Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
159 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
18 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 159 defect(s)
** CID 21202: (REVERSE_INULL)
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
________________________________________________________________________________________________________
*** CID 21202: (REVERSE_INULL)
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
553 {
554 if (heap->bloc_start <= b->data && b->data <= heap->end)
555 break;
556 heap = heap->next;
557 /* We know HEAP is not null now,
558 because there has to be space for bloc B. */
>>> CID 21202: (REVERSE_INULL)
>>> Directly dereferencing pointer "heap".
559 heap->first_bloc = NIL_BLOC;
560 heap->last_bloc = NIL_BLOC;
561 heap->free = heap->bloc_start;
562 }
563
564 /* Update HEAP's status for bloc B. */
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
553 {
554 if (heap->bloc_start <= b->data && b->data <= heap->end)
555 break;
556 heap = heap->next;
557 /* We know HEAP is not null now,
558 because there has to be space for bloc B. */
>>> CID 21202: (REVERSE_INULL)
>>> Directly dereferencing pointer "heap".
559 heap->first_bloc = NIL_BLOC;
560 heap->last_bloc = NIL_BLOC;
561 heap->free = heap->bloc_start;
562 }
563
564 /* Update HEAP's status for bloc B. */
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
553 {
554 if (heap->bloc_start <= b->data && b->data <= heap->end)
555 break;
556 heap = heap->next;
557 /* We know HEAP is not null now,
558 because there has to be space for bloc B. */
>>> CID 21202: (REVERSE_INULL)
>>> Directly dereferencing pointer "heap".
559 heap->first_bloc = NIL_BLOC;
560 heap->last_bloc = NIL_BLOC;
561 heap->free = heap->bloc_start;
562 }
563
564 /* Update HEAP's status for bloc B. */
** CID 751135: Error handling issues (NEGATIVE_RETURNS)
/external/gpl2/libmalloc/dist/valloc.c: 48 in valloc()
________________________________________________________________________________________________________
*** CID 751135: Error handling issues (NEGATIVE_RETURNS)
/external/gpl2/libmalloc/dist/valloc.c: 48 in valloc()
42 valloc (size)
43 __malloc_size_t size;
44 {
45 if (pagesize == 0)
46 pagesize = __getpagesize ();
47
>>> CID 751135: Error handling issues (NEGATIVE_RETURNS)
>>> "pagesize" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
48 return memalign (pagesize, size);
** CID 975021: Error handling issues (CHECKED_RETURN)
/external/cddl/osnet/sys/sys/cred.h: 80 in groupmember()
________________________________________________________________________________________________________
*** CID 975021: Error handling issues (CHECKED_RETURN)
/external/cddl/osnet/sys/sys/cred.h: 80 in groupmember()
74
75 static __inline int
76 groupmember(gid_t gid, cred_t *cr)
77 {
78 int result;
79
>>> CID 975021: Error handling issues (CHECKED_RETURN)
>>> Calling "kauth_cred_ismember_gid" without checking return value (as is done elsewhere 10 out of 11 times).
80 kauth_cred_ismember_gid(cr, gid, &result);
81
82 return result;
83 }
84
85 #endif /* _KERNEL */
86
** CID 975734: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 1043 in access_mask_check()
________________________________________________________________________________________________________
*** CID 975734: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 1043 in access_mask_check()
1037 err_deny = ACL_WRITE_ATTRS_WRITER_ERR_DENY;
1038 set_allow = ACL_WRITE_ATTRS_WRITER_SET_ALLOW;
1039 err_allow = ACL_WRITE_ATTRS_WRITER_ERR_ALLOW;
1040 } else {
1041 if ((acep->a_access_mask & mask_bit) &&
1042 (acep->a_type & ACE_ACCESS_ALLOWED_ACE_TYPE)) {
>>> CID 975734: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 86;".
1043 return (ENOTSUP);
1044 }
1045 return (0);
1046 }
1047 } else if (mask_bit == ACE_READ_NAMED_ATTRS) {
1048 if (!hasreadperm)
** CID 975735: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 526 in access_mask_set()
________________________________________________________________________________________________________
*** CID 975735: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 526 in access_mask_set()
520
521 if (acl_produce & synchronize_set)
522 access_mask |= ACE_SYNCHRONIZE;
523 if (acl_produce & write_owner_set)
524 access_mask |= ACE_WRITE_OWNER;
525 if (acl_produce & delete_set)
>>> CID 975735: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "access_mask |= 0x10000U;".
526 access_mask |= ACE_DELETE;
527 if (acl_produce & write_attrs_set)
528 access_mask |= ACE_WRITE_ATTRIBUTES;
529 if (acl_produce & read_named_set)
530 access_mask |= ACE_READ_NAMED_ATTRS;
531 if (acl_produce & write_named_set)
** CID 975736: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 524 in access_mask_set()
________________________________________________________________________________________________________
*** CID 975736: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 524 in access_mask_set()
518 access_mask |= ACE_WRITE_ATTRIBUTES;
519 }
520
521 if (acl_produce & synchronize_set)
522 access_mask |= ACE_SYNCHRONIZE;
523 if (acl_produce & write_owner_set)
>>> CID 975736: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "access_mask |= 0x80000U;".
524 access_mask |= ACE_WRITE_OWNER;
525 if (acl_produce & delete_set)
526 access_mask |= ACE_DELETE;
527 if (acl_produce & write_attrs_set)
528 access_mask |= ACE_WRITE_ATTRIBUTES;
529 if (acl_produce & read_named_set)
** CID 975737: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 530 in access_mask_set()
________________________________________________________________________________________________________
*** CID 975737: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 530 in access_mask_set()
524 access_mask |= ACE_WRITE_OWNER;
525 if (acl_produce & delete_set)
526 access_mask |= ACE_DELETE;
527 if (acl_produce & write_attrs_set)
528 access_mask |= ACE_WRITE_ATTRIBUTES;
529 if (acl_produce & read_named_set)
>>> CID 975737: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "access_mask |= 8U;".
530 access_mask |= ACE_READ_NAMED_ATTRS;
531 if (acl_produce & write_named_set)
532 access_mask |= ACE_WRITE_NAMED_ATTRS;
533
534 return (access_mask);
535 }
** CID 975738: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 532 in access_mask_set()
________________________________________________________________________________________________________
*** CID 975738: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/common/acl/acl_common.c: 532 in access_mask_set()
526 access_mask |= ACE_DELETE;
527 if (acl_produce & write_attrs_set)
528 access_mask |= ACE_WRITE_ATTRIBUTES;
529 if (acl_produce & read_named_set)
530 access_mask |= ACE_READ_NAMED_ATTRS;
531 if (acl_produce & write_named_set)
>>> CID 975738: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "access_mask |= 0x10U;".
532 access_mask |= ACE_WRITE_NAMED_ATTRS;
533
534 return (access_mask);
535 }
536
537 /*
** CID 976350: Memory - illegal accesses (INTEGER_OVERFLOW)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1512 in collect_a_seq()
________________________________________________________________________________________________________
*** CID 976350: Memory - illegal accesses (INTEGER_OVERFLOW)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1512 in collect_a_seq()
1506 * Decomposition yields various Hangul related
1507 * states but not on combining marks. We need to
1508 * find out at here by checking on the last
1509 * character.
1510 */
1511 if (*state == U8_STATE_START) {
>>> CID 976350: Memory - illegal accesses (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "last - 1U" used as array index.
1512 if (comb_class[last - 1])
1513 *state = U8_STATE_COMBINING_MARK;
1514 }
1515 }
1516
1517 saved_last = last;
** CID 976712: Error handling issues (NEGATIVE_RETURNS)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 1276 in nvpair_value_common()
________________________________________________________________________________________________________
*** CID 976712: Error handling issues (NEGATIVE_RETURNS)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 1276 in nvpair_value_common()
1270 case DATA_TYPE_HRTIME:
1271 #if !defined(_KERNEL)
1272 case DATA_TYPE_DOUBLE:
1273 #endif
1274 if (data == NULL)
1275 return (EINVAL);
>>> CID 976712: Error handling issues (NEGATIVE_RETURNS)
>>> "(size_t)i_get_value_size(type, NULL, 1U)" is passed to a parameter that cannot be negative.
1276 bcopy(NVP_VALUE(nvp), data,
1277 (size_t)i_get_value_size(type, NULL, 1));
1278 if (nelem != NULL)
1279 *nelem = 1;
1280 break;
1281
** CID 977165: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 1799 in nvlist_exists()
________________________________________________________________________________________________________
*** CID 977165: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 1799 in nvlist_exists()
1793 (priv = (nvpriv_t *)(uintptr_t)nvl->nvl_priv) == NULL)
1794 return (B_FALSE);
1795
1796 for (curr = priv->nvp_list; curr != NULL; curr = curr->nvi_next) {
1797 nvp = &curr->nvi_nvp;
1798
>>> CID 977165: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer "(char *)nvp + 16U".
1799 if (strcmp(name, NVP_NAME(nvp)) == 0)
1800 return (B_TRUE);
1801 }
1802
1803 return (B_FALSE);
1804 }
** CID 977166: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 1336 in nvlist_lookup_common()
________________________________________________________________________________________________________
*** CID 977166: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 1336 in nvlist_lookup_common()
1330 if (!(nvl->nvl_nvflag & (NV_UNIQUE_NAME | NV_UNIQUE_NAME_TYPE)))
1331 return (ENOTSUP);
1332
1333 for (curr = priv->nvp_list; curr != NULL; curr = curr->nvi_next) {
1334 nvp = &curr->nvi_nvp;
1335
>>> CID 977166: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer "(char *)nvp + 16U".
1336 if (strcmp(name, NVP_NAME(nvp)) == 0 && NVP_TYPE(nvp) == type)
1337 return (nvpair_value_common(nvp, type, nelem, data));
1338 }
1339
1340 return (ENOENT);
1341 }
** CID 977167: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 680 in nvlist_remove()
________________________________________________________________________________________________________
*** CID 977167: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 680 in nvlist_remove()
674 return (EINVAL);
675
676 curr = priv->nvp_list;
677 while (curr != NULL) {
678 nvpair_t *nvp = &curr->nvi_nvp;
679
>>> CID 977167: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer "(char *)nvp + 16U".
680 if (strcmp(name, NVP_NAME(nvp)) == 0 && NVP_TYPE(nvp) == type) {
681 nvp_buf_unlink(nvl, nvp);
682 nvpair_free(nvp);
683 nvp_buf_free(nvl, nvp);
684
685 return (0);
** CID 977168: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 650 in nvlist_remove_all()
________________________________________________________________________________________________________
*** CID 977168: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/nvpair/nvpair.c: 650 in nvlist_remove_all()
644
645 curr = priv->nvp_list;
646 while (curr != NULL) {
647 nvpair_t *nvp = &curr->nvi_nvp;
648
649 curr = curr->nvi_next;
>>> CID 977168: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer "(char *)nvp + 16U".
650 if (strcmp(name, NVP_NAME(nvp)) != 0)
651 continue;
652
653 nvp_buf_unlink(nvl, nvp);
654 nvpair_free(nvp);
655 nvp_buf_free(nvl, nvp);
** CID 977169: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1512 in collect_a_seq()
________________________________________________________________________________________________________
*** CID 977169: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1512 in collect_a_seq()
1506 * Decomposition yields various Hangul related
1507 * states but not on combining marks. We need to
1508 * find out at here by checking on the last
1509 * character.
1510 */
1511 if (*state == U8_STATE_START) {
>>> CID 977169: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "comb_class" of 32 bytes at byte offset 4294967295 using index "last - 1U" (which evaluates to 4294967295).
1512 if (comb_class[last - 1])
1513 *state = U8_STATE_COMBINING_MARK;
1514 }
1515 }
1516
1517 saved_last = last;
** CID 977170: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1693 in collect_a_seq()
________________________________________________________________________________________________________
*** CID 977170: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1693 in collect_a_seq()
1687 last--;
1688 if (last >= saved_last) {
1689 for (i = 0; i < last; i++)
1690 for (j = last; j > i; j--)
1691 if (comb_class[j] &&
1692 comb_class[j - 1] > comb_class[j]) {
>>> CID 977170: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "disp" of 32 bytes at byte offset 4294967294 using index "j - 1U" (which evaluates to 4294967294).
1693 U8_SWAP_COMB_MARKS(j - 1, j);
1694 }
1695 }
1696
1697 *source = s;
1698
** CID 977171: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1693 in collect_a_seq()
________________________________________________________________________________________________________
*** CID 977171: Memory - illegal accesses (OVERRUN)
/external/cddl/osnet/dist/common/unicode/u8_textprep.c: 1693 in collect_a_seq()
1687 last--;
1688 if (last >= saved_last) {
1689 for (i = 0; i < last; i++)
1690 for (j = last; j > i; j--)
1691 if (comb_class[j] &&
1692 comb_class[j - 1] > comb_class[j]) {
>>> CID 977171: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "start" of 32 bytes at byte offset 4294967294 using index "j - 1U" (which evaluates to 4294967294).
1693 U8_SWAP_COMB_MARKS(j - 1, j);
1694 }
1695 }
1696
1697 *source = s;
1698
** CID 977537: API usage errors (PW.PRINTF_ARG_MISMATCH)
/external/cddl/osnet/sys/kern/fm.c: 330 in ()
________________________________________________________________________________________________________
*** CID 977537: API usage errors (PW.PRINTF_ARG_MISMATCH)
/external/cddl/osnet/sys/kern/fm.c: 330 in ()
324 cmn_err(CE_NOTE, "!SUNW-MSG-ID: %s, "
325 "TYPE: Error, VER: 1, SEVERITY: Major\n", fm_msgid);
326
327 printf(
328 "\n\rSUNW-MSG-ID: %s, TYPE: Error, VER: 1, SEVERITY: Major\n"
329 "EVENT-TIME: 0x%lx.0x%lx (0x%llx)\n",
>>> CID 977537: API usage errors (PW.PRINTF_ARG_MISMATCH)
>>> argument is incompatible with corresponding format string conversion
330 fm_msgid, tod.tv_sec, tod.tv_nsec, (u_longlong_t)now);
331
332 printf(
333 "PLATFORM: %s, CSN: -, HOSTNAME: %s\n"
334 "SOURCE: %s, REV: %s\n",
335 machine, hostname, "NetBSD",
** CID 979695: Control flow issues (UNREACHABLE)
/external/cddl/osnet/sys/kern/fm.c: 102 in fm_printf()
________________________________________________________________________________________________________
*** CID 979695: Control flow issues (UNREACHABLE)
/external/cddl/osnet/sys/kern/fm.c: 102 in fm_printf()
96 {
97 va_list ap;
98 int width;
99 char c1;
100 return 0;
101 va_start(ap, format);
>>> CID 979695: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "width = vsnprintf(&c1, 1U, ...".
102 width = vsnprintf(&c1, sizeof (c1), format, ap);
103 va_end(ap);
104
105 if (c + width >= cols) {
106 printf("\n\r");
107 c = 0;
** CID 985529: Control flow issues (NESTING_INDENT_MISMATCH)
/external/cddl/osnet/lib/libdtrace/obj/dt_lex.c: 1407 in yylex()
________________________________________________________________________________________________________
*** CID 985529: Control flow issues (NESTING_INDENT_MISMATCH)
/external/cddl/osnet/lib/libdtrace/obj/dt_lex.c: 1407 in yylex()
1401 YY_USER_INIT;
1402 #endif
1403
1404 /* Create the reject buffer large enough to save one state per allowed character. */
1405 if ( ! (yy_state_buf) )
1406 (yy_state_buf) = (yy_state_type *)yyalloc(YY_STATE_BUF_SIZE );
>>> CID 985529: Control flow issues (NESTING_INDENT_MISMATCH)
>>> This 'if' statement is indented to column 13, as if it were nested within the preceding parent statement, but it is not.
1407 if ( ! (yy_state_buf) )
1408 YY_FATAL_ERROR( "out of dynamic memory in yylex()" );
1409
1410 if ( ! (yy_start) )
1411 (yy_start) = 1; /* first start state */
1412
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index