Related Papers

• ICSE'25: Boosting Path-Sensitive Value Flow Analysis via Removal of Redundant Summaries
  Yongchao Wang, Yuandao Cai, Charles Zhang
  The ACM/IEEE International Conference on Software Engineering
  
• TSE'25: Fast and Precise Static Null Exception Analysis with Synergistic Preprocessing
  Yi Sun, Chengpeng Wang, Gang Fan, Qingkai Shi, Xiangyu Zhang
  The IEEE Transactions on Software Engineering
  
• PLDI'24: Falcon: A Fused Approach to Path-Sensitive Sparse Data Dependence Analysis
  Peisen Yao, Jinguo Zhou, Xiao Xiao, Qingkai Shi, Rongxin Wu, Charles Zhang
  The ACM SIGPLAN Conference on Programming Language Design and Implementation
  
• ISSTA'24: Precise Compositional Buffer Overflow Detection via Heap Disjointness
  Yiyuan Guo, Peisen Yao, Charles Zhang
  The ACM SIGSOFT International Symposium on Software Testing and Analysis
  
• ICSE'24: A Two-Layer Persistent Summary Design for Taming Third-Party Libraries in Static Bug-Finding Systems
  Rongxin Wu, Yuxuan He, Jiafeng Huang, Chengpeng Wang, Wensheng Tang, Qingkai Shi, Xiao Xiao, Charles Zhang
  The ACM/IEEE International Conference on Software Engineering
  
• TOSEM'24: Octopus: Scaling Value-Flow Analysis via Parallel Collection of Realizable Path Conditions
  Wensheng Tang, Dejun Dong, Shijie Li, Chengpeng Wang, Peisen Yao, Jinguo Zhou, and Charles Zhang
  The ACM Transactions on Software Engineering and Methodology
  
• USENIX Security'23: Place Your Locks Well: Understanding and Detecting Lock Misuse Bugs
  Yuandao Cai, Peisen Yao, Chengfeng Ye, Charles Zhang
  The USENIX Security Symposium
  
• TOSEM'23: Anchor: Fast and Precise Value-Flow Analysis for Containers via Memory Orientation
  Chengpeng Wang, Wenyang Wang, Peisen Yao, Qingkai Shi, Jinguo Zhou, Xiao Xiao, Charles Zhang
  The ACM Transactions on Software Engineering and Methodology
  
• ESEC/FSE'22: Peahen: Fast and Precise Static Deadlock Detection via Context Reduction
  Yuandao Cai, Chengfeng Ye, Qingkai Shi, Charles Zhang
  The ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
  
• OOPSLA'22: Indexing the Extended Dyck-CFL Reachability for Context-Sensitive Program Analysis
  Qingkai Shi, Yongchao Wang, Peisen Yao, Charles Zhang
  The ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications
  
• OOPSLA'22: Complexity-Guided Container Replacement Synthesis
  Chengpeng Wang, Peisen Yao, Wensheng Tang, Qingkai Shi, Charles Zhang
  The ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications
  
• ICSE'22: Precise Divide-By-Zero Detection with Affirmative Evidence
  Yiyuan Guo, Jinguo Zhou, Peisen Yao, Qingkai Shi, Charles Zhang
  The ACM/IEEE International Conference on Software Engineering
  
• ASE'21: Transcode: Detecting Status Code Mapping Errors in Large-Scale Systems
  Wensheng Tang, Yikun Hu, Gang Fan, Peisen Yao, Rongxin Wu, Guangyuan Bai, Pengcheng Wang, Charles Zhang
  The ACM/IEEE International Conference on Automated Software Engineering
  
• OOPSLA'21: Program Analysis via Efficient Symbolic Abstraction
  Peisen Yao, Qingkai Shi, Heqing Huang, Charles Zhang
  The ACM SIGPLAN Conference on Objected Oriented Programming, Systems, Languages, and Applications
  
• PLDI'21: Path-Sensitive Sparse Analysis without Path Conditions
  Qingkai Shi, Peisen Yao, Rongxin Wu, Charles Zhang
  The ACM SIGPLAN Conference on Programming Language Design and Implementation
  
• PLDI'21: Canary: Practical Static Detection of Inter-Thread Value-Flow Bugs
  Yuandao Cai, Peisen Yao, Charles Zhang
  The ACM SIGPLAN Conference on Programming Language Design and Implementation
  
• ISSTA'20: Fast Bit-Vector Satisfiability
  Peisen Yao, Qingkai Shi, Heqing Huang, Charles Zhang
  The ACM SIGSOFT International Symposium on Software Testing and Analysis
  
• ISSTA'20: Functional Code Clone Detection with Syntax and Semantics Fusion Learning
  Chunrong Fang, Zixi Liu, Yangyang Shi, Jeff Huang, Qingkai Shi
  The ACM SIGSOFT International Symposium on Software Testing and Analysis
  
• ICSE'20: Pipelining Bottom-up Data Flow Analysis
  Qingkai Shi, Charles Zhang
  The ACM/IEEE International Conference on Software Engineering
  
• ICSE'20: Conquering the Extensional Scalability Problem for Value-Flow Analysis Frameworks
  Qingkai Shi, Rongxin Wu, Gang Fan, Charles Zhang
  The ACM/IEEE International Conference on Software Engineering
  
• ICSE'19: Smoke: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code
  Gang Fan, Rongxin Wu, Qingkai Shi, Xiao Xiao, Jinguo Zhou, Charles Zhang
  The ACM/IEEE International Conference on Software Engineering
  
• PLDI'18: Pinpoint: Fast and Precise Sparse Value Flow Analysis for Million Lines of Code
  Qingkai Shi, Xiao Xiao, Rongxin Wu, Jinguo Zhou, Gang Fan, Charles Zhang
  The ACM SIGPLAN Conference on Programming Language Design and Implementation
  

Bug List

• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in libshout, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in tmux 3.0, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Binutils 2.39, A memory leak occurs

  This was assigned CVE-2022-47007

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Binutils 2.39, A memory leak occurs

  This was assigned CVE-2022-47008

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Binutils 2.39, A memory leak occurs

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Binutils 2.39, A memory leak occurs

  This was assigned CVE-2022-47011

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Binutils 2.39, A memory leak occurs

  This was assigned CVE-2022-47010

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Binutils 2.39, A memory leak occurs

  
  
  
  
  
  
• 
  CWE-416: Use After Free | Report Link
  
  

  In libSDL 1.2, a use after free occurs

  This was assigned CVE-2022-34568

  
  
  
  
  
  
• 
  CWE-457: Use of Uninitialzed Variable | Report Link
  
  

  In dynamips 0.2.23, a use of uninitialized variable occurs

  This was assigned CVE-2022-47012

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in openldap 2.4.2, six sites may occur null pointer dereference.

  This was assigned CVE-2023-2953

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in openssl 1.1.1, twenty-one sites may occur null pointer dereference.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in vim 8.1.2269, one site may occur null pointer dereference.

  This was assigned CVE-2022-47024

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in libsndfile 1.0.28, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in hwloc 2.1.0, a null pointer dereference occurs.

  This was assigned CVE-2022-47022

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in vlc 3.0.9.2, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in opusfile, a null pointer dereference occurs.

  This was assigned CVE-2022-47021

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in libxi, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in libshout, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in mariadb 10.11.0, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in mariadb 10.11.0, a null pointer dereference occurs.

  This was assigned CVE-2022-47015

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  in mariadb 10.11.0, a null pointer dereference occurs.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race condition issue from curl.cpp#L1486 to curl.cpp#L1495 in s3fs-fuse

  
  
  
  
  
  
• 
  CWE-562: Return of Stack Address | Report Link
  
  

  A stack address escapes to the caller function. There are several similar ones. This is the FIRST issue we confirmed with software developers.

  
  
  
  
  
  
• 
  CWE-562: Return of Stack Address | Report Link
  
  

  An Invalid Reference to Stack Memory (modules/http/chunk_filters.c).

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race in axel

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  inconsistent operation on a pointer in baidu's sofa-pbrpc.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race in baidu's sofa-pbrp.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  inconsistent operation on a pointer in sofa-rpc.

  
  
  
  
  
  
• 
  CWE-121: Stack/Heap Buffer Overflow | Report Link
  
  

  buffer overflow detected by static analysis and reproduced by fuzzing

  CVE-2019–13238

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  null deref detected by static analysis and reproduced by fuzzing

  CVE-2019–13959

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  In Bftpd 4.6, A memory leak occurs in a malcrafted sequence of FTP requests.

  This was assigned CVE-2017-16892.

  
  
  
  
  
  
• 
  CWE-590: Free of Memory not on the Heap | Report Link
  
  

  In Bftpd 4.7, a non-heap memory stored in remotehostname may be released at the end of the main function.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  A memory leak found in V8

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  There were two failure paths where the CodeProtectionInfo object would not be
  freed. This adds a free() on those paths to prevent a memory leak.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A null pointer deref in CJson.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race in eyescale/lunchbox.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  There are paths that could lead to exBeanDeser dereferencing when exBeanDeser is null.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  There paths could lead to class_gd dereferencing when class_gd is null.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Memory Leak found in FFMpeg

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A use after free bug detected by the persistence

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A double free bug detected by the persistence

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A Use-After-Free bug detected by the persistence

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  Since the two frees follow each other immediately it's hard to see how an attacker could take advantage of it. maybe something on another thread could be allocating things meanwhile, but that'd be a nightmarish timing needle to thread.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Actual results:

  File: dom/media/encoder/VP8TrackEncoder.cpp:254

  videoData allocated on line 279 is not freed when the function returns on line 286/293/300/306. Since videodata is considered a big data, it may cause severe memory leaks.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Actual results:

  File: media/libvpx/libvpx/vp8/vp8_cx_iface.c:594

  The memory shared_mem_loc allocated on line 587 is leaked when the program takes the true branch on line 594. It is a rare case, but better fix it.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Actual results:

  File mozilla-unified/media/mtransport/nr_timer.cpp:216

  The allocated variable callback on line 210 is leaked when the program returns on line 217.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Actual results:

  The memory allocated by strdup(appEnv) on line 179 is never freed in the program.

  File: browser/app/nsBrowserApp.cpp:179

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Actual results:

  "adapter" allocated on line 603 is leaked when mGMPLoader->load returns false on line 606.

  File: dom/media/gmp/GMPChild.cpp:555

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Actual results:

  File mozilla-unified/media/mtransport/nr_timer.cpp:216

  The allocated variable callback on line 210 is leaked when the program returns on line 217.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A flaw was found in glusterfs. A null pointer dereference in in send_brick_req function in glusterfsd/src/gf_attach.c may cause local denial of service.

  This was assigned CVE-2017-15096.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A potential null pointer dereference, in function error_gen_writev of xlators/debug/error-gen/src/error-gen.c

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A use after free may happen with a malicious configure file.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  1/4 Comment: Closes #17033, #17032, #17031, thanks @fangang190

  Im not sure about right way to fix for #17030, cuz im not an expert in android apk, and calling zipClose(unaligned_apk, NULL); before return may cause errors, so anybody with free time and knowledge could fix it instead

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  2/4 Comment: Closes #17033, #17032, #17031, thanks @fangang190

  Im not sure about right way to fix for #17030, cuz im not an expert in android apk, and calling zipClose(unaligned_apk, NULL); before return may cause errors, so anybody with free time and knowledge could fix it instead

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  3/4 Comment: Closes #17033, #17032, #17031, thanks @fangang190

  Im not sure about right way to fix for #17030, cuz im not an expert in android apk, and calling zipClose(unaligned_apk, NULL); before return may cause errors, so anybody with free time and knowledge could fix it instead

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  4/4 Comment: Closes #17033, #17032, #17031, thanks @fangang190

  Im not sure about right way to fix for #17030, cuz im not an expert in android apk, and calling zipClose(unaligned_apk, NULL); before return may cause errors, so anybody with free time and knowledge could fix it instead

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Given empty rs, kvs shall be null instead of an empty list, leading to potential null pointer exception

  <
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  CloneKernelInfo uses AcquireMagickMemory and it might return NULL, and causing Null Pointer Dereference and Denial of Service.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  AcquireRandomInfoThreadSet might return NULL if AcquireMagickMemory fails, then it will cause Null Pointer Deference and Denial of Service.

  This issue was assigned CVE-2017-1000445

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Another potential NPD at resample_filter=AcquireResampleFilterThreadSet(image of DistortImage, there is no null check after this acquiring, it then dereference the pointer in after. It could lead to process crash in acquiring when there is not enough available memory. This is the first CVE id we got.

  This was assigned CVE-2017-14739.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A potential null pointer dereference bug is at "blob/master/test/dnet/fw.c#L109"

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A potential null pointer dereference bug is in the function "cork_slice_slice" of the file "libcork/ds/slice.c"

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A double free issue in libicu. It has been in the code for more than 10 years. It is fixed by this commit. Projects using libicu

  This was assigned CVE-2017-14952.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A double-free bug detected by the persistence

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  mem leak detected by static analysis and reproduced by fuzzing

  CVE-2019–13960

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  memory leak in permutate.hpp

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A double free that may happen in the error-handling process when error happens. Projects using libssh: KDE, Github, X2Go, etc.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  In memcached, Deref a pointer in the condition that the pointer is null.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Comment: looks like a non-issue, since those returns end up exiting the process. I've fixed them anyway.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Comment: fixed in next. another non-issue, since that code is only executed from a specific test or two, and executes once in startup.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A double free vulnerability that may happen during failure process.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A variable is not set to null after free. The freed pointer will escape to the callers of the function.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  Deref ret_val after it is freed.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A double free because of code copy and paste..

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  A memory leak bug found in MySQL>

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  There is a potential memory leak defect in mysql-server-mysql-5.5.51/cmd-line-utils/libedit/np/vis.c:436.

  The memory allocated on line 420 is assigned to variable nextra. It is not freed when this function returns to its caller on line 436. The leak on line 436 might be a mistake.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Missing null check after calling HMAC_CTX_new

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Missing null check after ctlog_store_load_ctx_new. We reported it by commenting another bug, but the comment is mis-deleted... Just as the developer said in the pull request: "And also a comment about another missing check, but I can't see the comment any more."

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  We find a memory leak bug in apps/s_server.c 3294 (3330 in the most recent version). The variable con is not released when taking the "err" goto statement at line 3305.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Hi, we find a memory leak bug in ssl/s3_lib.c 4554 (4606 in current version).
  This bug happens when the program taking true branch at line 4569 and goto the err label.

  There is no free operation in the err section.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  It happens at line 2923 ( 2961 in the current version). Leaks when going to the err label.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A series of NPD bugs caused by the possible NULL return value of the function EVP_aes_128_cbc_hmac_sha1() in e_dasync.c

  Read the bug report for a good story

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  An intentional harmless use-after-free

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  if it follows the goto LBL_ERR; in line 150, tmpbuf will be freed again, seems the upstream of libtomcrypt have already fixed this issue.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  the early return of return TEE_ERROR_BAD_STATE; at line 380 will leak the memory block pointed by dir (line 364)

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  Pinpoint has reported a potential use after free in the following for loop, the freed proxy still used in the for loop (var) = ((var)->field.tqe_next))

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  alloc_and_copy_shdr could free shdr when return error, then it goes to label error_free_payload. then the label error_free_payload frees shdr again:

  
  
  
  
  
  
• 
  CWE-562: Return of Stack Address | Report Link
  
  

  An RSA issue in paddle

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  An ML in paddle

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Possible missing NULL check in pyexpat

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Check for null return value [_elementtree.c : subelement]

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Need a look for return value checking [selectmodule.c]

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Need a look for return value checking [_elementtree.c :element_getattr ]

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Unchecked return null of epoll_create, which may lead to null pointer dereference

  
  
  
  
  
  
• 
  CWE-773: File Descriptor Leak | Report Link
  
  

  An FDL in redis

  
  
  
  
  
  
• 
  CWE-773: File Descriptor Leak | Report Link
  
  

  An FDL in redis

  
  
  
  
  
  
• 
  CWE-562: Return of Stack Address | Report Link
  
  

  An RSA issue that have been fixed when reported

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  The first use-after-free bug detected by persistence

  
  
  
  
  
  
• 
  CWE-121: Stack/Heap Buffer Overflow | Report Link
  
  

  A bufferoverflow bug

  
  
  
  
  
  
• 
  CWE-121: Stack/Heap Buffer Overflow | Report Link
  
  

  Shadowsocks-libev does not check the return value, which may be -1.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A use-after-free (variable: remote) in Shadowsocks.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A use-after-free (variable: server) in shadowsocks

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Mishandling of json configuration file ("plugin") could lead to Null Pointer Dereference

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Mishandling of json configuration file ("mode") could lead to Null Pointer Dereference

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  The developer made an mistake when fixing the npd we reported before.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Forgot to check null in a malloc wrapper.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  Unchecked return value to null pointer dereference

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  cdata leaks when job_run fails. I've checked the code of job_run, it does not free cdata when fails.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Description:
  Same problem as above in cmd-if-shell.c

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  Description:
  Similar problem

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  "found" is leaked when format_choose failed.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  This is the first bug detected by the persistence work.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  In transmission project, a use-after-free which may happen when race condition happens.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  In transmission project, a memory leak which may happen when race condition happens.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A null pointer dereference may happen in memcpy

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  A memory leak because of early return.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  The pointers nodes in the code point to two newly-allocated memory. If rc < 0 in the code happens, it will go to the label fail, where nodes are not released.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  The pointers nodes6 in the code point to two newly-allocated memory. If rc < 0 in the code happens, it will go to the label fail, where nodes6 are not released.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c

  Assigned ID: CVE-2018-20786

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  NPD when ctime_r fails.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  There are two delete[] data inside function ProgramMain, if read_file failed, it could occur some unexpected behaviors. We can add a return statement after the first delete to avoid this

  
  
  
  
  
  
• 
  CWE-773: File Descriptor Leak | Report Link
  
  

  At many early returns, it would skip the fclose(file) statement and leak this file descriptor.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  It has been confirmed first, but later being classified as unconfirmed since it happens in main.
  We classify this one as confirmed since it has been confirmed by at least one developer.

  
  
  
  
  
  
• 
  CWE-401: Memory Leak | Report Link
  
  

  We find a memory leak defect in the file tools/wrc/wrc.c.
  I've uploaded a screenshot of the leak trace.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  Data race in Z3 SMT solver when a local variable is deconstructed

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  An intentional harmless use after free

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in git controlled by command line argument

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in Linux kernel: pnmtologo.c

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in Linux kernel: agp

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in Linux kernel: block

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in Linux kernel: math

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in gdb: amd64_has_unaligned_fields

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in ImageMagick: OpenPixelCache

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in ImageMagick: GetVirtualPixelCacheNexus

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in goaccess: set_root_metrics

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in goaccess: add_data_to_holder

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in libuv: read_times

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in sping-boot: RandomValuePropertySource

  
  
  
  
  
  
• 
  CWE-369: Divide By Zero | Report Link
  
  

  Divide by zero in hadoop: LoadBalancingKMSClientProvider

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on hg_thread_mutex_lock(&NA_MPI_CLASS(na_class)->accept_mutex) in mercury. Multiple calls on the function na_mpi_accept can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on hg_thread_mutex_lock(&NA_MPI_CLASS(na_class)->remote_list_mutex) in mercury. Multiple calls on the function na_mpi_progress_unexpected can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on hg_thread_mutex_lock(&request->request_class->progress_mutex) in mercury. Multiple calls on the function hg_request_wait can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on hg_thread_mutex_lock(&poll_set->lock) in mercury. Multiple calls on the function hg_poll_wait can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A use-after-free bug is detected in coturn on the function write_to_peerchannel.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  A use-after-free bug is detected in coturn on the function write_client_connection.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  It is found in lwan and fixed. It occurs due to calling the critical logging function when hash_str_new() fails in parse_listener_prefix().

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  It is found in coturn on the function tcp_client_input_handler_rfc6062data and fixed.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race in coturn on the function general_relay_servers.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race in coturn between the functions set_rtpfile and rollover_logfile.

  
  
  
  
  
  
• 
  CWE-416: Use After Free/Double Free | Report Link
  
  

  It is found in poco and fixed. The close() is being called before handleLastErrorImpl(), so the call to close will actually change/reset errno and handleLastErrorImpl() will throw the wrong exception.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A NULL pointer dereference found in libfreenect on the method freenect_select_subdevices where ctx may be NULL. It is fixed.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A race-like bug found in lrzip, which has been fixed.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A race-like bug found in lrzip, which has been fixed.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A NULL pointer dereference on the function afalg_aes_cbc and is fixed.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&mutex_mmap) in box64. Multiple calls on the function AllocDynarecMap can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&mutex_mmap) in box86. Multiple calls on the function AllocDynarecMap can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race on the variable status found in box86.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Double unlocks on pthread_mutex_unlock(&td->io_u_lock) in fio.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&pool->lock) in CORTX-S3 Server. Multiple calls on the function mempool_destroy can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&rd.mutex) in liburing. Multiple calls on the function test can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&mutex) in liburing. Multiple calls on the function test can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&lock) in liburing.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Multiple status code mapping errors. Receiving multiple status codes but outputting them inconsistently in many places.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Multiple status code mapping errors. Receiving multiple status codes but outputting them inconsistently in many places.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Inconsistent status code mappings.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Inconsistent status code mappings.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Inconsistent status code mappings between GRPC and HTTP status codes.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Inconsistent status code mappings.

  
  
  
  
  
  
• 
  CWE-393: Return of Wrong Status Code | Report Link
  
  

  Inconsistent status code mappings.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&once_init_lock) in libevent. Multical calls on evthread_use_pthreads_with_flags can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&timer_mutex) in siege. Multical calls on pthread_usleep_np can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_unlock(&init_mutex) in haproxy that is not correctly released before program exit.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&fakeMutex) in libfaketime that is not correctly released before program exit.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&fakeMutex) in libfaketime that is not correctly released before program exit.(The same lock on different program locations)

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&netcam->mutex) in motion. Multical calls on netcam_cleanup can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  The exit call in the thread functions have potential thread racing issues and may leave another process hanging.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&threadLocks[myCPU]) in likwid. Multical calls on likwid_markerStopRegion can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&stats.lock) in netopeer. Multical calls on ncm_session_add can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&server_opts.authkey_lock) in libnetconf. Multical calls on _nc_server_ssh_add_authkey can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock bug due to cyclic order between workq_lock and doneq_lock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&lset->lock) in ovis. Multical calls on __process_dir_set_info can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&x->lock) in ovis. Multical calls on __send_lookup_reply can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&conn->lock) in axel. Multical calls on conn_info can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(¬ify_lock) in 389 server adopted by freeIPA(Red Hat Identify Management System). The bug is easy to understand but existed for 8 months.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&init_mutex) in postgres-x2 that is not correctly released before program exit.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug about re-acquiring the cen64_mutex_lock(&gdb->client_mutex) in cen64.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&perl_threads->mutex) in collectd that is not correctly released before program exit.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&server_started_mtx) in linux that is not correctly if the pthread_create fails and goes to close_server_fd.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  An improper locking bug on pthread_mutex_lock(&test_sec_mutex) in uadk. Multical calls on test_sec_cipher_async can lead to a deadlock.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  The lock us->lock seems to guard the variable us->locked. However, the lock is released before accessing us->locked.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  The lock cond_mutex should guard dbus_startup_completed to make the write operation atomic.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A communication deadlock bug between the signal (Line 700) and wait sites (Line 996).

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  That code evolved from running on a single thread to running on multiple threads, which introduced data races and so made unreliable.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A potential data races when accessing variable stderr in the function PthreadCall.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  On failure the pthread mutex would still be hold with the new connection object listed but free()'d.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in dpdk.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in dpdk.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in FFmpeg.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in FFmpeg

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Unlock the accept mutex before exiting (error conditions).

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock b->lock in the libtrace_release_bucket_id method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock q->lock in the libtrace_deque_push_back method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock q->lock in the libtrace_deque_push_front method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock v->lock in the libtrace_vector_push_back method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock mutex in the trace_bpf_compile method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock trace->libtrace_lock in the hasher_entry method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In libtrace, a potential deadlock for the lock libtrace->libtrace_lock in the trace_pstart method.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A potential deadlock on the lock caam.ring.jr_lock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  There was an unreleased lock in the read_watch_internal() with no risk in reality (fixed).

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia-codec/and_aud_mediacodec.cpp.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia-codec/ipp_codecs.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia-codec/opus.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia-codec/passthrough.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia-codec/speex_codec.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock (vid_conf->mutex in pjmedia_vid_conf_add_port method) found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia/vid_conf.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock (vid_conf->mutex in pjmedia_vid_conf_remove_port) found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia/vid_conf.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock (vid_conf->mutex in pjmedia_vid_conf_connect_port) found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia/vid_conf.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock (vid_conf->mutex in pjmedia_vid_conf_disconnect_port) found in PJSIP with CVE ID assigned in pjmedia/src/pjmedia/vid_conf.c.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In OpenSSL, the lock pk->lock is not released correctly in the function evp_keymgmt_util_export_to_provider.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A found missing release lock thd->ctrl_mutex.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A missing release previous mutexes of the other threads.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A missing release lock stream_ctxt->mutex.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A missing release lock lock_bigbuffer.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A cyclic-dependence deadlock between locks ctxt->mutex and list_lock.

  
  
  
  
  
  
• 
  CWE-476: Null Pointer Dereference | Report Link
  
  

  A NPD found in mercury.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race on the thread-shared variable hg_progress_shutdown_flag found in mercury.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function ts_allocate_fast_id (Line 335, 336) in PHP.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function ts_allocate_id in PHP.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function ts_allocate_fast_id (Line 350) in PHP.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the webserver.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the RetroArch.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function lock_stream() of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function unlock_stream() of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function fprintf of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function printf of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function fputs of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function puts of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  A data race found in the function fwrite of pmix-tests.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  In memcached, there is race condition while incrementing log entries dropped.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  In transmission project, there is a possible data race between tr_threadNew and ThreadFunc.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  Race conditions happen in the function conn_setup without holding locks.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  A data race happens on the variable treq->finished in the ocf project.

  
  
  
  
  
  
• 
  CWE-362: Data Race | Report Link
  
  

  The is_paused = false is not protected by a lock in do_resume method.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  In libtrace, the lock b->lock in the libtrace_release_bucket_id method is released twice; at the second time of releasing, it may race with other concurrent threads using the lock.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  In libtrace, the lock b->lock in the libtrace_push_into_bucket method is released twice; at the second time of releasing, it may race with other concurrent threads using the lock.

  
  
  
  
  
  
• 
  CWE-362: Data Races | Report Link
  
  

  In fio, the lock td->io_u_lock in the verify_async_thread method is released twice; at the second time of releasing, it may race with other concurrent threads using the lock.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The guest pthread locks a mutex on the beginning of each synchronization iteration and uses it to wait on a conditional variable. When the synchronization is done and the thread exists, this mutex should be unlocked.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Unlock TLS spinlock on key error in kthread_setspecific.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Persistent valid buffers are guaranteed by the SDR backend to fix a missing lock release.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Release the update lock if starting trust db read operations errors.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A missing-unlocking bug in the open-iscsi.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A missing-unlocking bug in mk_scheduler.c of the monkey.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Cachedb_local: Fix missing lock_release() on error case.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The file_data->mutex is not released before returning at Line 595.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  There are cyclic lock acquisitions between locks mux_hr and mux_hg in the method brain_server_handle_client executed by multiple concurrent threads.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The lock best->mutex is missed to be released before line 815.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  A deadlock occurs when other == t in the loop and lock other->mutex is acquired twice at Line 138.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Lock pool->mutex is not released before destroying at Line 1343.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  Lock pool->mutex is not released before Line 299.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  aaa_diameter: Fix missing lock_release() on error case.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  cachedb_local: Fix missing lock_release() on error case.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  fraud_detection: Fix missing lock_release() on OOM error case.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_routing: Fix missing lock_release() on error case.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_flatstore: Fix missing lock_release() on OOM.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_virtual: Fix several missing lock_release() ops. (modules/event_virtual/event_virtual.c, Line 469)

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_virtual: Fix several missing lock_release() ops. (modules/event_virtual/event_virtual.c, Line 620)

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_virtual: Fix several missing lock_release() ops. (modules/event_virtual/event_virtual.c, Line 628)

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_virtual: Fix several missing lock_release() ops. (modules/event_virtual/event_virtual.c, Line 658)

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  aaa_diameter: Fix missing lock_release() on error case

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  cachedb_local: Fix missing lock_release() on error case

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  fraud_detection: Fix missing lock_release() on OOM error case

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_routing: Fix missing lock_release() on error case

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  event_flatstore: Fix missing lock_release() on OOM

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  presence: Fix missing lock_release() on error case in the function get_stored_info.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  presence: Fix missing lock_release() on error case in the function refresh_watcher.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  clusterer: Fix missing lock_release() on "out of PKG".

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  db_text: Skip grabbing cache lock during shutdown.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  clusterer: Fix missing lock_release() on capability error cases.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  presence: Fix missing lock_release() ops on error cases in the function get_stored_info.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  presence: Fix missing lock_release() ops on error cases in the function refresh_watcher.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  clusterer: Fix missing lock_release() on capability error cases.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The destroy() callback is only called if there is a single process left, there is no need for any locking anymore. Also, the lock wasn't released afterwards, which was bogus.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  clusterer: Fix missing lock_release() on "out of PKG".

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The lock data->lock (Line 572) is directly destroyed (Line 632) without releasing before.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The lock data->lock is destroyed without releasing before.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  The lock data->lock also should be released before return at Line 85.

  
  
  
  
  
  
• 
  CWE-667: Improper Locking | Report Link
  
  

  In the aml_allocator_area_destroy, a double locking is induced by typo due to fixing a missing lock release.

  
  
  
  
  
  

# Discovered Bugs in Each Category

# Discovered Bugs in Each Project