = xstrdup (file); return fp; /* If file not found, and filename absolute, fail. */ src/builtin.c: return; fp = m4_path_search (ARG (1), &name); if (fp == NULL) if (!silent) src/builtin.c: push_file (fp, name, true); free (name); /* Include a file, complaining in case of errors. 42

43 Analysis Trace Diagram builtin.c path.c.include.m4_path_search.m4_fopen.fopen_safer fopen-safer.c Branch not taken: (fp!= NULL) Branch taken: (fp!= NULL) Branch taken: (fp!= 0) Branch not taken: (bad_argc((*argv)[0], argc, 2, 2) == 0) fp = m4_path_search(...) Branch not taken: (*file!= 0) fp = m4_fopen(...) fp = fopen_safer(...) fp = fopen(...) Branch taken: (fp!= 0) Branch not taken: (0 > fd) return Branch not taken: (fstat(fd, (&st))!= 0) return return fp no longer refers to an open file descriptor fp end scope : File descriptor leaked 43

44 ID Unreleased Resource High Analysis Trace Source m4.c:327 - Branch not taken: (strcmp(name, "-")!= 0) m4.c:338 - fp = m4_path_search(...) path.c:148 - Branch not taken: (*file!= 0) path.c:155 - fp = m4_fopen(...) path.c:113 - fp = fopen_safer(...) fopen-safer.c:33 - fp = fopen(...) fopen-safer.c:35 - Branch taken: (fp!= 0) fopen-safer.c:39 - Branch not taken: (0 > fd) fopen-safer.c:62 - return path.c:114 - Branch taken: (fp!= 0) path.c:118 - Branch not taken: (fstat(fd, (&st))!= 0) path.c:128 - return path.c:156 - Branch taken: (fp!= NULL) path.c:160 - return m4.c:339 - Branch not taken: (fp!= NULL) m4.c:349 - fp no longer refers to an open file descriptor m4.c:349 - fp end scope : File descriptor leaked src/m4.c: static void process_file (const char *name) if (STREQ (name, "-")) /* If stdin is a terminal, we want to allow 'm4 - file -' to read input from stdin twice, like GNU cat. Besides, src/m4.c: else char *full_name; FILE *fp = m4_path_search (name, &full_name); if (fp == NULL) error (0, errno, _("cannot open `%s'"), name); src/path.c: *result = NULL; /* Reject empty file. */ if (!*file) errno = ENOENT; return NULL; src/path.c: /* Look in current working directory first. */ fp = m4_fopen (file); if (fp!= NULL) if (result) src/path.c: static FILE * m4_fopen (const char *file) FILE *fp = fopen (file, "r"); if (fp) struct stat st; lib/fopen-safer.c:30-36 FILE * fopen_safer (char const *file, char const *mode) FILE *fp = fopen (file, mode); if (fp) lib/fopen-safer.c:32-38 FILE *fp = fopen (file, mode); if (fp) int fd = fileno (fp); lib/fopen-safer.c:36-42 int fd = fileno (fp); if (0 <= fd && fd <= STDERR_FILENO) int f = dup_safer (fd); lib/fopen-safer.c:59-65 return fp; src/path.c:

45 m4_fopen (const char *file) FILE *fp = fopen (file, "r"); if (fp) struct stat st; int fd = fileno (fp); src/path.c: struct stat st; int fd = fileno (fp); if (fstat (fd, &st) == 0 && S_ISDIR (st.st_mode)) fclose (fp); errno = EISDIR; src/path.c: M4ERROR ((warning_status, errno, "Warning: cannot protect input file across forks")); return fp; /* Search for FILE, first in `.', then according to -I options. If src/path.c: /* Look in current working directory first. */ fp = m4_fopen (file); if (fp!= NULL) if (result) *result = xstrdup (file); src/path.c: if (result) *result = xstrdup (file); return fp; /* If file not found, and filename absolute, fail. */ src/m4.c: char *full_name; FILE *fp = m4_path_search (name, &full_name); if (fp == NULL) error (0, errno, _("cannot open `%s'"), name); /* Set the status to EXIT_FAILURE, even though we src/m4.c: push_file (fp, full_name, true); free (full_name); expand_input (); 45

46 Analysis Trace Diagram m4.c path.c.process_file.m4_path_search.m4_fopen.fopen_safer fopen-safer.c Branch not taken: (fp!= NULL) Branch taken: (fp!= NULL) Branch taken: (fp!= 0) Branch not taken: (strcmp(name, "-")!= 0) fp = m4_path_search(...) Branch not taken: (*file!= 0) fp = m4_fopen(...) fp = fopen_safer(...) fp = fopen(...) Branch taken: (fp!= 0) Branch not taken: (0 > fd) return Branch not taken: (fstat(fd, (&st))!= 0) return return fp no longer refers to an open file descriptor fp end scope : File descriptor leaked 46

47 ID Use After Free High Analysis Trace Source clean-temp.c:506 - Branch taken: clean-temp.c:511 - gl_list_remove_node(?, node) gl_list.h:738 - gl_linked_remove_node(?, node) gl_anylinked_list2.h:832 - free(node) gl_anylinked_list2.h:832 - Pointer node refers to a gl_anylinked_list2.h:833 - return gl_list.h:737 - return clean-temp.c:506 - Branch not taken: clean-temp.c:520 - Branch taken: clean-temp.c:525 - gl_list_remove_node(..., node) : lib/clean-temp.c: /* First cleanup the files in the subdirectories. */ list = tmpdir->files; iter = gl_list_iterator (list); while (gl_list_iterator_next (&iter, &element, &node)) char *file = (char *) element; lib/clean-temp.c: char *file = (char *) element; err = do_unlink (dir, file); gl_list_remove_node (list, node); /* Now only we can free file. */ free (file); lib/gl_list.h: gl_list_remove_node (gl_list_t list, gl_list_node_t node) return ((const struct gl_list_impl_base *) list)->vtable ->remove_node (list, node); GL_LIST_INLINE bool lib/gl_anylinked_list2.h: if (list->base.dispose_fn!= NULL) list->base.dispose_fn (node->value); free (node); return true; lib/gl_anylinked_list2.h: if (list->base.dispose_fn!= NULL) list->base.dispose_fn (node->value); free (node); return true; static bool lib/gl_list.h: GL_LIST_INLINE bool gl_list_remove_node (gl_list_t list, gl_list_node_t node) return ((const struct gl_list_impl_base *) list)->vtable ->remove_node (list, node); lib/clean-temp.c: /* First cleanup the files in the subdirectories. */ list = tmpdir->files; iter = gl_list_iterator (list); while (gl_list_iterator_next (&iter, &element, &node)) char *file = (char *) element; lib/clean-temp.c: /* Then cleanup the subdirectories. */ list = tmpdir->subdirs; iter = gl_list_iterator (list); while (gl_list_iterator_next (&iter, &element, &node)) char *subdir = (char *) element; lib/clean-temp.c: char *subdir = (char *) element; err = do_rmdir (dir, subdir); gl_list_remove_node (list, node); /* Now only we can free subdir. */ free (subdir); 47

48 Analysis Trace Diagram clean-temp.c.cleanup_temp_dir_contents.gl_list_remove_node.gl_linked_remove_node Branch taken: (gl_list_iterator_next((&iter), (&element), gl_list_remove_node(?, node) gl_linked_remove_node(?, node) free(node) Pointer node refers to a freed memory allocation return return Branch not taken: (gl_list_iterator_next((&iter), (&element), Branch taken: (gl_list_iterator_next((&iter), (&element), gl_list_remove_node(..., node) : Pointer node used after it was previously freed 48

49 ID Use After Free High Analysis Trace Source clean-temp.c:506 - Branch taken: clean-temp.c:511 - gl_list_remove_node(?, node) gl_list.h:738 - gl_linked_remove_node(?, node) gl_anylinked_list2.h:832 - free(node) gl_anylinked_list2.h:832 - Pointer node refers to a gl_anylinked_list2.h:833 - return gl_list.h:737 - return clean-temp.c:506 - Branch taken: clean-temp.c:511 - gl_list_remove_node(..., node) : lib/clean-temp.c: /* First cleanup the files in the subdirectories. */ list = tmpdir->files; iter = gl_list_iterator (list); while (gl_list_iterator_next (&iter, &element, &node)) char *file = (char *) element; lib/clean-temp.c: char *file = (char *) element; err = do_unlink (dir, file); gl_list_remove_node (list, node); /* Now only we can free file. */ free (file); lib/gl_list.h: gl_list_remove_node (gl_list_t list, gl_list_node_t node) return ((const struct gl_list_impl_base *) list)->vtable ->remove_node (list, node); GL_LIST_INLINE bool lib/gl_anylinked_list2.h: if (list->base.dispose_fn!= NULL) list->base.dispose_fn (node->value); free (node); return true; lib/gl_anylinked_list2.h: if (list->base.dispose_fn!= NULL) list->base.dispose_fn (node->value); free (node); return true; static bool lib/gl_list.h: GL_LIST_INLINE bool gl_list_remove_node (gl_list_t list, gl_list_node_t node) return ((const struct gl_list_impl_base *) list)->vtable ->remove_node (list, node); lib/clean-temp.c: /* First cleanup the files in the subdirectories. */ list = tmpdir->files; iter = gl_list_iterator (list); while (gl_list_iterator_next (&iter, &element, &node)) char *file = (char *) element; lib/clean-temp.c: char *file = (char *) element; err = do_unlink (dir, file); gl_list_remove_node (list, node); /* Now only we can free file. */ free (file); 49

50 Analysis Trace Diagram clean-temp.c.cleanup_temp_dir_contents.gl_list_remove_node.gl_linked_remove_node Branch taken: (gl_list_iterator_next((&iter), (&element), gl_list_remove_node(?, node) gl_linked_remove_node(?, node) free(node) Pointer node refers to a freed memory allocation return return Branch taken: (gl_list_iterator_next((&iter), (&element), gl_list_remove_node(..., node) : Pointer node used after it was previously freed 50

51 Static File Listing The static file listing displays all files scanned by the SCA scanner. Filename /m /.prev-version 8 /m /.tarball-version 8 /m /.version 8 /m /acinclude.m4 888 /m /aclocal.m /m /authors 2490 /m /backlog 2644 /m /bootstrap /m /build-aux/announce-gen /m /build-aux/compile 7680 /m /build-aux/config.guess /m /build-aux/config.rpath /m /build-aux/config.sub /m /build-aux/depcomp /m /build-aux/gendocs.sh /m /build-aux/git-version-gen 8237 /m /build-aux/gnu-web-doc-update 5583 /m /build-aux/gnupload /m /build-aux/install-sh /m /build-aux/mdate-sh 6271 /m /build-aux/missing 7088 /m /build-aux/snippet/_noreturn.h 316 /m /build-aux/snippet/arg-nonnull.h 1242 /m /build-aux/snippet/c++defs.h /m /build-aux/snippet/unused-parameter.h 1606 /m /build-aux/snippet/warn-on-use.h 5236 /m /build-aux/test-driver 4104 /m /build-aux/texinfo.tex /m /build-aux/update-copyright 9763 /m /build-aux/useless-if-before-free 6427 /m /build-aux/vc-list-files 3924 /m /c-boxes.el /m /cfg.mk 1936 /m /changelog Size (bytes) 51

52 /m /checks/001.preprocess 900 /m /checks/002.debugging_ 554 /m /checks/003.command_li 454 /m /checks/004.command_li 480 /m /checks/005.command_li 805 /m /checks/006.command_li 853 /m /checks/007.command_li 660 /m /checks/008.comments 539 /m /checks/009.comments 668 /m /checks/010.input_proc 630 /m /checks/011.input_proc 589 /m /checks/012.inhibiting 435 /m /checks/013.inhibiting 505 /m /checks/014.inhibiting 507 /m /checks/015.inhibiting 433 /m /checks/016.inhibiting 531 /m /checks/017.inhibiting 533 /m /checks/018.inhibiting 494 /m /checks/019.inhibiting 491 /m /checks/020.macro_argu 906 /m /checks/021.macro_argu 639 /m /checks/022.macro_argu 493 /m /checks/023.macro_argu 472 /m /checks/024.macro_argu 492 /m /checks/025.quoting_ar 598 /m /checks/026.macro_expa 430 /m /checks/027.macro_expa 493 /m /checks/028.define 461 /m /checks/029.define 472 /m /checks/030.define 747 /m /checks/031.arguments 471 /m /checks/032.arguments 520 /m /checks/033.arguments 471 /m /checks/034.arguments 475 /m /checks/035.arguments 617 /m /checks/036.arguments 648 /m /checks/037.pseudo_arg 740 /m /checks/038.pseudo_arg 523 /m /checks/039.pseudo_arg 489 /m /checks/040.pseudo_arg

53 /m /checks/041.pseudo_arg 697 /m /checks/042.pseudo_arg 622 /m /checks/043.pseudo_arg 1318 /m /checks/044.pseudo_arg 463 /m /checks/045.pseudo_arg 978 /m /checks/046.undefine 706 /m /checks/047.undefine 522 /m /checks/048.defn 508 /m /checks/049.defn 503 /m /checks/050.defn 557 /m /checks/051.defn 571 /m /checks/052.defn 581 /m /checks/053.defn 616 /m /checks/054.defn 1003 /m /checks/055.pushdef 839 /m /checks/056.pushdef 699 /m /checks/057.indir 585 /m /checks/058.indir 586 /m /checks/059.indir 814 /m /checks/060.builtin 813 /m /checks/061.builtin 643 /m /checks/062.builtin 883 /m /checks/063.builtin 431 /m /checks/064.builtin 720 /m /checks/065.ifdef 745 /m /checks/066.ifelse 532 /m /checks/067.ifelse 627 /m /checks/068.ifelse 560 /m /checks/069.ifelse 840 /m /checks/070.ifelse 2235 /m /checks/071.shift 489 /m /checks/072.shift 656 /m /checks/073.shift 1510 /m /checks/074.shift 922 /m /checks/075.shift 1200 /m /checks/076.shift 902 /m /checks/077.shift 936 /m /checks/078.shift 643 /m /checks/079.forloop 482 /m /checks/080.forloop

54 /m /checks/081.forloop 718 /m /checks/082.foreach 743 /m /checks/083.foreach 807 /m /checks/084.foreach 818 /m /checks/085.foreach 757 /m /checks/086.foreach 862 /m /checks/087.foreach 611 /m /checks/088.stacks 691 /m /checks/089.stacks 1288 /m /checks/090.compositio 938 /m /checks/091.compositio 777 /m /checks/092.compositio 698 /m /checks/093.compositio 866 /m /checks/094.dumpdef 557 /m /checks/095.dumpdef 601 /m /checks/096.trace 717 /m /checks/097.trace 749 /m /checks/098.trace 899 /m /checks/099.trace 917 /m /checks/100.trace 679 /m /checks/101.debug_leve 711 /m /checks/102.debug_leve 715 /m /checks/103.debug_leve 677 /m /checks/104.debug_outp 808 /m /checks/105.dnl 476 /m /checks/106.dnl 664 /m /checks/107.dnl 563 /m /checks/108.changequot 497 /m /checks/109.changequot 498 /m /checks/110.changequot 521 /m /checks/111.changequot 595 /m /checks/112.changequot 784 /m /checks/113.changequot 764 /m /checks/114.changequot 750 /m /checks/115.changequot 691 /m /checks/116.changequot 545 /m /checks/117.changequot 495 /m /checks/118.changequot 461 /m /checks/119.changecom 719 /m /checks/120.changecom

55 /m /checks/121.changecom 498 /m /checks/122.changecom 626 /m /checks/123.changecom 925 /m /checks/124.changecom 496 /m /checks/125.changeword 552 /m /checks/126.changeword 671 /m /checks/127.changeword 1058 /m /checks/128.changeword 1004 /m /checks/129.changeword 745 /m /checks/130.changeword 593 /m /checks/131.m4wrap 635 /m /checks/132.m4wrap 1055 /m /checks/133.m4wrap 1048 /m /checks/134.m4wrap 611 /m /checks/135.m4wrap 476 /m /checks/136.m4wrap 489 /m /checks/137.include 639 /m /checks/138.include 537 /m /checks/139.include 573 /m /checks/140.include 516 /m /checks/141.include 499 /m /checks/142.include 451 /m /checks/143.diversions 1204 /m /checks/144.diversions 1140 /m /checks/145.diversions 642 /m /checks/146.diversions 642 /m /checks/147.divert 564 /m /checks/148.divert 574 /m /checks/149.divert 482 /m /checks/150.divert 469 /m /checks/151.divert 739 /m /checks/152.undivert 594 /m /checks/153.undivert 713 /m /checks/154.undivert 705 /m /checks/155.undivert 538 /m /checks/156.undivert 519 /m /checks/157.undivert 610 /m /checks/158.divnum 587 /m /checks/159.cleardiver 479 /m /checks/160.cleardiver

56 /m /checks/161.len 437 /m /checks/162.index_macr 506 /m /checks/163.index_macr 553 /m /checks/164.index_macr 517 /m /checks/165.index_macr 424 /m /checks/166.regexp 656 /m /checks/167.regexp 865 /m /checks/168.regexp 568 /m /checks/169.substr 532 /m /checks/170.substr 593 /m /checks/171.translit 705 /m /checks/172.translit 427 /m /checks/173.translit 989 /m /checks/174.translit 492 /m /checks/175.patsubst 902 /m /checks/176.patsubst 589 /m /checks/177.patsubst 966 /m /checks/178.patsubst 620 /m /checks/179.patsubst 585 /m /checks/180.format 1146 /m /checks/181.format 941 /m /checks/182.format 482 /m /checks/183.format 460 /m /checks/184.incr 624 /m /checks/185.eval 663 /m /checks/186.eval 899 /m /checks/187.eval 705 /m /checks/188.eval 918 /m /checks/189.eval 797 /m /checks/190.eval 1009 /m /checks/191.platform_m 533 /m /checks/192.platform_m 561 /m /checks/193.platform_m 667 /m /checks/194.syscmd 473 /m /checks/195.syscmd 423 /m /checks/196.esyscmd 474 /m /checks/197.sysval 842 /m /checks/198.sysval 756 /m /checks/199.mkstemp 1204 /m /checks/200.mkstemp

57 /m /checks/201.mkstemp 739 /m /checks/202.errprint 551 /m /checks/203.location 493 /m /checks/204.location 636 /m /checks/205.location 780 /m /checks/206.m4exit 524 /m /checks/207.m4exit 610 /m /checks/208.using_froz 421 /m /checks/209.using_froz 776 /m /checks/210.using_froz 496 /m /checks/211.extensions 949 /m /checks/212.other_inco 559 /m /checks/213.other_inco 450 /m /checks/214.improved_e 520 /m /checks/215.improved_f 1461 /m /checks/216.improved_f 1420 /m /checks/217.improved_f 1526 /m /checks/218.improved_f 1343 /m /checks/219.improved_f 1270 /m /checks/220.improved_f 1833 /m /checks/221.improved_f 1184 /m /checks/222.improved_f 1449 /m /checks/223.improved_f 2591 /m /checks/224.improved_f 463 /m /checks/225.improved_f 469 /m /checks/226.improved_f 471 /m /checks/227.improved_f 427 /m /checks/228.improved_f 584 /m /checks/229.improved_c 1841 /m /checks/230.improved_c 621 /m /checks/231.improved_m 639 /m /checks/232.improved_m 1146 /m /checks/233.improved_c 855 /m /checks/234.improved_c 1030 /m /checks/235.improved_c 1696 /m /checks/236.improved_f 822 /m /checks/check-them 4619 /m /checks/get-them 3322 /m /checks/makefile.am 1700 /m /checks/makefile.in

58 /m /checks/stackovf.test 3080 /m /checks/stamp-checks 7 /m /configure /m /configure.ac 8211 /m /copying /m /doc/fdl-1.3.texi /m /doc/gendocs_template 3505 /m /doc/gpl-3.0.texi /m /doc/m /m /doc/m4.info 3636 /m /doc/m4.info /m /doc/m4.info /m /doc/m4.texi /m /doc/makefile.am 1904 /m /doc/makefile.in /m /doc/stamp-vti 109 /m /doc/version.texi 109 /m /examples/capitalize.m4 397 /m /examples/capitalize2.m4 771 /m /examples/comments.m4 174 /m /examples/copying 387 /m /examples/curry.m4 199 /m /examples/ddivert.m4 127 /m /examples/debug.m4 140 /m /examples/esyscmd.m4 210 /m /examples/exp.m4 82 /m /examples/file.m4 167 /m /examples/foo 5 /m /examples/foreach.m4 304 /m /examples/foreach2.m4 370 /m /examples/foreachq.m4 334 /m /examples/foreachq2.m4 388 /m /examples/foreachq3.m4 342 /m /examples/foreachq4.m4 404 /m /examples/forloop.m4 230 /m /examples/forloop2.m4 485 /m /examples/forloop3.m4 558 /m /examples/fstab.m4 312 /m /examples/hanoi.m4 378 /m /examples/incl-test.m

59 /m /examples/incl.m4 43 /m /examples/include.m4 112 /m /examples/indir.m4 295 /m /examples/join.m4 598 /m /examples/loop.m4 948 /m /examples/makefile.am 1523 /m /examples/makefile.in /m /examples/misc.m4 201 /m /examples/multiquotes.m4 394 /m /examples/patsubst.m4 313 /m /examples/pushpop.m4 404 /m /examples/quote.m4 411 /m /examples/regexp.m4 387 /m /examples/reverse.m4 169 /m /examples/stack.m4 672 /m /examples/stack_sep.m4 762 /m /examples/sync-lines.m4 297 /m /examples/sysv-args.m4 346 /m /examples/trace.m4 543 /m /examples/translit.m4 273 /m /examples/undivert.incl 32 /m /examples/undivert.m4 127 /m /examples/wrap.m4 144 /m /examples/wrapfifo.m4 398 /m /examples/wraplifo.m4 391 /m /examples/wraplifo2.m4 360 /m /gnumakefile 4700 /m /install /m /lib/alloca.in.h 2067 /m /lib/asnprintf.c 1096 /m /lib/asprintf.c 1128 /m /lib/basename-lgpl.c 2172 /m /lib/basename.c 1823 /m /lib/binary-io.c 89 /m /lib/binary-io.h 2567 /m /lib/btowc.c 1134 /m /lib/c-ctype.c /m /lib/c-ctype.h 9570 /m /lib/c-stack.c /m /lib/c-stack.h

60 /m /lib/c-strcase.h 2116 /m /lib/c-strcasecmp.c 1628 /m /lib/c-strcaseeq.h 4788 /m /lib/c-strncasecmp.c 1662 /m /lib/canonicalize-lgpl.c /m /lib/clean-temp.c /m /lib/clean-temp.h 6447 /m /lib/cloexec.c 2410 /m /lib/cloexec.h 1538 /m /lib/close-stream.c 3124 /m /lib/close-stream.h 54 /m /lib/close.c 1548 /m /lib/closein.c 4016 /m /lib/closein.h 1014 /m /lib/closeout.c 4653 /m /lib/closeout.h 1094 /m /lib/config.charset /m /lib/config.hin /m /lib/dirname-lgpl.c 3238 /m /lib/dirname.c 1241 /m /lib/dirname.h 1495 /m /lib/dosname.h 2064 /m /lib/dup-safer-flag.c 1353 /m /lib/dup-safer.c 1080 /m /lib/dup2.c 3861 /m /lib/errno.in.h 7754 /m /lib/error.c /m /lib/error.h 2599 /m /lib/execute.c 9521 /m /lib/execute.h 2094 /m /lib/exitfail.c 883 /m /lib/exitfail.h 788 /m /lib/fatal-signal.c 8114 /m /lib/fatal-signal.h 3407 /m /lib/fclose.c 3000 /m /lib/fcntl.c /m /lib/fcntl.in.h 9854 /m /lib/fd-hook.c 3710 /m /lib/fd-hook.h 4960 /m /lib/fd-safer-flag.c

61 /m /lib/fd-safer.c 1587 /m /lib/fflush.c 7708 /m /lib/filenamecat-lgpl.c 2938 /m /lib/filenamecat.c 1339 /m /lib/filenamecat.h 1087 /m /lib/float+.h 5752 /m /lib/float.c 1381 /m /lib/float.in.h 7832 /m /lib/fopen-safer.c 1661 /m /lib/fopen.c 3603 /m /lib/fpending.c 1091 /m /lib/fpending.h 960 /m /lib/fpucw.h 4807 /m /lib/fpurge.c 5029 /m /lib/freadahead.c 3534 /m /lib/freadahead.h 1528 /m /lib/freading.c 3136 /m /lib/freading.h 1987 /m /lib/frexp.c 4505 /m /lib/frexpl.c 1041 /m /lib/fseek.c 1083 /m /lib/fseeko.c 5928 /m /lib/fstat.c 2525 /m /lib/ftell.c 1170 /m /lib/ftello.c 2525 /m /lib/getdtablesize.c 2633 /m /lib/getopt.c /m /lib/getopt.in.h 9360 /m /lib/getopt1.c 4628 /m /lib/getopt_int.h 5225 /m /lib/gettext.h /m /lib/gettimeofday.c 4227 /m /lib/gl_anyhash_list1.h 1209 /m /lib/gl_anyhash_list2.h 6359 /m /lib/gl_anylinked_list1.h 1816 /m /lib/gl_anylinked_list2.h /m /lib/gl_anytree_oset.h 7632 /m /lib/gl_avltree_oset.c /m /lib/gl_avltree_oset.h 1163 /m /lib/gl_linkedhash_list.c

62 /m /lib/gl_linkedhash_list.h 1203 /m /lib/gl_list.c 85 /m /lib/gl_list.h /m /lib/gl_oset.c 85 /m /lib/gl_oset.h /m /lib/gl_xlist.c 87 /m /lib/gl_xlist.h 6296 /m /lib/gl_xoset.c 87 /m /lib/gl_xoset.h 2339 /m /lib/glthread/lock.c /m /lib/glthread/lock.h /m /lib/glthread/threadlib.c 1959 /m /lib/glthread/tls.c 1731 /m /lib/glthread/tls.h 9546 /m /lib/gnulib.mk /m /lib/ignore-value.h 2092 /m /lib/intprops.h /m /lib/isnan.c 6565 /m /lib/isnand-nolibm.h 1199 /m /lib/isnand.c 842 /m /lib/isnanf-nolibm.h 1513 /m /lib/isnanf.c 867 /m /lib/isnanl-nolibm.h 1256 /m /lib/isnanl.c 873 /m /lib/itold.c 1060 /m /lib/langinfo.in.h 5357 /m /lib/localcharset.c /m /lib/localcharset.h 1346 /m /lib/locale.in.h 7386 /m /lib/localeconv.c 3545 /m /lib/lseek.c 1886 /m /lib/lstat.c 3613 /m /lib/makefile.am 963 /m /lib/makefile.in /m /lib/malloc.c 1554 /m /lib/malloca.c 5139 /m /lib/malloca.h 4800 /m /lib/malloca.valgrind 182 /m /lib/math.c 83 /m /lib/math.in.h

63 /m /lib/mbrtowc.c /m /lib/mbsinit.c 2048 /m /lib/mbtowc-impl.h 1474 /m /lib/mbtowc.c 960 /m /lib/memchr.c 6034 /m /lib/memchr.valgrind 440 /m /lib/memchr2.c 6625 /m /lib/memchr2.h 1131 /m /lib/memchr2.valgrind 425 /m /lib/mkdtemp.c 1363 /m /lib/mkstemp-safer.c 1810 /m /lib/mkstemp.c 1591 /m /lib/msvc-inval.c 4042 /m /lib/msvc-inval.h 9019 /m /lib/msvc-nothrow.c 1357 /m /lib/msvc-nothrow.h 1587 /m /lib/nl_langinfo.c 6958 /m /lib/obstack.c /m /lib/obstack.h /m /lib/open.c 6306 /m /lib/pathmax.h 3009 /m /lib/pipe-safer.c 1510 /m /lib/pipe2-safer.c 1532 /m /lib/pipe2.c 4489 /m /lib/printf-args.c 6741 /m /lib/printf-args.h 4089 /m /lib/printf-frexp.c 5516 /m /lib/printf-frexp.h 1095 /m /lib/printf-frexpl.c 1125 /m /lib/printf-frexpl.h 1114 /m /lib/printf-parse.c /m /lib/printf-parse.h 5428 /m /lib/progname.c 3268 /m /lib/progname.h 2077 /m /lib/quote.h 1904 /m /lib/quotearg.c /m /lib/quotearg.h /m /lib/raise.c 1738 /m /lib/rawmemchr.c 5385 /m /lib/rawmemchr.valgrind

64 /m /lib/readlink.c 2429 /m /lib/ref-add.sin 1031 /m /lib/ref-del.sin 981 /m /lib/regcomp.c /m /lib/regex.c 3260 /m /lib/regex.h /m /lib/regex_internal.c /m /lib/regex_internal.h /m /lib/regexec.c /m /lib/rename.c /m /lib/rmdir.c 1617 /m /lib/same-inode.h 1187 /m /lib/sched.in.h 1678 /m /lib/secure_getenv.c 1138 /m /lib/sig-handler.c 93 /m /lib/sig-handler.h 1954 /m /lib/sigaction.c 7471 /m /lib/siglist.h 3985 /m /lib/signal.in.h /m /lib/signbitd.c 2166 /m /lib/signbitf.c 2175 /m /lib/signbitl.c 2210 /m /lib/sigprocmask.c 8948 /m /lib/size_max.h 1191 /m /lib/snprintf.c 1946 /m /lib/spawn-pipe.c /m /lib/spawn-pipe.h 6497 /m /lib/spawn.in.h /m /lib/spawn_faction_addclose.c 2122 /m /lib/spawn_faction_adddup2.c 2210 /m /lib/spawn_faction_addopen.c 2329 /m /lib/spawn_faction_destroy.c 1105 /m /lib/spawn_faction_init.c 1778 /m /lib/spawn_int.h 1802 /m /lib/spawnattr_destroy.c 1024 /m /lib/spawnattr_init.c 1146 /m /lib/spawnattr_setflags.c 1709 /m /lib/spawnattr_setsigmask.c 1165 /m /lib/spawni.c /m /lib/spawnp.c

65 /m /lib/stat.c 4672 /m /lib/stdarg.in.h 1173 /m /lib/stdbool.in.h 5246 /m /lib/stddef.in.h 2800 /m /lib/stdint.in.h /m /lib/stdio--.h 1199 /m /lib/stdio-impl.h 4385 /m /lib/stdio-safer.h 1174 /m /lib/stdio-write.c 7620 /m /lib/stdio.in.h /m /lib/stdlib--.h 1125 /m /lib/stdlib-safer.h 1053 /m /lib/stdlib.in.h /m /lib/str-two-way.h /m /lib/strchrnul.c 5787 /m /lib/strchrnul.valgrind 271 /m /lib/streq.h 4174 /m /lib/strerror-override.c 9315 /m /lib/strerror-override.h 2055 /m /lib/strerror.c 2153 /m /lib/string.in.h /m /lib/stripslash.c 1614 /m /lib/strndup.c 1080 /m /lib/strnlen.c 1170 /m /lib/strsignal.c 5414 /m /lib/strstr.c 3153 /m /lib/strtod.c /m /lib/sys_stat.in.h /m /lib/sys_time.in.h 7894 /m /lib/sys_types.in.h 1712 /m /lib/sys_wait.in.h 3988 /m /lib/tempname.c 9408 /m /lib/tempname.h 1895 /m /lib/time.in.h 9284 /m /lib/tmpdir.c 4380 /m /lib/tmpdir.h 1289 /m /lib/unistd--.h 1027 /m /lib/unistd-safer.h 1083 /m /lib/unistd.c 87 /m /lib/unistd.in.h

66 /m /lib/unlocked-io.h 3678 /m /lib/vasnprintf.c /m /lib/vasnprintf.h 3023 /m /lib/vasprintf.c 1388 /m /lib/verify.h /m /lib/verror.c 2706 /m /lib/verror.h 2099 /m /lib/version-etc-fsf.c 1184 /m /lib/version-etc.c 9463 /m /lib/version-etc.h 3003 /m /lib/w32spawn.h 7624 /m /lib/wait-process.c /m /lib/wait-process.h 3088 /m /lib/waitpid.c 1034 /m /lib/wchar.in.h /m /lib/wcrtomb.c 1538 /m /lib/wctype-h.c 159 /m /lib/wctype.in.h /m /lib/xalloc-die.c 1349 /m /lib/xalloc-oversized.h 1725 /m /lib/xalloc.h 7961 /m /lib/xasprintf.c 1069 /m /lib/xmalloc.c 3505 /m /lib/xmalloca.c 1102 /m /lib/xmalloca.h 2162 /m /lib/xprintf.c 2322 /m /lib/xprintf.h 1970 /m /lib/xsize.c 81 /m /lib/xsize.h 3747 /m /lib/xstrndup.c 1225 /m /lib/xstrndup.h 1043 /m /lib/xvasprintf.c 2868 /m /lib/xvasprintf.h 2163 /m /m4/00gnulib.m /m /m4/alloca.m /m /m4/ansi-c++.m /m /m4/asm-underscore.m /m /m4/assert.m4 968 /m /m4/autobuild.m /m /m4/btowc.m

67 /m /m4/c-stack.m /m /m4/canonicalize.m /m /m4/close-stream.m4 364 /m /m4/close.m /m /m4/closedir.m4 767 /m /m4/closein.m4 361 /m /m4/closeout.m4 385 /m /m4/codeset.m4 855 /m /m4/config-h.m4 572 /m /m4/configmake.m /m /m4/dirent_h.m /m /m4/dirname.m4 575 /m /m4/double-slash-root.m /m /m4/dup.m4 772 /m /m4/dup2.m /m /m4/eealloc.m4 982 /m /m4/environ.m /m /m4/errno_h.m /m /m4/error.m4 867 /m /m4/execute.m4 390 /m /m4/exponentd.m /m /m4/exponentf.m /m /m4/exponentl.m /m /m4/extensions.m /m /m4/extern-inline.m /m /m4/fatal-signal.m4 442 /m /m4/fclose.m4 553 /m /m4/fcntl-o.m /m /m4/fcntl.m /m /m4/fcntl_h.m /m /m4/fdopen.m /m /m4/fflush.m /m /m4/filenamecat.m4 509 /m /m4/float_h.m /m /m4/fopen.m /m /m4/fpending.m /m /m4/fpieee.m /m /m4/fpurge.m /m /m4/freadahead.m4 363 /m /m4/freading.m

68 /m /m4/frexp.m /m /m4/frexpl.m /m /m4/fseek.m4 532 /m /m4/fseeko.m /m /m4/fstat.m4 970 /m /m4/ftell.m4 532 /m /m4/ftello.m /m /m4/getcwd.m /m /m4/getdtablesize.m4 575 /m /m4/getopt.m /m /m4/getpagesize.m /m /m4/gettimeofday.m /m /m4/glibc21.m4 941 /m /m4/gnulib-cache.m /m /m4/gnulib-common.m /m /m4/gnulib-comp.m /m /m4/include_next.m /m /m4/intlmacosx.m /m /m4/intmax_t.m /m /m4/inttypes-pri.m /m /m4/inttypes.m /m /m4/inttypes_h.m /m /m4/isnand.m /m /m4/isnanf.m /m /m4/isnanl.m /m /m4/langinfo_h.m /m /m4/largefile.m /m /m4/lcmessage.m /m /m4/ldexp.m /m /m4/ldexpl.m /m /m4/lib-ld.m /m /m4/lib-link.m /m /m4/lib-prefix.m /m /m4/libsigsegv.m4 635 /m /m4/link.m /m /m4/localcharset.m4 614 /m /m4/locale-fr.m /m /m4/locale-ja.m /m /m4/locale-tr.m /m /m4/locale-zh.m

69 /m /m4/locale_h.m /m /m4/localeconv.m4 637 /m /m4/localename.m4 430 /m /m4/lock.m /m /m4/longlong.m /m /m4/lseek.m /m /m4/lstat.m /m /m4/malloc.m /m /m4/malloca.m4 592 /m /m4/manywarnings.m /m /m4/math_h.m /m /m4/mbrtowc.m /m /m4/mbsinit.m /m /m4/mbstate_t.m /m /m4/mbtowc.m4 479 /m /m4/memchr.m /m /m4/mkdtemp.m4 555 /m /m4/mkstemp.m /m /m4/mmap-anon.m /m /m4/mode_t.m /m /m4/msvc-inval.m4 751 /m /m4/msvc-nothrow.m4 354 /m /m4/multiarch.m /m /m4/nl_langinfo.m /m /m4/nocrash.m /m /m4/off_t.m4 536 /m /m4/open.m /m /m4/opendir.m4 759 /m /m4/pathmax.m /m /m4/pipe2.m4 549 /m /m4/posix_spawn.m /m /m4/printf-frexp.m /m /m4/printf-frexpl.m /m /m4/printf.m /m /m4/putenv.m /m /m4/quotearg.m4 326 /m /m4/raise.m /m /m4/rawmemchr.m4 654 /m /m4/readdir.m4 455 /m /m4/readlink.m

70 /m /m4/regex.m /m /m4/rename.m /m /m4/rmdir.m /m /m4/sched_h.m /m /m4/secure_getenv.m4 817 /m /m4/setenv.m /m /m4/setlocale.m4 896 /m /m4/sig_atomic_t.m4 593 /m /m4/sigaction.m /m /m4/signal_h.m /m /m4/signalblocking.m4 954 /m /m4/signbit.m /m /m4/sigpipe.m4 930 /m /m4/size_max.m /m /m4/sleep.m /m /m4/snprintf.m /m /m4/spawn-pipe.m4 399 /m /m4/spawn_h.m /m /m4/ssize_t.m4 842 /m /m4/stat.m /m /m4/stdarg.m /m /m4/stdbool.m /m /m4/stddef_h.m /m /m4/stdint.m /m /m4/stdint_h.m /m /m4/stdio_h.m /m /m4/stdlib_h.m /m /m4/strchrnul.m /m /m4/strdup.m4 979 /m /m4/strerror.m /m /m4/string_h.m /m /m4/strndup.m /m /m4/strnlen.m4 911 /m /m4/strsignal.m /m /m4/strstr.m /m /m4/strtod.m /m /m4/symlink.m /m /m4/sys_socket_h.m /m /m4/sys_stat_h.m /m /m4/sys_time_h.m

71 /m /m4/sys_types_h.m4 679 /m /m4/sys_wait_h.m /m /m4/tempname.m4 557 /m /m4/threadlib.m /m /m4/time_h.m /m /m4/tls.m4 382 /m /m4/tmpdir.m4 362 /m /m4/ungetc.m /m /m4/unistd-safer.m4 354 /m /m4/unistd_h.m /m /m4/unlocked-io.m /m /m4/vasnprintf.m /m /m4/vasprintf-posix.m /m /m4/vasprintf.m /m /m4/version-etc.m /m /m4/wait-process.m4 439 /m /m4/waitpid.m4 430 /m /m4/warnings.m /m /m4/wchar_h.m /m /m4/wchar_t.m4 842 /m /m4/wcrtomb.m /m /m4/wctob.m /m /m4/wctomb.m4 479 /m /m4/wctype_h.m /m /m4/wint_t.m /m /m4/write.m /m /m4/xalloc.m4 321 /m /m4/xsize.m4 418 /m /m4/xstrndup.m4 424 /m /m4/xvasprintf.m4 363 /m /maint.mk /m /makefile.am 1983 /m /makefile.in /m /news /m /readme 4059 /m /src/builtin.c /m /src/debug.c /m /src/eval.c /m /src/format.c /m /src/freeze.c

72 /m /src/input.c /m /src/m4.c /m /src/m4.h /m /src/macro.c /m /src/makefile.am 1207 /m /src/makefile.in /m /src/output.c /m /src/path.c 4914 /m /src/symtab.c /m /tests/closedir.c 1509 /m /tests/dirent-private.h 1557 /m /tests/dirent.in.h 8902 /m /tests/dup.c 1383 /m /tests/fdopen.c 1564 /m /tests/filename.h 2016 /m /tests/getcwd-lgpl.c 3252 /m /tests/getpagesize.c 1251 /m /tests/gl_array_list.c /m /tests/gl_array_list.h 1150 /m /tests/gl_array_oset.c 9960 /m /tests/gl_array_oset.h 1146 /m /tests/gnulib.mk /m /tests/infinity.h 1627 /m /tests/init.sh /m /tests/inttypes.in.h /m /tests/link.c 5894 /m /tests/localename.c /m /tests/localename.h 4560 /m /tests/macros.h 3477 /m /tests/makefile.am 835 /m /tests/makefile.in /m /tests/minus-zero.h 2463 /m /tests/nan.h 1916 /m /tests/opendir.c 3557 /m /tests/putenv.c 5301 /m /tests/randomd.c /m /tests/randoml.c /m /tests/readdir.c 3104 /m /tests/setenv.c /m /tests/setlocale.c

73 /m /tests/signature.h 2030 /m /tests/sleep.c 2387 /m /tests/strdup.c 1390 /m /tests/symlink.c 1490 /m /tests/test-alloca-opt.c 1584 /m /tests/test-array_list.c /m /tests/test-array_oset.c 4376 /m /tests/test-avltree_oset.c 3900 /m /tests/test-binary-io.c 1771 /m /tests/test-binary-io.sh 385 /m /tests/test-btowc.c 1799 /m /tests/test-btowc1.sh 370 /m /tests/test-btowc2.sh 389 /m /tests/test-c-ctype.c /m /tests/test-c-stack.c 2084 /m /tests/test-c-stack.sh 358 /m /tests/test-c-stack2.sh 873 /m /tests/test-c-strcase.sh 632 /m /tests/test-c-strcasecmp.c 2213 /m /tests/test-c-strncasecmp.c 3113 /m /tests/test-canonicalize-lgpl.c 6566 /m /tests/test-chdir.c 989 /m /tests/test-cloexec.c 4208 /m /tests/test-close.c 1198 /m /tests/test-closein.c 1512 /m /tests/test-closein.sh 888 /m /tests/test-dirent-c++.cc 1615 /m /tests/test-dirent.c 1027 /m /tests/test-dirname.c 8798 /m /tests/test-dup-safer.c 5174 /m /tests/test-dup.c 1197 /m /tests/test-dup2.c 6085 /m /tests/test-environ.c 1539 /m /tests/test-errno.c 3043 /m /tests/test-fclose.c 2967 /m /tests/test-fcntl-h-c++.cc 1274 /m /tests/test-fcntl-h.c 3009 /m /tests/test-fcntl.c /m /tests/test-fdopen.c 1383 /m /tests/test-fflush.c

74 /m /tests/test-fflush2.c 3434 /m /tests/test-fflush2.sh 351 /m /tests/test-fgetc.c 2597 /m /tests/test-filenamecat.c 1997 /m /tests/test-float.c 9492 /m /tests/test-fopen-safer.c 975 /m /tests/test-fopen.c 1057 /m /tests/test-fopen.h 2196 /m /tests/test-fpending.c 1111 /m /tests/test-fpending.sh 161 /m /tests/test-fpurge.c 4065 /m /tests/test-fputc.c 2520 /m /tests/test-fread.c 2724 /m /tests/test-freadahead.c 2146 /m /tests/test-freadahead.sh 163 /m /tests/test-freading.c 4821 /m /tests/test-frexp.c 2033 /m /tests/test-frexp.h 4917 /m /tests/test-frexpl.c 2324 /m /tests/test-fseek.c 2354 /m /tests/test-fseek.sh 125 /m /tests/test-fseek2.sh 72 /m /tests/test-fseeko.c 2502 /m /tests/test-fseeko.sh 128 /m /tests/test-fseeko2.sh 74 /m /tests/test-fseeko3.c 1335 /m /tests/test-fseeko3.sh 151 /m /tests/test-fseeko4.c 1987 /m /tests/test-fseeko4.sh 84 /m /tests/test-fstat.c 1326 /m /tests/test-ftell.c 2932 /m /tests/test-ftell.sh 125 /m /tests/test-ftell2.sh 72 /m /tests/test-ftell3.c 2145 /m /tests/test-ftello.c 3379 /m /tests/test-ftello.sh 128 /m /tests/test-ftello2.sh 74 /m /tests/test-ftello3.c 2150 /m /tests/test-ftello4.c 1863 /m /tests/test-ftello4.sh 84 74

75 /m /tests/test-fwrite.c 2694 /m /tests/test-getcwd-lgpl.c 2731 /m /tests/test-getdtablesize.c 1052 /m /tests/test-getopt.c 2973 /m /tests/test-getopt.h /m /tests/test-getopt_long.h /m /tests/test-gettimeofday.c 1367 /m /tests/test-ignore-value.c 2045 /m /tests/test-init.sh 2443 /m /tests/test-intprops.c /m /tests/test-inttypes.c 3238 /m /tests/test-isnand-nolibm.c 833 /m /tests/test-isnand.h 2131 /m /tests/test-isnanf-nolibm.c 833 /m /tests/test-isnanf.h 2177 /m /tests/test-isnanl-nolibm.c 898 /m /tests/test-isnanl.h 4547 /m /tests/test-langinfo-c++.cc 1068 /m /tests/test-langinfo.c 2005 /m /tests/test-link.c 1327 /m /tests/test-link.h 6178 /m /tests/test-linkedhash_list.c /m /tests/test-locale-c++.cc 1195 /m /tests/test-locale-c++2.cc 844 /m /tests/test-locale.c 2378 /m /tests/test-localeconv.c 2343 /m /tests/test-localename.c /m /tests/test-lseek.c 3391 /m /tests/test-lseek.sh 409 /m /tests/test-lstat.c 1857 /m /tests/test-lstat.h 3884 /m /tests/test-malloc-gnu.c 928 /m /tests/test-malloca.c 1646 /m /tests/test-math-c++.cc /m /tests/test-math-c++2.cc 840 /m /tests/test-math.c 2384 /m /tests/test-mbrtowc-w32-1.sh 86 /m /tests/test-mbrtowc-w32-2.sh 94 /m /tests/test-mbrtowc-w32-3.sh 85 /m /tests/test-mbrtowc-w32-4.sh 85 75

76 /m /tests/test-mbrtowc-w32-5.sh 84 /m /tests/test-mbrtowc-w32.c /m /tests/test-mbrtowc.c /m /tests/test-mbrtowc1.sh 372 /m /tests/test-mbrtowc2.sh 391 /m /tests/test-mbrtowc3.sh 383 /m /tests/test-mbrtowc4.sh 401 /m /tests/test-mbsinit.c 1525 /m /tests/test-mbsinit.sh 389 /m /tests/test-memchr.c 3918 /m /tests/test-memchr2.c 3080 /m /tests/test-nl_langinfo.c 4798 /m /tests/test-nl_langinfo.sh 454 /m /tests/test-open.c 1168 /m /tests/test-open.h 3086 /m /tests/test-pathmax.c 995 /m /tests/test-pipe2.c 3900 /m /tests/test-posix_spawn1.c 5663 /m /tests/test-posix_spawn1.in.sh 31 /m /tests/test-posix_spawn2.c 4164 /m /tests/test-posix_spawn2.in.sh 52 /m /tests/test-posix_spawn_file_actions_addclose.c 1816 /m /tests/test-posix_spawn_file_actions_adddup2.c 2027 /m /tests/test-posix_spawn_file_actions_addopen.c 2038 /m /tests/test-printf-frexp.c 3748 /m /tests/test-printf-frexpl.c 4299 /m /tests/test-quotearg-simple.c /m /tests/test-quotearg.h 4063 /m /tests/test-raise.c 1490 /m /tests/test-rawmemchr.c 2632 /m /tests/test-readlink.c 1378 /m /tests/test-readlink.h 4303 /m /tests/test-regex.c 6903 /m /tests/test-rename.c 1339 /m /tests/test-rename.h /m /tests/test-rmdir.c 1324 /m /tests/test-rmdir.h 3451 /m /tests/test-sched.c 1259 /m /tests/test-setenv.c 1662 /m /tests/test-setlocale1.c

77 /m /tests/test-setlocale1.sh 872 /m /tests/test-setlocale2.c 1822 /m /tests/test-setlocale2.sh 758 /m /tests/test-sigaction.c 3702 /m /tests/test-signal-h-c++.cc 2169 /m /tests/test-signal-h-c++2.cc 844 /m /tests/test-signal-h.c 2667 /m /tests/test-signbit.c 5336 /m /tests/test-sigpipe.c 1959 /m /tests/test-sigpipe.sh 849 /m /tests/test-sigprocmask.c 2732 /m /tests/test-sleep.c 1492 /m /tests/test-snprintf.c 2074 /m /tests/test-spawn-c++.cc 4964 /m /tests/test-spawn-pipe-child.c 3367 /m /tests/test-spawn-pipe-main.c 3734 /m /tests/test-spawn-pipe.sh 207 /m /tests/test-spawn.c 1689 /m /tests/test-stat.c 1662 /m /tests/test-stat.h 3192 /m /tests/test-stdbool.c 3622 /m /tests/test-stddef.c 1704 /m /tests/test-stdint.c /m /tests/test-stdio-c++.cc 6680 /m /tests/test-stdio-c++2.cc 842 /m /tests/test-stdio.c 1277 /m /tests/test-stdlib-c++.cc 4534 /m /tests/test-stdlib-c++2.cc 844 /m /tests/test-stdlib.c 1482 /m /tests/test-strchrnul.c 2428 /m /tests/test-strerror.c 2066 /m /tests/test-string-c++.cc 4154 /m /tests/test-string-c++2.cc 844 /m /tests/test-string.c 1064 /m /tests/test-strnlen.c 1845 /m /tests/test-strsignal.c 2272 /m /tests/test-strstr.c 8649 /m /tests/test-strtod.c /m /tests/test-symlink.c 1345 /m /tests/test-symlink.h

78 /m /tests/test-sys_stat-c++.cc 2650 /m /tests/test-sys_stat.c 7689 /m /tests/test-sys_time-c++.cc 1102 /m /tests/test-sys_time.c 1161 /m /tests/test-sys_types-c++.cc 934 /m /tests/test-sys_types.c 1011 /m /tests/test-sys_wait-c++.cc 1069 /m /tests/test-sys_wait.c 1245 /m /tests/test-sys_wait.h 1986 /m /tests/test-time-c++.cc 1719 /m /tests/test-time-c++2.cc 840 /m /tests/test-time.c 1305 /m /tests/test-unistd-c++.cc 5869 /m /tests/test-unistd.c 1631 /m /tests/test-unsetenv.c 1850 /m /tests/test-update-copyright.sh /m /tests/test-vasnprintf.c 2363 /m /tests/test-vasprintf-posix.c /m /tests/test-vasprintf.c 2612 /m /tests/test-vc-list-files-cvs.sh 1749 /m /tests/test-vc-list-files-git.sh 1480 /m /tests/test-verify.c 1928 /m /tests/test-verify.sh 733 /m /tests/test-version-etc.c 1128 /m /tests/test-version-etc.sh 1461 /m /tests/test-wchar-c++.cc 6345 /m /tests/test-wchar.c 1154 /m /tests/test-wcrtomb-w32-1.sh 86 /m /tests/test-wcrtomb-w32-2.sh 94 /m /tests/test-wcrtomb-w32-3.sh 85 /m /tests/test-wcrtomb-w32-4.sh 85 /m /tests/test-wcrtomb-w32-5.sh 84 /m /tests/test-wcrtomb-w32.c 9497 /m /tests/test-wcrtomb.c 4784 /m /tests/test-wcrtomb.sh 788 /m /tests/test-wctype-h-c++.cc 2304 /m /tests/test-wctype-h.c 2111 /m /tests/test-write.c 2132 /m /tests/test-xalloc-die.c 1005 /m /tests/test-xalloc-die.sh

79 /m /tests/test-xvasprintf.c 3280 /m /tests/unsetenv.c 3001 /m /tests/wctob.c 1242 /m /tests/wctomb-impl.h 1132 /m /tests/wctomb.c 940 /m /tests/write.c 5274 /m /tests/zerosize-ptr.h 2578 /m /thanks 6438 /m /todo

80 Appendix - Descriptions of Key Terminology Security Rating The Fortify 5-star assessment rating provides information on the likelihood and impact of defects present within an application. A perfect rating within this system would be 5 complete stars indicating that no high impact vulnerabilities were uncovered. Rating Fortify awards one star to projects that undergo a Fortify security review, which analyzes a project for a variety of software security vulnerabilities. Fortify awards two stars to projects that undergo a Fortify security review that identifies no high likelihood / high impact issues. Vulnerabilities that are trivial to exploit and have a high business or technical impact should never exist in business-critical software. Fortify awards three stars to projects that undergo a Fortify security review that identifies no low likelihood / high impact issues and meets the requirements needed to receive two stars. Vulnerabilities that have a high impact, even if they are non-trivial to exploit, should never exist in business critical software. Fortify awards four stars to projects that undergo a Fortify security review that identifies no high likelihood / low impact issues and meets the requirements for three stars. Vulnerabilities that have a low impact, but are easy to exploit, should be considered carefully as they may pose a greater threat if an attacker exploits many of them as part of a concerted effort or leverages a low impact vulnerability as a stepping stone to mount a high-impact attack. Fortify awards five stars to projects that undergo a Fortify security review that identifies no issues. Likelihood and Impact Likelihood Likelihood is the probability that a vulnerability will be accurately identified and successfully exploited. Impact Impact is the potential damage an attacker could do to assets by successfully exploiting a vulnerability. This damage can be in the form of, but not limited to, financial loss, compliance violation, loss of brand reputation, and negative publicity. Fortify Priority Order Critical Critical-priority issues have high impact and high likelihood. Critical-priority issues are easy to detect and exploit and result in large asset damage. These issues represent the highest security risk to the application. As such, they should be remediated immediately. SQL Injection is an example of a critical issue. High High-priority issues have high impact and low likelihood. High-priority issues are often difficult to detect and exploit, but can result in large asset damage. These issues represent a high security risk to the application. High priority issues should be remediated in the next scheduled patch release. 80

81 Medium Medium-priority issues have low impact and high likelihood. Medium-priority issues are easy to detect and exploit, but typically result in small asset damage. These issues represent a moderate security risk to the application. Medium-priority issues should be remediated in the next scheduled Low Low-priority issues have low impact and low likelihood. Low-priority issues can be difficult to detect and exploit and typically result in small asset damage. These issues represent a minor security risk to the application. Low priority issues should be remediated as time allows. Issue Status New New issues are ones that have been identified for the first time in the most recent analysis of the application. Existing Existing issues are issues that have been found in a previous analysis of the application and are still present in the latest analysis. Reopened Reopened issues have been discovered in a previous analysis of the application but were not present in subsequent analyses. These issues are now present again in the most recent analysis of the application. Fortify Remediation Effort Major Remediation Major remediation effort issues must often be addressed at multiple locations to fix the root problem. Minor Remediation Minor remediation effort issues can typically be addressed at the location of the root problem. 81