/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2175: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 0".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4849: unchecked_value: No check of the return value of "get_token(fp, token, 128)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2175: example_checked: "get_token(fp, token, 128)" has its value checked in "(type = get_token(fp, token, 128)) != 0".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4987: unchecked_value: No check of the return value of "get_token(fp, token, 128)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_index.c:638: example_checked: "sprint_realloc_objid(&sbuf, &sbuf_len, &sout_len, 1, idxptr->varbind->name, idxptr->varbind->name_length)" has its value checked in "sprint_realloc_objid(&sbuf, &sbuf_len, &sout_len, 1, idxptr->varbind->name, idxptr->varbind->name_length)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/cache_handler.c:246: unchecked_value: No check of the return value of "sprint_realloc_objid((u_char **)&buf, &buf_len, &out_len, 1, pos->rootoid, pos->rootoid_len)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:402: example_checked: "register_mib("mibII/ipv6udp", (struct variable *)ipv6udp_variables, sizeof (struct variable2) /*40*/, 1UL, ipv6udp_variables_oid, 8UL)" has its value checked in "register_mib("mibII/ipv6udp", (struct variable *)ipv6udp_variables, sizeof (struct variable2) /*40*/, 1UL, ipv6udp_variables_oid, 8UL) != 0".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1157: unchecked_value: No check of the return value of "register_mib("smux", (struct variable *)smux_variables, sizeof (struct variable2) /*40*/, 1UL, nrptr->sr_name, nrptr->sr_name_len)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:233: operator_confusion: entry->flags | 0x10000000 is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '&' rather than '|'?

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_common.c:438: operator_confusion: flags | 1UL is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '&' rather than '|'?

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpTables_common.c:446: operator_confusion: flags | 1UL is always 1/true regardless of the values of its operand. This occurs as the logical operand of if. Did you intend to use '&' rather than '|'?

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:506: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:512: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:523: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:528: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:537: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:204: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:257: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:262: result_independent_of_operands: (rval = -1) != 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:419: operator_confusion: tlsdata->flags | 1 is always 1/true regardless of the values of its operand. This occurs as the logical first operand of '&&'. Did you intend to use '&' rather than '|'?

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:797: assignment: Assigning: "new2" = "NULL".

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:827: dead_error_line: Execution cannot reach this statement "return netsnmp_subtree_load...".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:815: cannot_single: After this line (or expression), the value of "value" cannot be 0.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:903: dead_error_line: Execution cannot reach this statement "*vars->val.integer = 0L;".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:771: assignment: Assigning: "enable" = "1".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:813: dead_error_line: Execution cannot reach this statement "netsnmp_disable_this_loghan...".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:800: equality_cond: Condition "enable" is evaluated as true.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_logging.c:799: dead_error_line: Execution cannot reach this statement "netsnmp_disable_this_loghan...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:178: cannot_single: After this line (or expression), the value of "entry" cannot be 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/data_access/ipaddress_ioctl.c:246: dead_error_begin: Execution cannot reach this statement "rc = -3;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/data_access/swrun_procfs_status.c:119: cannot_single: After this line (or expression), the value of "cp" cannot be 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/data_access/swrun_procfs_status.c:148: dead_error_begin: Execution cannot reach this statement "memcpy(entry->hrSWRunPath, ...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:550: assignment: Assigning: "LowIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_disk.c:578: dead_error_line: Execution cannot reach this expression "disk_idx < LowIndex" inside statement "if (!exact && result < 0 &&...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_network.c:104: assignment: Assigning: "LowIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_network.c:126: dead_error_line: Execution cannot reach this expression "net_idx < LowIndex" inside statement "if (!exact && result < 0 &&...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_partition.c:120: assignment: Assigning: "LowPartIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_partition.c:183: dead_error_line: Execution cannot reach this statement "if (LowDiskIndex < HRP_Disk...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_print.c:98: assignment: Assigning: "LowIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_print.c:124: dead_error_line: Execution cannot reach this expression "print_idx < LowIndex" inside statement "if (!exact && result < 0 &&...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_proc.c:97: assignment: Assigning: "LowIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hr_proc.c:123: dead_error_line: Execution cannot reach this expression "proc_idx < LowIndex" inside statement "if (!exact && result < 0 &&...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:152: assignment: Assigning: "LowIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_filesys.c:175: dead_error_line: Execution cannot reach this expression "fsys_idx < LowIndex" inside statement "if (!exact && result < 0 &&...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:184: assignment: Assigning: "LowIndex" = "-1".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/host/hrh_storage.c:264: dead_error_line: Execution cannot reach this expression "storage_idx < LowIndex" inside statement "if (!exact && result < 0 &&...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2605: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable.c:2661: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:926: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/inetCidrRouteTable/inetCidrRouteTable_interface.c:933: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:736: assignment: Assigning: "rc" = "0".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:747: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:749: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:756: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:776: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-forward-mib/ipCidrRouteTable/ipCidrRouteTable_interface.c:783: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1753: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ip-mib/inetNetToMediaTable/inetNetToMediaTable.c:1811: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:430: new_values: Noticing condition "var_val_type != 64".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:438: dead_error_begin: Execution cannot reach this statement "snmp_log(3, "not IP address...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:505: new_values: Noticing condition "var_val_type != 64".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:513: dead_error_begin: Execution cannot reach this statement "snmp_log(3, "not right5");".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:541: cannot_single: After this line (or expression), the value of "ap" cannot be 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/vacm_conf.c:546: dead_error_begin: Execution cannot reach this statement "config_perror("failed to cr...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1576: assignment: Assigning: "len" = "1500UL".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1621: dead_error_line: Execution cannot reach this statement "return NULL;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1576: assignment: Assigning: "len" = "1500UL".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1646: dead_error_line: Execution cannot reach this statement "return NULL;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1865: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable.c:1927: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:810: new_values: Noticing condition "0 != rc".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/snmp-notification-mib/snmpNotifyFilterTable/snmpNotifyFilterTable_interface.c:818: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/data_access/tcpConn_linux.c:260: assignment: Assigning: "rc" = "0".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/tcp-mib/data_access/tcpConn_linux.c:399: dead_error_line: Execution cannot reach this statement "return rc;".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable_data_access.c:239: cannot_single: After this line (or expression), the value of "ep_c" cannot be 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/udp-mib/udpEndpointTable/udpEndpointTable_data_access.c:243: dead_error_begin: Execution cannot reach this statement "netsnmp_access_udp_endpoint...".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: new_values: Noticing condition "units".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_line: Execution cannot reach this expression "convert_units(hssize - hsused, units, 1024UL)" inside statement "printf("%-18s %15lu %15lu %...".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: new_values: Noticing condition "units".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_line: Execution cannot reach this expression "convert_units(hsused, units, 1024UL)" inside statement "printf("%-18s %15lu %15lu %...".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: new_values: Noticing condition "units".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdf.c:367: dead_error_line: Execution cannot reach this expression "convert_units(hssize, units, 1024UL)" inside statement "printf("%-18s %15lu %15lu %...".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:252: new_values: Noticing condition "rc <= 0".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:267: dead_error_line: Execution cannot reach this statement "if (SSL_get_error(tlsdata->...".

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1583: var_compare_op: Comparing "sub" to null implies that "sub" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_registry.c:1597: var_deref_op: Dereferencing null variable "sub".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:804: assign_zero: Assigning: "vars->val.string" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:816: var_deref_op: Dereferencing null variable "vars->val.string".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5159: assign_zero: Assigning: "orp" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5378: var_deref_op: Dereferencing null variable "orp".

jsafranek: false positive? If orp is NULL, isp->requests must equal to rp (it's the first iteration of the for loop), i.e. the code won't reach here.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5354: var_compare_op: Comparing "sp->contextEngineID" to null implies that "sp->contextEngineID" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5360: var_deref_model: Passing null variable "sp->contextEngineID" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5341: var_compare_op: Comparing "sp->securityEngineID" to null implies that "sp->securityEngineID" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5347: var_deref_model: Passing null variable "sp->securityEngineID" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6267: assign_zero: Assigning: "orp" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6328: var_deref_op: Dereferencing null variable "orp".

jsafranek: false positive? If orp is NULL, isp->requests must equal to rp (it's the first iteration of the for loop), i.e. the code won't reach here.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:517: deref_parm_in_call: Function "strcasecmp" dereferences parameter "token". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:618: var_deref_model: Passing null variable "cptr" to function "strlen", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:769: var_compare_op: Comparing "template_v2pdu" to null implies that "template_v2pdu" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_trap.c:808: var_deref_op: Dereferencing null variable "template_v2pdu".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1841: var_compare_op: Comparing "np" to null implies that "np" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:1845: var_deref_op: Dereferencing null variable "np".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:393: var_compare_op: Comparing "ereg" to null implies that "ereg" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/extend.c:411: var_deref_op: Dereferencing null variable "ereg".

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:2313: assign_zero: Assigning: "asp->bulkcache" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:2384: var_deref_op: Dereferencing null variable "asp->bulkcache".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:296: var_compare_op: Comparing "cp" to null implies that "cp" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteEventConf.c:299: var_deref_model: Passing null variable "cp" to function "strtol", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:692: alias_transfer: Assigning null: "vp2" = "dvar".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:701: var_deref_op: Dereferencing null variable "vp2".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:721: var_deref_op: Dereferencing null variable "vp2_prev".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:736: var_deref_op: Dereferencing null variable "vp2_prev".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:793: var_deref_op: Dereferencing null variable "vp2".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:802: var_deref_op: Dereferencing null variable "vp2".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:933: var_deref_op: Dereferencing null variable "vp2".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:942: var_deref_op: Dereferencing null variable "vp2".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifTable/ifTable.c:463: var_compare_op: Comparing "tmp_descr" to null implies that "tmp_descr" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifTable/ifTable.c:489: var_deref_model: Passing null variable "tmp_descr" to function "memcpy", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

jsafranek: false positive, ifDescr_val_ptr_len_ptr is 0 when tmp_descr is NULL

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1334: assign_zero: Assigning: "bestptr" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:1343: var_deref_op: Dereferencing null variable "bestptr".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:366: var_compare_op: Comparing "rptr" to null implies that "rptr" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:549: var_deref_op: Dereferencing null variable "rptr".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/keytools.c:593: var_compare_op: Comparing "newkey" to null implies that "newkey" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/keytools.c:641: var_deref_model: Passing null variable "newkey" to function "memset", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c:316: var_compare_op: Comparing "entry" to null implies that "entry" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/disk_hw.c:317: var_deref_op: Dereferencing null variable "entry".

jsafranek: TODO, the function is messed up. Fixing this error just enters endless loop ('entry' will be the same)

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:885: assign_zero: Assigning: "addr_string" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmp_agent.c:921: var_deref_model: Passing null variable "addr_string" to function "strstr", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:132: var_compare_op: Comparing "exceptfds" to null implies that "exceptfds" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:138: var_deref_op: Dereferencing null variable "exceptfds".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:128: var_compare_op: Comparing "readfds" to null implies that "readfds" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:138: var_deref_op: Dereferencing null variable "readfds".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:130: var_compare_op: Comparing "writefds" to null implies that "writefds" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/large_fd_set.c:138: var_deref_op: Dereferencing null variable "writefds".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:3038: deref_var: Dereferencing "cp", which equals a pointer parameter.

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptranslate.c:329: var_compare_op: Comparing "current_name" to null implies that "current_name" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4007: var_compare_op: Comparing "context" to null implies that "context" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4245: var_deref_op: Dereferencing null variable "context".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6264: var_assign_parm: Assigning: "slp" = "sessp".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6273: deref_var: Dereferencing "slp", which equals a pointer parameter.

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:799: var_deref_model: Passing null variable "oid_arr_len" to function "__concat_oid_str", which dereferences it.

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:860: deref_parm: Directly dereferencing parameter "doid_arr_len".

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2337: assign_zero: Assigning: "val_tuple" = 0.

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2559: var_deref_op: Dereferencing null variable "val_tuple".

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2075: var_compare_op: Comparing "varlist_iter" to null implies that "varlist_iter" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:2105: var_deref_op: Dereferencing null variable "varlist_iter".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:802: var_compare_op: Comparing "fp" to null implies that "fp" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:804: var_deref_model: Passing null variable "fp" to function "fclose", which dereferences it.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1177: var_compare_op: Comparing "key" to null implies that "key" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1182: var_deref_op: Dereferencing null variable "key".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:1034: var_compare_op: Comparing "olength" to null implies that "olength" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:1063: var_deref_op: Dereferencing null variable "olength".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:151: var_compare_op: Comparing "t" to null implies that "t" might be null.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSTCPDomain.c:154: var_deref_op: Dereferencing null variable "t".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4741: unterminated_case: This case (value 45) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:4773: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1109: unterminated_case: This case (value 20) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1111: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1106: unterminated_case: This case (value 48) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_dataset.c:1108: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:501: unterminated_case: This case (value 7) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/route_write.c:524: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:171: unterminated_case: This case (value 104) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/apps/encode_keychange.c:173: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3151: unterminated_case: This case (value 2) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3153: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:2719: unterminated_case: This case (value -46) is not terminated by a 'break' statement.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:2730: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:1083: fallthrough: The above case falls through to this one.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:234: var_assign: Assigning: signed variable "vmstatfd" = "open".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:230: negative_returns: "vmstatfd" is passed to a parameter that cannot be negative.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:123: var_assign: Assigning: signed variable "statfd" = "open".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:118: negative_returns: "statfd" is passed to a parameter that cannot be negative.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:1044: var_assign: Assigning: signed variable "fd" = "socket".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:1053: negative_returns: "fd" is passed to a parameter that cannot be negative.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:178: var_assign: Assigning: signed variable "viewIdx" = "se_find_value_in_slist".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:190: negative_returns: Using variable "viewIdx" as an index to array "entry->views".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:333: negative_returns: Using variable "viewIdx" as an index to array "entry->views".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsVacmAccessTable.c:343: negative_returns: Using variable "viewIdx" as an index to array "entry->views".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_debug.c:372: neg_sink_parm_call: Passing "len" to "sprint_realloc_hexstring", which cannot accept a negative.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: parm_loop_bound: Using unsigned parameter "len" in a loop exit test.

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1056: var_assign: Assigning: signed variable "uid" = "netsnmp_ds_get_int".

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1076: negative_returns: "uid" is passed to a parameter that cannot be negative.

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1039: var_assign: Assigning: signed variable "gid" = "netsnmp_ds_get_int".

/builddir/build/BUILD/net-snmp-5.7.1/agent/snmpd.c:1042: negative_returns: "gid" is passed to a parameter that cannot be negative.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1370: var_assigned: Assigning: "sptr" = null return value from "find_sec_mod".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1393: dereference: Dereferencing a null pointer "sptr".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:895: var_assigned: Assigning: "cp" = null return value from "strrchr".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:896: dereference: Incrementing a pointer which might be null: "cp".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2802: var_assigned: Assigning: "fp" = null return value from "fopen".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:2803: dereference: Dereferencing a pointer that might be null "fp" when calling "fgets".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:424: var_assigned: Assigning: "debug_entry" = null return value from "netsnmp_extract_iterator_context".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsDebug.c:426: dereference: Dereferencing a null pointer "debug_entry".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsLogging.c:353: var_assigned: Assigning: "logh" = null return value from "netsnmp_extract_iterator_context".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/agent/nsLogging.c:366: dereference: Dereferencing a null pointer "logh".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:322: var_assigned: Assigning: "t" = null return value from "snmp_sess_transport".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:323: dereference: Dereferencing a null pointer "t".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1076: strlen_assign: Setting variable "session->community_len" to the return value of strlen called with argument "cp".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1077: alloc_strlen: Allocating insufficient memory for the terminating null of the string.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5677: alias: Assigning: "pptr" = "isp->packet".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:5811: overrun-dbuffer-arg: Overrunning dynamic array "isp->packet" of size 65536 bytes by passing it to a function which indexes it with argument "isp->packet_len" at position 2147483645.

jsafranek: looks like a false positive, isp->packet_len cannot grow over 65536

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifXTable/ifXTable.c:425: strlen_assign: Setting variable "tmp_len" to a value computed using function strlen.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/ifXTable/ifXTable.c:431: alloc_strlen: Allocating insufficient memory for the terminating null of the string.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:440: alias: Assigning: "op" = "s".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:456: overrun-local: Overrunning dynamic array "op" of size 0 bytes at position 0.

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptable.c:535: var_assign: Assigning: "column" = "malloc(sizeof (*column) /*32*/)".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptable.c:567: overrun-local: Overrunning dynamic array "column" of size 32 bytes at position 32 with index variable "field".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:361: alloc_strlen: Allocating insufficient memory for the terminating null of the string.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:423: alloc_strlen: Allocating insufficient memory for the terminating null of the string.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2699: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2700: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2710: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2711: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2717: overrun-string: Static array "defbuf" of size 512 is overrun if the index used is too large.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/schedule/schedTable.c:463: overrun-buffer-arg: Overrunning static array "entry->schedContextName" of size 32 bytes by passing it to a function which indexes it with argument "33UL" at byte position 32.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:729: overrun-string: Static array "line" of size 1024 is overrun if the index used is too large.

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_sql.c:445: overrun-local: Overrunning static array of size 8 bytes at byte position 8 by indexing pointer "not_argv" with index variable "i".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_sql.c:445: overrun-local: Note: These bugs are often difficult to see at first glance. Coverity recommends a close inspection of the events leading to this overrun.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:178: assignment: Assigning: "len" = "sizeof (line) /*2048*/".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:181: overrun-buffer-arg: Overrunning static array "line" of size 2048 bytes by passing it to a function which indexes it with argument "len" at byte position 2048.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:372: overrun-buffer-val: Overrunning struct type struct sockaddr_in6 of size 28 bytes by passing it as an argument to a function which indexes it at byte position 59.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:177: access_dbuff_const: Calling "memcpy" indexes array "addr" with index "sizeof (netsnmp_indexed_addr_pair) /*60*/" at byte position 59.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTCPIPv6Domain.c:346: overrun-buffer-val: Overrunning struct type struct sockaddr_in6 of size 28 bytes by passing it as an argument to a function which indexes it at byte position 59.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-buffer-val: Overrunning static array "&mask.__in6_u.__u6_addr8[j] + 1" of size 16 bytes by passing it as an argument to a function which indexes it at byte position 16.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-local: Overrunning static array of size 16 bytes at byte position 16 by indexing pointer "&mask.__in6_u.__u6_addr8[j]" with index variable "1" through dereference in call to "memset".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUDPIPv6Domain.c:534: overrun-local: Note: These bugs are often difficult to see at first glance. Coverity recommends a close inspection of the events leading to this overrun.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:298: var_assign: Assigning: "lastnode" = "*list".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:382: leaked_storage: Variable "list" going out of scope leaks the storage it points to.

jsafranek: false positive, se_add_pair_to_list() allocates new list only if created == 0 (-> the list is then added to sliststorage)

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4883: var_assign: Assigning: "packet" = "pktbuf".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:4894: leaked_storage: Variable "packet" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6208: var_assign: Assigning: "packet" = "pktbuf".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:6222: leaked_storage: Variable "packet" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:93: var_assign: Assigning: "reginfo" = storage returned from "calloc(1UL, sizeof (netsnmp_handler_registration) /*80*/)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:107: leaked_storage: Variable "reginfo" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:98: var_assign: Assigning: "vp" = storage returned from "netsnmp_duplicate_variable((struct variable *)((char *)var + varsize * i))".

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/old_api.c:107: leaked_storage: Variable "vp" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2012: var_assign: Assigning: "np" = storage returned from "alloc_node(nop->modid)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2028: leaked_storage: Variable "np" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2044: var_assign: Assigning: "oldnp" = "np".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/parse.c:2044: overwrite_var: Overwriting "oldnp" in call "oldnp = np" leaks the storage that "oldnp" points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:577: var_assign: Assigning: "g" = storage returned from "calloc(1UL, sizeof (netsnmp_request_group) /*72*/)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:580: leaked_storage: Variable "g" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:578: var_assign: Assigning: "i" = storage returned from "calloc(1UL, sizeof (netsnmp_request_group_item) /*24*/)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_array.c:580: leaked_storage: Variable "i" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/agent_handler.c:950:53: noescape: "netsnmp_request_add_list_data" does not free or save its pointer parameter "request".

/builddir/build/BUILD/net-snmp-5.7.1/agent/helpers/table_iterator.c:651: leaked_storage: Variable "reqtmp" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:579: var_assign: Assigning: "devin" = storage returned from "fopen("/proc/net/dev", "r")".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/if-mib/data_access/interface_linux.c:592: leaked_storage: Variable "devin" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpCallbackDomain.c:380: var_assign: Assigning: "t" = storage returned from "calloc(1UL, sizeof (netsnmp_transport) /*168*/)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpCallbackDomain.c:389: leaked_storage: Variable "t" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_client.c:1392:47: noescape: "netsnmp_query_walk" does not free or save its pointer parameter "list".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:258: leaked_storage: Variable "var" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "dvar" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "vp2" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:314: overwrite_var: Overwriting "vp1_prev" in call "vp1_prev = vp1" leaks the storage that "vp1_prev" points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:315: overwrite_var: Overwriting "vp1" in call "vp1 = vp1->next_variable" leaks the storage that "vp1" points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:615: leaked_storage: Variable "var" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:627: leaked_storage: Variable "var" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "var" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/disman/event/mteTrigger.c:715: leaked_storage: Variable "vp1" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:419: overwrite_var: Overwriting "hciptrp" in call "hciptrp = hciptrp->prev" leaks the storage that "hciptrp" points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/header_complex.c:425: leaked_storage: Variable "ourself" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:188: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyFilterProfileTable.c:197: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:520:50: noescape: "snmpNotifyTable_add" does not free or save its pointer parameter "thedata".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:397: leaked_storage: Variable "nptr" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:350: leaked_storage: Variable "pptr" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:367: leaked_storage: Variable "pptr" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:576: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/notification/snmpNotifyTable.c:585: leaked_storage: Variable "StorageTmp" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:375: leaked_storage: Variable "s" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:378: leaked_storage: Variable "s" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:34: noescape: Variable "f" is not freed or pointed-to in function "fscanf".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:38: leaked_storage: Variable "f" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:139: leaked_storage: Variable "f" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/sctp-mib/sctpScalars_linux.c:144: leaked_storage: Variable "f" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:141: var_assign: Assigning: "aptr" = storage returned from "calloc(1UL, sizeof (smux_peer_auth) /*2064*/)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/smux/smux.c:148: leaked_storage: Variable "aptr" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:361: var_assign: Assigning: "pdu" = storage returned from "snmp_pdu_create(reqinfo->mode)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:404: leaked_storage: Variable "pdu" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:366: var_assign: Assigning: "pdu" = storage returned from "snmp_pdu_create(163)".

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/proxy.c:404: leaked_storage: Variable "pdu" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_log.c:998: var_assign: Assigning: "temp_buf" = storage returned from "calloc(tbuf_len, 1UL)".

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd_log.c:1023: leaked_storage: Variable "temp_buf" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2036: noescape: Variable "netsnmp_openssl_cert_get_fingerprint(cert, -1)" is not freed or pointed-to in function "debugmsg".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:2036: noescape: Variable "netsnmp_openssl_cert_get_fingerprint(cert, -1)" is not freed or pointed-to in function "debugmsgtoken".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:596: var_assign: Assigning: "rtn" = storage returned from "netsnmp_binary_array_get_subset(container, data, &len)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:598: leaked_storage: Variable "rtn" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:244: var_assign: Assigning: "info" = storage returned from "calloc(1UL, sizeof (netsnmp_data_list_saveinfo) /*48*/)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/data_list.c:277: leaked_storage: Variable "info" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1269: var_assign: Assigning: "pdu" = storage returned from "snmp_pdu_create(160)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_api.c:1283: leaked_storage: Variable "pdu" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:298: var_assign: Assigning: "lastnode" = "*list".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_enum.c:316: leaked_storage: Variable "list" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:274:35: noescape: "memdup" does not free or save its pointer parameter "from".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmptsm.c:368: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4293: leaked_storage: Variable "userKeyP" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4312: leaked_storage: Variable "userKeyP" going out of scope leaks the storage it points to.

jsafranek: false positive, read_config_read_octet_string() allocates only if the second argument is NULL

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:3507:23: noescape: "usm_get_user" does not free or save its pointer parameter "engineID".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmpusm.c:4198: leaked_storage: Variable "engineID" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:229: var_assign: Assigning: "cachep" = storage returned from "calloc(1UL, sizeof (bio_cache) /*88*/)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:235: leaked_storage: Variable "cachep" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:145: var_assign: Assigning: "fingerprint" = storage returned from "netsnmp_openssl_cert_get_fingerprint(remote_cert, -1)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:189: leaked_storage: Variable "fingerprint" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:948: leaked_storage: Variable "addr_pair" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpDTLSUDPDomain.c:948: leaked_storage: Variable "tmStateRef" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:77: noescape: Variable "fingerprint" is not freed or pointed-to in function "debugmsg".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpTLSBaseDomain.c:131: leaked_storage: Variable "fingerprint" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/read_config.c:2061: var_assign: Assigning: "*objid" = "malloc(1024UL)".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/vacm.c:189: leaked_storage: Variable "viewSubtree" going out of scope leaks the storage it points to.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1182: deref_ptr: Directly dereferencing pointer "key".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/cert_util.c:1188: check_after_deref: Dereferencing "key" before a null check.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:490: deref_ptr: Directly dereferencing pointer "c".

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/container_binary_array.c:498: check_after_deref: Dereferencing "c" before a null check.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1259: secure_temp: Calling "mkstemp" without securely setting umask first.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs.c:134: secure_temp: Calling "mkstemp" without securely setting umask first.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1041: buffer_alloc: "netsnmp_malloc(sizeof (in_addr_t) /*4*/)" allocates memory.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:118: buffer_alloc: "malloc" allocates memory determined by parameter "size" of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/tools.c:118: return_dbuffer: Returning allocated array "malloc(size)".

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:1041: size_error: Allocating 4 bytes to pointer "vars->val.integer", which needs at least 8 bytes.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:361: size_is_strlen: Calling allocating function "malloc" with function argument "strlen(addr->sun_path)". Did you intend to add 1 to the byte count?

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/transports/snmpUnixDomain.c:423: size_is_strlen: Calling allocating function "malloc" with function argument "strlen(addr->sun_path)". Did you intend to add 1 to the byte count?

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpnetstat/inet.c:252: suspicious_sizeof: Passing argument "root" of type "oid *" and argument "sizeof (root) /*8*/ * root_len" to function "memmove" is suspicious. Did you intend to use "sizeof(*root)" instead of "sizeof (root)" ? In this particular case sizeof(oid *) happens to be equal to sizeof(oid), but this is not a portable assumption.

/builddir/build/BUILD/net-snmp-5.7.1/perl/OID/OID.xs:128: suspicious_sizeof: Passing argument "buf" of type "char *" and argument "sizeof (buf) /*8*/" to function "snprint_bitstring" is suspicious.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1205: fixed_size_dest: You might overrun the 4096 byte fixed-size string "buf" by copying "entry" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:213: fixed_size_dest: You might overrun the 512 byte fixed-size string "Opts" by copying "localOpts" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/snmp_parse_args.c:213: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:75: fixed_size_dest: You might overrun the 4096 byte fixed-size string "cpu->descr" by copying "cp + 2" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu_linux.c:83: fixed_size_dest: You might overrun the 4096 byte fixed-size string "cpu->descr" by copying "cp" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/system.c:1257: fixed_size_dest: You might overrun the 4096 byte fixed-size string "name" by copying the return value of "get_temp_file_pattern" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:658: fixed_size_dest: You might overrun the 16 byte fixed-size string "ifr.ifr_ifrn.ifrn_name" by copying "name" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/etherlike-mib/data_access/dot3stats_linux.c:658: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu.c:145: fixed_size_dest: You might overrun the 4096 byte fixed-size string "cpu->name" by copying "name" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/cpu/cpu.c:145: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/sensors/hw_sensors.c:166: fixed_size_dest: You might overrun the 256 byte fixed-size string "sp->name" by copying "name" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/hardware/sensors/hw_sensors.c:166: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:165: fixed_size_dest: You might overrun the 16 byte fixed-size string "ifr.ifr_ifrn.ifrn_name" by copying "name" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/rmon-mib/data_access/etherstats_linux.c:165: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:873: fixed_size_dest: You might overrun the 1500 byte fixed-size string "string" by copying "temp_struct->params" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/target/snmpTargetAddrEntry.c:863: fixed_size_dest: You might overrun the 1500 byte fixed-size string "string" by copying "temp_struct->tagList" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/versioninfo.c:111: fixed_size_dest: You might overrun the 300 byte fixed-size string "errmsg" by copying the return value of "netsnmp_get_version" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/ucd-snmp/versioninfo.c:121: fixed_size_dest: You might overrun the 300 byte fixed-size string "errmsg" by copying "cptr" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/util_funcs.c:132: fixed_size_dest: You might overrun the 32 byte fixed-size string "name" by copying the return value of "get_temp_file_pattern" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmpdelta.c:474: fixed_size_dest: You might overrun the 64 byte fixed-size string "vip->descriptor" by copying "SumFile" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/apps/snmptrapd.c:436: fixed_size_dest: You might overrun the 8192 byte fixed-size string "buf" by copying "default_port" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:938: fixed_size_dest: You might overrun the 4096 byte fixed-size string "soid_buf" by copying "soid_str" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:938: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4844: fixed_size_dest: You might overrun the 4096 byte fixed-size string "str_buf_temp" by copying "iid" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/perl/SNMP/SNMP.xs:4841: fixed_size_dest: You might overrun the 4096 byte fixed-size string "str_buf_temp" by copying "label" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:857: fixed_size_dest: You might overrun the 4096 byte fixed-size string "soid_buf" by copying "soid_str" without checking the length.

/builddir/build/BUILD/net-snmp-5.7.1/python/netsnmp/client_intf.c:857: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2253: var_assign_var: Assigning: "if_index" = "last_if_count". Both are now tainted.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2254: tainted_data: Passing tainted variable "sizeof (struct if_nameindex) /*16*/ * (last_if_count + 2)" to a tainted sink.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2259: tainted_data: Using tainted variable "if_index" as a loop boundary.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2265: tainted_data: Using tainted variable "if_index" as a loop boundary.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2259: tainted_data: Using tainted variable "if_index" as a loop boundary.

/builddir/build/BUILD/net-snmp-5.7.1/agent/mibgroup/mibII/ipv6.c:2265: tainted_data: Using tainted variable "if_index" as a loop boundary.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:358: var_assign_parm: Assigning: "line_len" = "len". "line_len" is now tainted.

/builddir/build/BUILD/net-snmp-5.7.1/snmplib/mib.c:360: a_loop_bound: Using tainted variable "line_len" as a loop boundary.

jsafranek: false positive, there is _asn_parse_length_check protecting the length