Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
16 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)
** CID 988470: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-nv/dist/src/g80_dac.c: 211 in G80CreateDac()
________________________________________________________________________________________________________
*** CID 988470: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-nv/dist/src/g80_dac.c: 211 in G80CreateDac()
205 output = xf86OutputCreate(pScrn, &G80DacOutputFuncs, orName);
206
207 pPriv->type = DAC;
208 pPriv->or = or;
209 pPriv->cached_status = XF86OutputStatusUnknown;
210 pPriv->set_pclk = G80DacSetPClk;
>>> CID 988470: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "output".
211 output->driver_private = pPriv;
212 output->interlaceAllowed = TRUE;
213 output->doubleScanAllowed = TRUE;
214
215 return output;
** CID 988471: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-nv/dist/src/g80_sor.c: 526 in G80CreateSor()
________________________________________________________________________________________________________
*** CID 988471: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-nv/dist/src/g80_sor.c: 526 in G80CreateSor()
520 pPriv->type = SOR;
521 pPriv->or = or;
522 pPriv->panelType = panelType;
523 pPriv->cached_status = XF86OutputStatusUnknown;
524 if(panelType == TMDS)
525 pPriv->set_pclk = G80SorSetPClk;
>>> CID 988471: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "output".
526 output->driver_private = pPriv;
527 output->interlaceAllowed = TRUE;
528 output->doubleScanAllowed = TRUE;
529
530 return output;
** CID 1035582: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-geode/dist/src/lx_output.c: 295 in LXSetupOutput()
________________________________________________________________________________________________________
*** CID 1035582: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-geode/dist/src/lx_output.c: 295 in LXSetupOutput()
289
290 if (!lxpriv) {
291 xf86OutputDestroy(output);
292 return;
293 }
294
>>> CID 1035582: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "output".
295 output->driver_private = lxpriv;
296 output->interlaceAllowed = TRUE;
297 output->doubleScanAllowed = TRUE;
298
299 /* Set up the DDC bus */
300
** CID 1288211: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_outputs.c: 856 in via_analog_init()
________________________________________________________________________________________________________
*** CID 1288211: Null pointer dereferences (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_outputs.c: 856 in via_analog_init()
850 VIABIOSInfoPtr pBIOSInfo = pVia->pBIOSInfo;
851 xf86OutputPtr output = NULL;
852
853 if (pVia->pI2CBus1) {
854 output = xf86OutputCreate(pScrn, &via_analog_funcs, "VGA-1");
855
>>> CID 1288211: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "output".
856 output->possible_crtcs = 0x3;
857 output->possible_clones = 0;
858 output->interlaceAllowed = TRUE;
859 output->doubleScanAllowed = FALSE;
860 pBIOSInfo->analog = output;
861 }
** CID 1328437: Memory - corruptions (ARRAY_VS_SINGLETON)
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
________________________________________________________________________________________________________
*** CID 1328437: Memory - corruptions (ARRAY_VS_SINGLETON)
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
853 if (is64) {
854 ip64 = &ipall->u_64;
855 for (i = LFS_IFILE_INUM; i <= HIGHEST_USED_INO; i++) {
856 ip64->if_version = 1;
857 ip64->if_daddr = 0x0;
858 ip64->if_nextfree = 0;
>>> CID 1328437: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "ip64" as an array. This might corrupt or misinterpret adjacent memory locations.
859 ++ip64;
860 }
861 } else if (version > 1) {
862 ip32 = &ipall->u_32;
863 for (i = LFS_IFILE_INUM; i <= HIGHEST_USED_INO; i++) {
864 ip32->if_version = 1;
** CID 1328438: Integer handling issues (BAD_SHIFT)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 220 in nouveau_client_new()
________________________________________________________________________________________________________
*** CID 1328438: Integer handling issues (BAD_SHIFT)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 220 in nouveau_client_new()
214 nvdev->client[i] = 0;
215 nvdev->nr_client++;
216
217 out:
218 pcli = calloc(1, sizeof(*pcli));
219 if (pcli) {
>>> CID 1328438: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << id", shifting by a negative amount has undefined behavior. The shift amount, "id", is no more than -1.
220 nvdev->client[i] |= (1 << id);
221 pcli->base.device = dev;
222 pcli->base.id = (i * 32) + id;
223 ret = 0;
224 }
225
** CID 1328439: (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 365 in nouveau_bo_del()
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 369 in nouveau_bo_del()
________________________________________________________________________________________________________
*** CID 1328439: (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 365 in nouveau_bo_del()
359 * gem handles are not refcounted. If a shared bo is
360 * closed and re-opened in another thread a race
361 * against DRM_IOCTL_GEM_OPEN or drmPrimeFDToHandle
362 * might cause the bo to be closed accidentally while
363 * re-importing.
364 */
>>> CID 1328439: (CHECKED_RETURN)
>>> Calling "drmIoctl" without checking return value (as is done elsewhere 201 out of 219 times).
365 drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
366 }
367 pthread_mutex_unlock(&nvdev->lock);
368 } else {
369 drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
370 }
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 369 in nouveau_bo_del()
363 * re-importing.
364 */
365 drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
366 }
367 pthread_mutex_unlock(&nvdev->lock);
368 } else {
>>> CID 1328439: (CHECKED_RETURN)
>>> Calling "drmIoctl" without checking return value (as is done elsewhere 201 out of 219 times).
369 drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
370 }
371 if (bo->map)
372 drm_munmap(bo->map, bo->size);
373 free(nvbo);
374 }
** CID 1328440: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 900 in drmmode_output_dpms()
________________________________________________________________________________________________________
*** CID 1328440: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 900 in drmmode_output_dpms()
894 drmModePropertyPtr props;
895 drmmode_ptr drmmode = drmmode_output->drmmode;
896 int mode_id = -1, i;
897
898 for (i = 0; i < koutput->count_props; i++) {
899 props = drmModeGetProperty(drmmode->fd, koutput->props[i]);
>>> CID 1328440: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> The expression "props->flags && 1 /* 1 << 3 */" is suspicious because it performs a Boolean operation on a constant other than 0 or 1.
900 if (props && (props->flags && DRM_MODE_PROP_ENUM)) {
901 if (!strcmp(props->name, "DPMS")) {
902 mode_id = koutput->props[i];
903 drmModeFreeProperty(props);
904 break;
905 }
** CID 1328441: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_accel_common.c: 49 in nouveau_allocate_surface()
________________________________________________________________________________________________________
*** CID 1328441: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_accel_common.c: 49 in nouveau_allocate_surface()
43 #ifdef NOUVEAU_PIXMAP_SHARING
44 shared = ((usage_hint & 0xffff) == CREATE_PIXMAP_USAGE_SHARED);
45 #endif
46
47 flags = NOUVEAU_BO_MAP;
48 if (bpp >= 8)
>>> CID 1328441: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "2" inside this statement: "flags |= (shared ? 2 : 1);".
49 flags |= shared ? NOUVEAU_BO_GART : NOUVEAU_BO_VRAM;
50
51 if (pNv->Architecture >= NV_TESLA) {
52 if (scanout) {
53 if (pNv->tiled_scanout) {
54 tiled = TRUE;
** CID 1328442: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_xv.c: 1312 in NVPutImage()
________________________________________________________________________________________________________
*** CID 1328442: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_xv.c: 1312 in NVPutImage()
1306 buf += srcPitch - (npixels << 1);
1307 }
1308 }
1309 }
1310
1311 if (skip)
>>> CID 1328442: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 0;".
1312 return Success;
1313
1314 if (pPriv->currentHostBuffer != NO_PRIV_HOST_BUFFER_AVAILABLE)
1315 pPriv->currentHostBuffer ^= 1;
1316
1317 /* If we're not using the hw overlay, we're rendering into a pixmap
** CID 1328443: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_driver.c: 325 in NVOpenNouveauDevice()
________________________________________________________________________________________________________
*** CID 1328443: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_driver.c: 325 in NVOpenNouveauDevice()
319 #if defined(ODEV_ATTRIB_FD)
320 if (platform_dev)
321 fd = xf86_get_platform_device_int_attrib(platform_dev,
322 ODEV_ATTRIB_FD, -1);
323 #endif
324 if (fd != -1)
>>> CID 1328443: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "ret = nouveau_device_wrap(f...".
325 ret = nouveau_device_wrap(fd, 0, &dev);
326 else
327 ret = nouveau_device_open(busid, &dev);
328 if (ret)
329 xf86DrvMsg(scrnIndex, X_ERROR,
330 "[drm] Failed to open DRM device for %s: %d\n",
** CID 1328444: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_dri2.c: 511 in dri2_page_flip()
________________________________________________________________________________________________________
*** CID 1328444: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_dri2.c: 511 in dri2_page_flip()
505
506 emitted++;
507 }
508
509 /* Will release old fb after all crtc's completed flip. */
510 drmmode_swap(scrn, next_fb, &flipdata->old_fb_id);
>>> CID 1328444: Resource leaks (RESOURCE_LEAK)
>>> Variable "flipdata" going out of scope leaks the storage it points to.
511 return TRUE;
512
513 error_undo:
514 drmModeRmFB(pNv->dev->fd, next_fb);
515 return FALSE;
516 }
** CID 1328445: (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 899 in drmmode_output_dpms()
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 911 in drmmode_output_dpms()
________________________________________________________________________________________________________
*** CID 1328445: (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 899 in drmmode_output_dpms()
893 drmModeConnectorPtr koutput = drmmode_output->mode_output;
894 drmModePropertyPtr props;
895 drmmode_ptr drmmode = drmmode_output->drmmode;
896 int mode_id = -1, i;
897
898 for (i = 0; i < koutput->count_props; i++) {
>>> CID 1328445: (RESOURCE_LEAK)
>>> Overwriting "props" in "props = drmModeGetProperty(drmmode->fd, koutput->props[i])" leaks the storage that "props" points to.
899 props = drmModeGetProperty(drmmode->fd, koutput->props[i]);
900 if (props && (props->flags && DRM_MODE_PROP_ENUM)) {
901 if (!strcmp(props->name, "DPMS")) {
902 mode_id = koutput->props[i];
903 drmModeFreeProperty(props);
904 break;
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 911 in drmmode_output_dpms()
905 }
906 drmModeFreeProperty(props);
907 }
908 }
909
910 if (mode_id < 0)
>>> CID 1328445: (RESOURCE_LEAK)
>>> Variable "props" going out of scope leaks the storage it points to.
911 return;
912
913 drmModeConnectorSetProperty(drmmode->fd, koutput->connector_id,
914 mode_id, mode);
915 }
916
** CID 1328446: (RETURN_LOCAL)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
________________________________________________________________________________________________________
*** CID 1328446: (RETURN_LOCAL)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
79 size = sizeof(struct nvc0_fifo);
80 break;
81 default:
82 return FALSE;
83 }
84
>>> CID 1328446: (RETURN_LOCAL)
>>> Using "data", which points to an out-of-scope temporary variable of type "struct nv04_fifo".
85 ret = nouveau_object_new(&pNv->dev->object, 0,
86 NOUVEAU_FIFO_CHANNEL_CLASS, data, size,
87 &pNv->ce_channel);
88 if (ret) {
89 xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
90 "[COPY} error allocating channel: %d\n", ret);
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
79 size = sizeof(struct nvc0_fifo);
80 break;
81 default:
82 return FALSE;
83 }
84
>>> CID 1328446: (RETURN_LOCAL)
>>> Using "data", which points to an out-of-scope temporary variable of type "struct nvc0_fifo".
85 ret = nouveau_object_new(&pNv->dev->object, 0,
86 NOUVEAU_FIFO_CHANNEL_CLASS, data, size,
87 &pNv->ce_channel);
88 if (ret) {
89 xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
90 "[COPY} error allocating channel: %d\n", ret);
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
79 size = sizeof(struct nvc0_fifo);
80 break;
81 default:
82 return FALSE;
83 }
84
>>> CID 1328446: (RETURN_LOCAL)
>>> Using "data", which points to an out-of-scope temporary variable of type "struct nve0_fifo".
85 ret = nouveau_object_new(&pNv->dev->object, 0,
86 NOUVEAU_FIFO_CHANNEL_CLASS, data, size,
87 &pNv->ce_channel);
88 if (ret) {
89 xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
90 "[COPY} error allocating channel: %d\n", ret);
** CID 1328447: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 181 in drmmode_event_abort()
________________________________________________________________________________________________________
*** CID 1328447: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 181 in drmmode_event_abort()
175 void
176 drmmode_event_abort(ScrnInfoPtr scrn, uint64_t name, bool pending)
177 {
178 drmmode_ptr drmmode = drmmode_from_scrn(scrn);
179 struct drmmode_event *e, *t;
180
>>> CID 1328447: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "e".
181 xorg_list_for_each_entry_safe(e, t, &drmmode_events, head) {
182 if (e->drmmode == drmmode && e->name == name) {
183 xorg_list_del(&e->head);
184 if (!pending)
185 free(e);
186 break;
** CID 1328448: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 224 in drmmode_event_fini()
________________________________________________________________________________________________________
*** CID 1328448: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 224 in drmmode_event_fini()
218 void
219 drmmode_event_fini(ScrnInfoPtr scrn)
220 {
221 drmmode_ptr drmmode = drmmode_from_scrn(scrn);
222 struct drmmode_event *e, *t;
223
>>> CID 1328448: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "e".
224 xorg_list_for_each_entry_safe(e, t, &drmmode_events, head) {
225 if (e->drmmode == drmmode) {
226 xorg_list_del(&e->head);
227 free(e);
228 }
229 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index