| Group |
Location |
Level |
Code |
Message |
| General Analysis |
standard.h:324 |
Medium |
V1019 |
Compound assignment expression 'c -= 'a' - 'A'' is used inside condition. |
| General Analysis |
freq_ctr.h:271 |
High |
V1028 |
Possible overflow. Consider casting operands of the '* sum + n' operator to the 'unsigned long long' type, not the result. |
| General Analysis |
htx.h:565 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
htx.h:600 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
connection.h:778 |
Medium |
V641 |
The size of the '& conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.h:993 |
High |
V547 |
Expression is always false. |
| General Analysis |
listener.h:139 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'bind_conf'. Check lines: 139, 137. |
| General Analysis |
listener.h:163 |
Medium |
V547 |
Expression 'st > sizeof (states) / sizeof (* states)' is always false. |
| General Analysis |
ssl_sock.c:442 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'el'. Check lines: 442, 441. |
| General Analysis |
ssl_sock.c:1211 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'cb_arg'. Check lines: 1211, 1208. |
| General Analysis |
ssl_sock.c:1244 |
Medium |
V557 |
Array underrun is possible. The value of 'index' index could reach -1. |
| General Analysis |
ssl_sock.c:1875 |
Medium |
V547 |
Expression 'newcrt' is always true. |
| General Analysis |
ssl_sock.c:1899 |
Medium |
V547 |
Expression 'tmp_ssl' is always false. |
| General Analysis |
ssl_sock.c:2958 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'ckch->chain_certs'. Check lines: 2958, 2955. |
| General Analysis |
ssl_sock.c:2955 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer 'ckch->chain_certs' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
ssl_sock.c:3045 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 's_kt'. Check lines: 3045, 3040. |
| General Analysis |
ssl_sock.c:3230 |
High |
V575 |
The null pointer is passed into 'SSL_CTX_set_ex_data' function. Inspect the third argument. |
| General Analysis |
ssl_sock.c:3460 |
High |
V575 |
The null pointer is passed into 'SSL_CTX_set_ex_data' function. Inspect the third argument. |
| General Analysis |
ssl_sock.c:5045 |
Medium |
V547 |
Expression 'capkey' is always false. |
| General Analysis |
ssl_sock.c:5618 |
Medium |
V547 |
Expression 'need_out' is always false. |
| General Analysis |
ssl_sock.c:6188 |
High |
V575 |
The null pointer is passed into 'SSL_set_session' function. Inspect the second argument. |
| General Analysis |
ssl_sock.c:7683 |
Medium |
V786 |
It is odd that value '1' is assigned to the 'conf->early_data' variable. The value range of 'conf->early_data' variable: [-1, 0]. |
| General Analysis |
ssl_sock.c:7689 |
Medium |
V786 |
It is odd that value '1' is assigned to the 'conf->ssl_conf.early_data' variable. The value range of 'conf->ssl_conf.early_data' variable: [-1, 0]. |
| General Analysis |
ssl_sock.c:7712 |
Medium |
V769 |
The 'conf->npn_str' pointer in the 'conf->npn_str + 1' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 7712, 7711. |
| General Analysis |
ssl_sock.c:7716 |
Medium |
V769 |
The 'p1' pointer in the 'p1 + 1' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 7716, 7711. |
| General Analysis |
ssl_sock.c:7768 |
Medium |
V769 |
The 'conf->alpn_str' pointer in the 'conf->alpn_str + 1' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 7768, 7767. |
| General Analysis |
ssl_sock.c:7772 |
Medium |
V769 |
The 'p1' pointer in the 'p1 + 1' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 7772, 7767. |
| General Analysis |
ssl_sock.c:7904 |
High |
V773 |
The function was exited without closing the file referenced by the 'f' handle. A resource leak is possible. |
| General Analysis |
ssl_sock.c:7913 |
Medium |
V557 |
Array underrun is possible. The value of 'len - 1' index could reach -1. |
| General Analysis |
ssl_sock.c:7914 |
Medium |
V557 |
Array underrun is possible. The value of '-- len' index could reach -1. |
| General Analysis |
ssl_sock.c:7916 |
Medium |
V557 |
Array underrun is possible. The value of 'len - 1' index could reach -2. |
| General Analysis |
ssl_sock.c:7917 |
Medium |
V557 |
Array underrun is possible. The value of '-- len' index could reach -2. |
| General Analysis |
ssl_sock.c:7963 |
Medium |
V547 |
Expression 'i < 0' is always false. |
| General Analysis |
ssl_sock.c:8011 |
Medium |
V786 |
It is odd that value '1' is assigned to the 'conf->no_ca_names' variable. The value range of 'conf->no_ca_names' variable: [-1, 0]. |
| General Analysis |
ssl_sock.c:8942 |
Medium |
V519 |
The 'appctx->st2' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 8938, 8942. |
| General Analysis |
proto_http.c:2739 |
Medium |
V547 |
Expression 'msg->msg_state == HTTP_MSG_ERROR' is always false. |
| General Analysis |
proto_http.c:2739 |
Medium |
V560 |
A part of conditional expression is always false. |
| General Analysis |
proto_http.c:2951 |
Medium |
V641 |
The size of the '& cli_conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
proto_http.c:3085 |
Medium |
V547 |
Expression 'msg->msg_state == HTTP_MSG_ERROR' is always false. |
| General Analysis |
proto_http.c:3085 |
Medium |
V560 |
A part of conditional expression is always false. |
| General Analysis |
proto_http.c:4700 |
Medium |
V560 |
A part of conditional expression is always false: txn->status < 200. |
| General Analysis |
proto_http.c:7480 |
Medium |
V519 |
The 'delta' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 7472, 7480. |
| General Analysis |
cfgparse-listen.c:437 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 437, 436. |
| General Analysis |
cfgparse-listen.c:553 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 553, 552. |
| General Analysis |
cfgparse-listen.c:577 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'curproxy->comp'. Check lines: 577, 576. |
| General Analysis |
cfgparse-listen.c:704 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'bind_conf'. |
| General Analysis |
cfgparse-listen.c:818 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 818, 817. |
| General Analysis |
cfgparse-listen.c:901 |
Medium |
V769 |
The 'curproxy->desc' pointer in the 'curproxy->desc + len' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 901, 898. |
| General Analysis |
cfgparse-listen.c:901 |
Medium |
V769 |
The 'd' pointer in the expression could be nullptr. In such case, resulting value of arithmetic operations on this pointer will be senseless and it should not be used. Check lines: 901, 898. |
| General Analysis |
cfgparse-listen.c:988 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 988, 987. |
| General Analysis |
cfgparse-listen.c:1275 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 1275, 1274. |
| General Analysis |
cfgparse-listen.c:1362 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 1362, 1361. |
| General Analysis |
cfgparse-listen.c:1386 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'hdr'. Check lines: 1386, 1385. |
| General Analysis |
cfgparse-listen.c:1414 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'hdr'. Check lines: 1414, 1413. |
| General Analysis |
cfgparse-listen.c:1525 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 1525, 1524. |
| General Analysis |
cfgparse-listen.c:1663 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 1663, 1662. |
| General Analysis |
cfgparse-listen.c:1702 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 1702, 1701. |
| General Analysis |
cfgparse-listen.c:1992 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 1992, 1991. |
| General Analysis |
cfgparse-listen.c:2041 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 2041, 2040. |
| General Analysis |
cfgparse-listen.c:2189 |
Medium |
V769 |
The 'desc' pointer in the 'desc + len' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 2189, 2187. |
| General Analysis |
cfgparse-listen.c:2189 |
Medium |
V769 |
The 'd' pointer in the expression could be nullptr. In such case, resulting value of arithmetic operations on this pointer will be senseless and it should not be used. Check lines: 2189, 2187. |
| General Analysis |
cfgparse-listen.c:2590 |
Medium |
V769 |
The 'packet' pointer in the 'packet + 4' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 2590, 2588. |
| General Analysis |
cfgparse-listen.c:2596 |
High |
V575 |
The 'memcpy' function doesn't copy the whole string. Use 'strcpy / strcpy_s' function to preserve terminal null. |
| General Analysis |
cfgparse-listen.c:2852 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 2852, 2851. |
| General Analysis |
cfgparse-listen.c:2903 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 2903, 2902. |
| General Analysis |
cfgparse-listen.c:3122 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3122, 3121. |
| General Analysis |
cfgparse-listen.c:3159 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3159, 3158. |
| General Analysis |
cfgparse-listen.c:3225 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3225, 3223. |
| General Analysis |
cfgparse-listen.c:3257 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3257, 3255. |
| General Analysis |
cfgparse-listen.c:3318 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3318, 3316. |
| General Analysis |
cfgparse-listen.c:3354 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3354, 3352. |
| General Analysis |
cfgparse-listen.c:3386 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcpcheck'. Check lines: 3386, 3384. |
| General Analysis |
chunk.h:94 |
Medium |
V522 |
Dereferencing of the null pointer 'str' might take place. The potential null pointer is passed into 'chunk_initstr' function. Inspect the second argument. Check lines: 'chunk.h:94', 'cfgparse-listen.c:3771', 'cfgparse-listen.c:3771'. |
| General Analysis |
cfgparse-listen.c:3860 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 3860, 3858. |
| General Analysis |
cfgparse-listen.c:3933 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 3933, 3932. |
| General Analysis |
cfgparse-listen.c:4090 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'wl'. Check lines: 4090, 4089. |
| General Analysis |
cfgparse-listen.c:4187 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'wl'. Check lines: 4187, 4186. |
| General Analysis |
cfgparse-listen.c:4265 |
Medium |
V575 |
The potential null pointer is passed into 'read' function. Inspect the second argument. Check lines: 4265, 4264. |
| General Analysis |
proto_htx.c:322 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:322 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:540 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:540 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:541 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:541 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:541 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'http_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:812 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:885 |
Medium |
V641 |
The size of the '& cli_conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
proto_htx.c:1739 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:1741 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2003 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2003 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:2022 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2022 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:2022 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'http_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:2365 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
proto_htx.c:2367 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2367 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:2386 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2434 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2488 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2489 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2492 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2493 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2496 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2497 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2500 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2501 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2505 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2506 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2512 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2518 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2518 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:2518 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:2519 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2519 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:2520 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2524 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2524 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:2524 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:2529 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2529 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:2656 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:2655 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:3826 |
Medium |
V1001 |
The 'done' variable is assigned but is not used by the end of the function. |
| General Analysis |
proto_htx.c:3909 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4387 |
Medium |
V614 |
Potentially uninitialized variable 'is_cookie2' used. |
| General Analysis |
proto_htx.c:4312 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4312 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:4313 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4313 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:4603 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4603 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:4612 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4612 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:4618 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4618 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:4691 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4691 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:4698 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:4698 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:5005 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5004 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5011 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5011 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:5011 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5012 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5012 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5013 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5013 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5014 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5385 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5384 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5422 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5423 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5429 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5430 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5436 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5435 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5445 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5445 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:5445 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5446 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5446 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5447 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5447 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
proto_htx.c:5449 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5449 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
proto_htx.c:5451 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
proto_htx.c:5451 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stream.c:935 |
Medium |
V581 |
The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 933, 935. |
| General Analysis |
stream.c:950 |
Medium |
V581 |
The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 948, 950. |
| General Analysis |
stream.c:952 |
Medium |
V581 |
The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 950, 952. |
| General Analysis |
stream.c:1164 |
High |
V547 |
Expression 'si->state == SI_ST_QUE' is always false. |
| General Analysis |
stream.c:1856 |
High |
V547 |
Expression 'si_b->state == SI_ST_EST' is always false. |
| General Analysis |
h2.h:278 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.h:278 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.h:279 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.h:279 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.h:280 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.h:280 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.h:281 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.h:281 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.h:282 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.h:282 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
hpack-tbl.h:194 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
hpack-tbl.h:209 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
hpack-enc.h:232 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
hpack-enc.h:232 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
hpack-enc.h:234 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
hpack-enc.h:234 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
hpack-enc.h:250 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
hpack-enc.h:250 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
hpack-enc.h:252 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
hpack-enc.h:252 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:911 |
High |
V729 |
Function body contains the 'out_free_h2s' label that is not used by any 'goto' statements. |
| General Analysis |
mux_h2.c:1087 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:1127 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:1997 |
Medium |
V1016 |
Expression 'h2s->st < H2_SS_ERROR' is always true. |
| General Analysis |
mux_h2.c:2121 |
High |
V547 |
Expression 'h2c->st0 == H2_CS_ERROR' is always false. |
| General Analysis |
mux_h2.c:2115 |
High |
V547 |
Expression 'h2c->st0 == H2_CS_SETTINGS1' is always true. |
| General Analysis |
mux_h2.c:2498 |
Medium |
V1016 |
Expression 'h2c->st0 < H2_CS_FRAME_H' is always true. |
| General Analysis |
mux_h2.c:2505 |
Medium |
V560 |
A part of conditional expression is always false: h2c_send_conn_wu(h2c) < 0. |
| General Analysis |
mux_h2.c:3787 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:3787 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:3788 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:3789 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:3790 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:3791 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:3794 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h2.c:3794 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4094 |
Medium |
V560 |
A part of conditional expression is always true: size. |
| General Analysis |
mux_h2.c:4202 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h2.c:4240 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4240 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4241 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4242 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4243 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4244 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4247 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h2.c:4247 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4398 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h2.c:4435 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4435 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4453 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h2.c:4453 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4456 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4456 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4467 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4467 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4477 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4477 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4478 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4479 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4480 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4481 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4482 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4485 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h2.c:4485 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4903 |
Medium |
V557 |
Array overrun is possible. The value of 'hdr' index could reach 101. |
| General Analysis |
mux_h2.c:4948 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4948 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h2.c:4949 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4950 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4951 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4952 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4953 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4954 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:4955 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h2.c:5283 |
High |
V547 |
Expression 'h2s->h1m.state == H1_MSG_TRAILERS' is always true. |
| General Analysis |
stats.c:373 |
High |
V547 |
Expression is always true. |
| General Analysis |
stats.c:553 |
Medium |
V768 |
The expression 'field_format(info, field)' is of enum type. It is odd that it is used as an expression of a Boolean-type. |
| General Analysis |
stats.c:1064 |
Medium |
V512 |
A call of the 'memcmp' function will lead to underflow of the buffer '"no check"'. |
| General Analysis |
stats.c:2432 |
High |
V781 |
The value of the 'appctx->ctx.stats.scope_len' variable is checked after it was used. Perhaps there is a mistake in program logic. Check lines: 2432, 2437. |
| General Analysis |
stats.c:3108 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3108 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3113 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3113 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stats.c:3113 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3114 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3114 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3117 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3117 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stats.c:3117 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3121 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3121 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stats.c:3121 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3127 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3127 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stats.c:3132 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3132 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stats.c:3132 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3183 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3183 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3188 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3188 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
stats.c:3188 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3189 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3189 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3190 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3190 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3191 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3191 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
stats.c:3192 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
stats.c:3524 |
Medium |
V768 |
The expression 'field_format(info, field)' is of enum type. It is odd that it is used as an expression of a Boolean-type. |
| General Analysis |
stats.c:3544 |
Medium |
V768 |
The expression 'field_format(info, field)' is of enum type. It is odd that it is used as an expression of a Boolean-type. |
| General Analysis |
stats.c:1064 |
Medium |
V666 |
Consider inspecting third argument of the function 'memcmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. |
| General Analysis |
flt_spoe.c:1110 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer '& sz'. |
| General Analysis |
flt_spoe.c:3899 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 3899, 3898. |
| General Analysis |
flt_spoe.c:4204 |
Medium |
V778 |
Two similar code fragments were found. Perhaps, this is a typo and 'var_t_total' variable should be used instead of 'var_t_process'. |
| General Analysis |
port_range.h:66 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'ret'. Check lines: 66, 64. |
| General Analysis |
server.c:152 |
Medium |
V641 |
The size of the '& s->addr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
server.c:736 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'newsrv->conn_src.sport_range'. |
| General Analysis |
server.c:773 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 773, 771. |
| General Analysis |
server.c:839 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 839, 838. |
| General Analysis |
server.c:949 |
Medium |
V560 |
A part of conditional expression is always true: desc. |
| General Analysis |
server.c:963 |
Medium |
V560 |
A part of conditional expression is always true: desc. |
| General Analysis |
server.c:1128 |
Medium |
V768 |
The variable 'mode' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
server.c:1128 |
Medium |
V547 |
Expression '!mode' is always false. |
| General Analysis |
server.c:1172 |
Medium |
V768 |
The variable 'mode' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
server.c:1172 |
Medium |
V547 |
Expression '!mode' is always false. |
| General Analysis |
server.c:1636 |
High |
V570 |
The 'srv->check.alpn_len' variable is assigned to itself. |
| General Analysis |
server.c:2259 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 2259, 2258. |
| General Analysis |
server.c:2868 |
Medium |
V560 |
A part of conditional expression is always false: srv_op_state != SRV_ST_STOPPING. |
| General Analysis |
server.c:2931 |
Medium |
V560 |
A part of conditional expression is always false: srv_check_result != CHK_RES_CONDPASS. |
| General Analysis |
server.c:3428 |
Medium |
V785 |
Constant expression in switch statement. |
| General Analysis |
server.c:3465 |
Medium |
V785 |
Constant expression in switch statement. |
| General Analysis |
server.c:3554 |
Medium |
V641 |
The size of the '& s->addr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
server.c:3587 |
Medium |
V641 |
The size of the '& s->addr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
server.c:3904 |
Medium |
V641 |
The size of the '& s->addr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
server.c:4037 |
Medium |
V641 |
The size of the '& tmpsrv->addr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
server.c:4872 |
Medium |
V560 |
A part of conditional expression is always false: s->next_state == SRV_ST_STOPPED. |
| General Analysis |
checks.c:1112 |
Medium |
V560 |
A part of conditional expression is always true: !wrn. |
| General Analysis |
checks.c:1576 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
checks.c:1577 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
checks.c:2201 |
High |
V595 |
The 'cs' pointer was utilized before it was verified against nullptr. Check lines: 2201, 2225. |
| General Analysis |
checks.c:2261 |
High |
V595 |
The 'conn' pointer was utilized before it was verified against nullptr. Check lines: 2261, 2269. |
| General Analysis |
haproxy.c:575 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'child'. Check lines: 575, 568. |
| General Analysis |
haproxy.c:744 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer 'next_argv' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
chunk.h:94 |
Medium |
V522 |
Dereferencing of the null pointer 'str' might take place. The potential null pointer is passed into 'chunk_initstr' function. Inspect the second argument. Check lines: 'chunk.h:94', 'haproxy.c:1486', 'haproxy.c:1486'. |
| General Analysis |
haproxy.c:1592 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer 'oldpids' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
haproxy.c:2968 |
High |
V575 |
The null pointer is passed into 'getgroups' function. Inspect the second argument. |
| General Analysis |
haproxy.c:3040 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'children'. Check lines: 3040, 3030. |
| General Analysis |
haproxy.c:3177 |
High |
V575 |
The null pointer is passed into 'getgroups' function. Inspect the second argument. |
| General Analysis |
haproxy.c:3279 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tids'. Check lines: 3279, 3272. |
| General Analysis |
haproxy.c:3291 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'threads'. Check lines: 3291, 3273. |
| General Analysis |
haproxy.c:3299 |
High |
V781 |
The value of the 'i' variable is checked after it was used. Perhaps there is a mistake in program logic. Check lines: 3299, 3301. |
| General Analysis |
cfgparse.c:1996 |
Medium |
V1004 |
The 'value' pointer was used unsafely after it was verified against nullptr. Check lines: 1948, 1996. |
| General Analysis |
cfgparse.c:1979 |
High |
V774 |
The 'thisline' pointer was used after the memory was reallocated. |
| General Analysis |
cfgparse.c:1983 |
High |
V774 |
The 'thisline' pointer was used after the memory was reallocated. |
| General Analysis |
cfgparse.c:1985 |
High |
V774 |
The 'thisline' pointer was used after the memory was reallocated. |
| General Analysis |
cfgparse.c:1987 |
High |
V774 |
The 'thisline' pointer was used after the memory was reallocated. |
| General Analysis |
cfgparse.c:3003 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 3003, 3002. |
| General Analysis |
cfgparse.c:3410 |
Medium |
V1016 |
Expression 'arule->action <= ACT_ACTION_TRK_SCMAX' is always true. |
| General Analysis |
flt_http_comp.c:547 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:547 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:554 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:560 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:560 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:560 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'http_add_header' function. Consider inspecting the '__l' variable. |
| General Analysis |
flt_http_comp.c:566 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:566 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:570 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:570 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:723 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:723 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:741 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:799 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:981 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:981 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:986 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:993 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:993 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:1003 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:1003 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:1014 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
flt_http_comp.c:1014 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
flt_http_comp.c:1052 |
High |
V729 |
Function body contains the 'deinit_comp_ctx' label that is not used by any 'goto' statements. |
| General Analysis |
flt_http_comp.c:1277 |
Medium |
V555 |
The expression 'b_data(& chn->buf) - co_data(chn) > 0' will work as 'b_data(& chn->buf) != co_data(chn)'. |
| General Analysis |
http_fetch.c:83 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:85 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:257 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:1147 |
Medium |
V560 |
A part of conditional expression is always true: ctx. |
| General Analysis |
http_fetch.c:1194 |
Medium |
V560 |
A part of conditional expression is always true: ctx. |
| General Analysis |
http_fetch.c:1375 |
Medium |
V560 |
A part of conditional expression is always true: ctx. |
| General Analysis |
http_fetch.c:1422 |
Medium |
V560 |
A part of conditional expression is always true: ctx. |
| General Analysis |
http_fetch.c:1628 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:1628 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http_fetch.c:1641 |
High |
V529 |
Odd semicolon ';' after 'for' operator. |
| General Analysis |
http_fetch.c:1711 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:1711 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http_fetch.c:1723 |
High |
V529 |
Odd semicolon ';' after 'for' operator. |
| General Analysis |
http_fetch.c:1802 |
Medium |
V641 |
The size of the '& cli_conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
http_fetch.c:2145 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:2146 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:2148 |
Medium |
V560 |
A part of conditional expression is always true: !occ. |
| General Analysis |
http_fetch.c:2229 |
Medium |
V560 |
A part of conditional expression is always true: !occ. |
| General Analysis |
http_fetch.c:2310 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:2311 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:2679 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http_fetch.c:2679 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http_fetch.c:2769 |
Medium |
V641 |
The size of the '& cli_conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
dns.c:665 |
High |
V547 |
Expression 'dns_p->header.qdcount > 1' is always false. |
| General Analysis |
dns.c:698 |
High |
V547 |
Expression 'dns_query_record_id > 1' is always false. |
| General Analysis |
dns.c:893 |
Medium |
V641 |
The size of the '& dns_answer_record->address' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
dns.c:924 |
Medium |
V641 |
The size of the '& dns_answer_record->address' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
dns.c:925 |
Medium |
V641 |
The size of the '& tmp_record->address' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
dns.c:1017 |
Medium |
V641 |
The size of the '& record->address' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
dns.c:1139 |
Medium |
V612 |
An unconditional 'break' within a loop. |
| General Analysis |
dns.c:1538 |
Medium |
V547 |
Expression '!res' is always false. |
| General Analysis |
stick_table.c:1952 |
Medium |
V557 |
Array overrun is possible. The value of 'num' index could reach 9. |
| General Analysis |
stick_table.c:1954 |
Medium |
V557 |
Array overrun is possible. The value of 'num' index could reach 9. |
| General Analysis |
stick_table.c:1959 |
High |
V614 |
Potentially uninitialized pointer 'stkptr' used. Consider checking the first actual argument of the 'stkctr_entry' function. |
| General Analysis |
mux_h1.c:546 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:732 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:738 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:740 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:744 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:752 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:758 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:760 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:764 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:783 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:790 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:792 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:797 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:805 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:811 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:813 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:817 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:947 |
Medium |
V560 |
A part of conditional expression is always true: !ret. |
| General Analysis |
mux_h1.c:1355 |
High |
V547 |
Expression 'h1m->state == H1_MSG_TUNNEL' is always true. |
| General Analysis |
mux_h1.c:1545 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:1545 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h1.c:1547 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:1547 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h1.c:1551 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:1551 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
mux_h1.c:1575 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
mux_h1.c:1576 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
mux_h1.c:1869 |
High |
V595 |
The 'h1s' pointer was utilized before it was verified against nullptr. Check lines: 1869, 1871. |
| General Analysis |
peers.c:1969 |
Medium |
V519 |
The 'prev_state' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 1964, 1969. |
| General Analysis |
peers.c:2590 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'st'. Check lines: 2590, 2589. |
| General Analysis |
standard.c:684 |
Medium |
V560 |
A part of conditional expression is always false: sa->ss_family == 0. |
| General Analysis |
standard.c:694 |
Medium |
V560 |
A part of conditional expression is always false: sa->ss_family == 0. |
| General Analysis |
standard.c:701 |
Medium |
V560 |
A part of conditional expression is always false: sa->ss_family == 0. |
| General Analysis |
standard.c:709 |
Medium |
V560 |
A part of conditional expression is always false: sa->ss_family == 0. |
| General Analysis |
standard.c:766 |
Medium |
V560 |
A part of conditional expression is always false: sa->ss_family == 0. |
| General Analysis |
standard.c:2792 |
Medium |
V560 |
A part of conditional expression is always true: cnt. |
| General Analysis |
standard.c:3470 |
Medium |
V547 |
Expression 'out' is always true. |
| General Analysis |
standard.c:3545 |
Medium |
V769 |
The 'p' pointer in the 'p ++' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 3545, 3536. |
| General Analysis |
standard.c:3623 |
Medium |
V769 |
The 'out' pointer in the 'out + out_len' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. |
| General Analysis |
standard.c:3834 |
High |
V575 |
The null pointer is passed into 'free' function. Inspect the first argument. |
| General Analysis |
proxy.c:216 |
Medium |
V560 |
A part of conditional expression is always true: (warn = 0x00000008). |
| General Analysis |
proxy.c:233 |
Medium |
V560 |
A part of conditional expression is always true: (warn = 0x00000010). |
| General Analysis |
proxy.c:238 |
Medium |
V560 |
A part of conditional expression is always true: (warn = 0x00000020). |
| General Analysis |
proxy.c:353 |
High |
V547 |
Expression 'cap & 0x0002' is always false. |
| General Analysis |
proxy.c:481 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'hdr'. Check lines: 481, 480. |
| General Analysis |
proxy.c:1617 |
Medium |
V641 |
The size of the '& srv->addr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
cli.c:252 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'bind_conf'. |
| General Analysis |
cli.c:1152 |
High |
V595 |
The '* var' pointer was utilized before it was verified against nullptr. Check lines: 1152, 1155. |
| General Analysis |
cli.c:1655 |
Medium |
V1029 |
Numeric Truncation Error. Return value of the 'strlen' function is written to the 8-bit variable. |
| General Analysis |
log.c:452 |
Medium |
V575 |
The potential null pointer is passed into 'strncpy' function. Inspect the first argument. Check lines: 452, 451. |
| General Analysis |
log.c:751 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 751, 750. |
| General Analysis |
log.c:1429 |
Medium |
V507 |
Pointer to local array 'logheader_short' is stored outside the scope of this array. Such a pointer will become invalid. |
| General Analysis |
log.c:1687 |
High |
V501 |
There are identical sub-expressions '!logline_rfc5424' to the left and to the right of the '||' operator. |
| General Analysis |
log.c:1687 |
Medium |
V560 |
A part of conditional expression is always false: !logline_rfc5424. |
| General Analysis |
backend.c:728 |
Medium |
V641 |
The size of the '& conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
backend.c:1366 |
Medium |
V560 |
A part of conditional expression is always true: old_conn. |
| General Analysis |
backend.c:1689 |
Medium |
V581 |
The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 1687, 1689. |
| General Analysis |
backend.c:1691 |
Medium |
V581 |
The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 1689, 1691. |
| General Analysis |
backend.c:1995 |
Medium |
V575 |
The potential null pointer is passed into 'strlen' function. Inspect the first argument. Check lines: 1995, 1994. |
| General Analysis |
pattern.c:981 |
High |
V512 |
A call of the 'memset' function will lead to underflow of the buffer '& tmp6'. |
| General Analysis |
sample.c:115 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:115 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:115 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:123 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:123 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:123 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:131 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:131 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:139 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:139 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:139 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:147 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:147 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:147 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:155 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:155 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:155 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:163 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:163 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:163 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:171 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:171 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:171 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:179 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:179 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:179 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:187 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:187 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:187 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:195 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:195 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:195 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:203 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:203 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:203 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:211 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:211 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:211 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:219 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:219 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:219 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:227 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:227 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:227 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:235 |
High |
V501 |
There are identical sub-expressions to the left and to the right of the '|' operator: SMP_VAL___________ | SMP_VAL___________ |
| General Analysis |
sample.c:235 |
High |
V501 |
There are identical sub-expressions 'SMP_VAL___________' to the left and to the right of the '|' operator. |
| General Analysis |
sample.c:235 |
Medium |
V578 |
An odd bitwise operation detected. Consider verifying it. |
| General Analysis |
sample.c:753 |
Medium |
V1016 |
Expression 'smp->data.u.meth.meth < HTTP_METH_OTHER' is always true. |
| General Analysis |
stream_interface.c:236 |
Medium |
V796 |
It is possible that 'break' statement is missing in switch statement. |
| General Analysis |
stream_interface.c:402 |
Medium |
V612 |
An unconditional 'break' within a loop. |
| General Analysis |
stream_interface.c:1560 |
Medium |
V796 |
It is possible that 'break' statement is missing in switch statement. |
| General Analysis |
proto_tcp.c:1184 |
Medium |
V641 |
The size of the '& cli_conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
proto_tcp.c:1215 |
Medium |
V641 |
The size of the '& cli_conn->addr.to' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
proto_tcp.c:1430 |
Medium |
V641 |
The size of the '& cli_conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
proto_tcp.c:1475 |
Medium |
V641 |
The size of the '& cli_conn->addr.to' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
h1.c:124 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:124 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:157 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:157 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:159 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:159 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:161 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:161 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:452 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:459 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:611 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:789 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:789 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:792 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:792 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:804 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:804 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h1.c:834 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
h1.c:851 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h1.c:902 |
Medium |
V560 |
A part of conditional expression is always true: !skip_update. |
| General Analysis |
cfgparse-global.c:701 |
Medium |
V769 |
The 'global.desc' pointer in the 'global.desc + len' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 701, 699. |
| General Analysis |
cfgparse-global.c:701 |
Medium |
V769 |
The 'd' pointer in the expression could be nullptr. In such case, resulting value of arithmetic operations on this pointer will be senseless and it should not be used. Check lines: 701, 699. |
| General Analysis |
cfgparse-global.c:848 |
High |
V575 |
The null pointer is passed into 'free' function. Inspect the first argument. |
| General Analysis |
chunk.h:94 |
Medium |
V522 |
Dereferencing of the null pointer 'str' might take place. The potential null pointer is passed into 'chunk_initstr' function. Inspect the second argument. Check lines: 'chunk.h:94', 'cfgparse-global.c:890', 'cfgparse-global.c:890'. |
| General Analysis |
cache.c:698 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
cache.c:698 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
cache.c:708 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
cache.c:708 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
cache.c:932 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
cache.c:932 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
cache.c:1359 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
cache.c:1359 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
cache.c:1743 |
High |
V575 |
The null pointer is passed into 'free' function. Inspect the first argument. |
| General Analysis |
cache.c:1742 |
Medium |
V586 |
The 'free' function is called twice for deallocation of the same memory space. |
| General Analysis |
http_rules.c:379 |
Medium |
V1001 |
The 'cur_arg' variable is assigned but is not used by the end of the function. |
| General Analysis |
http_rules.c:918 |
Medium |
V1001 |
The 'cur_arg' variable is assigned but is not used by the end of the function. |
| General Analysis |
http_rules.c:1131 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 1131, 1130. |
| General Analysis |
http_rules.c:1167 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 1167, 1166. |
| General Analysis |
http_act.c:378 |
Medium |
V547 |
Expression '!len' is always false. |
| General Analysis |
http_act.c:385 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'hdr'. Check lines: 385, 384. |
| General Analysis |
tcp_rules.c:155 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:158 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:182 |
Medium |
V1016 |
Expression 'rule->action <= ACT_ACTION_TRK_SCMAX' is always true. |
| General Analysis |
tcp_rules.c:335 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:338 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:426 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:429 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:442 |
Medium |
V1016 |
Expression 'rule->action <= ACT_ACTION_TRK_SCMAX' is always true. |
| General Analysis |
tcp_rules.c:513 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:516 |
Medium |
V768 |
The variable 'ret' is of enum type. It is odd that it is used as a variable of a Boolean-type. |
| General Analysis |
tcp_rules.c:529 |
Medium |
V1016 |
Expression 'rule->action <= ACT_ACTION_TRK_SCMAX' is always true. |
| General Analysis |
tcp_rules.c:722 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'hdr'. Check lines: 722, 721. |
| General Analysis |
tcp_rules.c:930 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 930, 929. |
| General Analysis |
tcp_rules.c:1039 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'rule'. Check lines: 1039, 1038. |
| General Analysis |
connection.c:405 |
High |
V575 |
The null pointer is passed into 'recv' function. Inspect the second argument. |
| General Analysis |
connection.c:493 |
High |
V696 |
The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. Check lines: 493, 501. |
| General Analysis |
connection.c:618 |
Medium |
V641 |
The size of the '& conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:622 |
Medium |
V641 |
The size of the '& conn->addr.to' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:677 |
Medium |
V641 |
The size of the '& conn->addr.from' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:680 |
Medium |
V641 |
The size of the '& conn->addr.to' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:739 |
High |
V696 |
The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. Check lines: 739, 742. |
| General Analysis |
connection.c:809 |
High |
V696 |
The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. Check lines: 809, 817. |
| General Analysis |
connection.c:936 |
High |
V1010 |
Unchecked tainted data is used in the third argument: 'trash.data'. Check lines: 936, 929. |
| General Analysis |
connection.c:938 |
High |
V696 |
The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. Check lines: 938, 941. |
| General Analysis |
connection.c:1104 |
Medium |
V560 |
A part of conditional expression is always false: !src. |
| General Analysis |
connection.c:1105 |
Medium |
V560 |
A part of conditional expression is always false: !dst. |
| General Analysis |
connection.c:1108 |
Medium |
V547 |
Expression 'buf_len < (16 + (0))' is always false. |
| General Analysis |
connection.c:1141 |
Medium |
V641 |
The size of the 'src' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:1142 |
Medium |
V641 |
The size of the 'src' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:1150 |
Medium |
V641 |
The size of the 'dst' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
connection.c:1151 |
Medium |
V641 |
The size of the 'dst' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'. |
| General Analysis |
proto_uxst.c:359 |
Medium |
V560 |
A part of conditional expression is always true: msg. |
| General Analysis |
fd.c:560 |
Medium |
V560 |
A part of conditional expression is always false: !bp. |
| General Analysis |
queue.c:299 |
Medium |
V1004 |
The 'p' pointer was used unsafely after it was verified against nullptr. Check lines: 290, 299. |
| General Analysis |
flt_trace.c:305 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:381 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:396 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:411 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:470 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:495 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:512 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:524 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:536 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:547 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:561 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:592 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
flt_trace.c:612 |
Medium |
V1004 |
The 's' pointer was used unsafely after it was verified against nullptr. |
| General Analysis |
lb_chash.c:499 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'srv->lb_nodes'. Check lines: 499, 496. |
| General Analysis |
frontend.c:105 |
Medium |
V560 |
A part of conditional expression is always true: conn. |
| General Analysis |
proto_sockpair.c:161 |
Medium |
V560 |
A part of conditional expression is always true: msg. |
| General Analysis |
proto_sockpair.c:302 |
High |
V547 |
Expression 'send_fd_uxst(dst_fd, sv[0]) == - 1' is always false. |
| General Analysis |
compression.c:121 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'comp_type'. Check lines: 121, 120. |
| General Analysis |
compression.c:139 |
Medium |
V575 |
The potential null pointer is passed into 'memmove' function. Inspect the first argument. Check lines: 139, 138. |
| General Analysis |
compression.c:403 |
High |
V1028 |
Possible overflow. Consider casting operands of the 'items * size' operator to the 'long' type, not the result. |
| General Analysis |
htx.c:67 |
High |
V712 |
Be advised that compiler may delete this cycle or make it infinity. Use volatile variable(s) or synchronization primitives to avoid this. |
| General Analysis |
htx.c:67 |
High |
V715 |
The 'while' operator has empty body. Suspicious pattern detected: 'for (expr) {...} while (new < htx->used) ;'. |
| General Analysis |
regex.c:145 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'exp'. Check lines: 145, 143. |
| General Analysis |
http_htx.c:145 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
hpack-tbl.c:293 |
Medium |
V592 |
The expression was enclosed by parentheses twice: ((expression)). One pair of parentheses is unnecessary or misprint is present. |
| General Analysis |
shctx.c:111 |
High |
V595 |
The 'first' pointer was utilized before it was verified against nullptr. Check lines: 111, 127. |
| General Analysis |
sha1.c:293 |
Medium |
V1009 |
Check the array initialization. Only the first element is initialized explicitly. The rest elements are initialized with zeros. |
| General Analysis |
sha1.c:307 |
Medium |
V1032 |
The pointer 'hashout' is cast to a more strictly aligned pointer type. |
| General Analysis |
http.c:351 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:351 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:352 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:352 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:353 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:353 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:354 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:354 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:355 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:355 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:356 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:356 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:357 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:357 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
http.c:358 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
http.c:358 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
hpack-dec.c:79 |
Medium |
V547 |
Expression '!len' is always false. |
| General Analysis |
h2.c:59 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:59 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:245 |
Medium |
V1004 |
The 'list[idx].n.ptr' pointer was used unsafely after it was verified against nullptr. Check lines: 159, 245. |
| General Analysis |
h2.c:203 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:203 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:206 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:206 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:216 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:216 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:217 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:218 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:219 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:220 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:223 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:223 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:227 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:227 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:378 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:378 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:379 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:380 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:381 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:382 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:383 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:384 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:385 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:496 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:496 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:545 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:635 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:635 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:638 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:638 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:649 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:649 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:650 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:651 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:652 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:653 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:656 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:656 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:660 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:660 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:693 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:693 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:707 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:768 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:768 |
High |
V654 |
The condition '__x[++ __l]' of loop is always false. |
| General Analysis |
h2.c:768 |
High |
V567 |
Unspecified behavior. The order of argument evaluation is not defined for 'htx_add_stline' function. Consider inspecting the '__l' variable. |
| General Analysis |
h2.c:860 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:860 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:871 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:871 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:872 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:873 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:874 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:875 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:955 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:955 |
Medium |
V547 |
Expression '__x' is always true. |
| General Analysis |
h2.c:956 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:957 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:958 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:959 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:960 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:961 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
h2.c:962 |
High |
V654 |
The condition '__x[++ __l]' of loop is always true. |
| General Analysis |
arg.c:147 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'arg'. Check lines: 147, 127. |
| General Analysis |
http_msg.c:58 |
Medium |
V763 |
Parameter 'sol' is always rewritten in function body before being used. |
| General Analysis |
http_msg.c:123 |
Medium |
V763 |
Parameter 'sol' is always rewritten in function body before being used. |
| General Analysis |
http_msg.c:192 |
Medium |
V763 |
Parameter 'sol' is always rewritten in function body before being used. |
