New Defects reported by Coverity Scan for NetBSD-i386-kernel

To: coverity-updates%netbsd.org@localhost
Subject: New Defects reported by Coverity Scan for NetBSD-i386-kernel
From: scan-admin%coverity.com@localhost
Date: Mon, 22 Aug 2016 11:09:43 -0700
Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.

5 new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1371644:    (BUFFER_SIZE_WARNING)
/sys/ufs/ext2fs/ext2fs_vfsops.c: 245 in ext2fs_sb_setmountinfo()
/sys/ufs/ext2fs/ext2fs_vfsops.c: 248 in ext2fs_sb_setmountinfo()


________________________________________________________________________________________________________
*** CID 1371644:    (BUFFER_SIZE_WARNING)
/sys/ufs/ext2fs/ext2fs_vfsops.c: 245 in ext2fs_sb_setmountinfo()
239     	pool_destroy(&ext2fs_inode_pool);
240     }
241     
242     static void
243     ext2fs_sb_setmountinfo(struct m_ext2fs *fs, struct mount *mp)
244     {
>>>     CID 1371644:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 512 bytes on destination array "fs->e2fs_fsmnt" of size 512 bytes might leave the destination string unterminated.
245     	(void)strncpy(fs->e2fs_fsmnt, mp->mnt_stat.f_mntonname,
246                 sizeof(fs->e2fs_fsmnt));
247     	if (fs->e2fs_ronly == 0 && fs->e2fs.e2fs_rev > E2FS_REV0) {
248     		(void)strncpy(fs->e2fs.e2fs_fsmnt, mp->mnt_stat.f_mntonname,
249                         sizeof(fs->e2fs.e2fs_fsmnt));
250     
/sys/ufs/ext2fs/ext2fs_vfsops.c: 248 in ext2fs_sb_setmountinfo()
242     static void
243     ext2fs_sb_setmountinfo(struct m_ext2fs *fs, struct mount *mp)
244     {
245     	(void)strncpy(fs->e2fs_fsmnt, mp->mnt_stat.f_mntonname,
246                 sizeof(fs->e2fs_fsmnt));
247     	if (fs->e2fs_ronly == 0 && fs->e2fs.e2fs_rev > E2FS_REV0) {
>>>     CID 1371644:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 64 bytes on destination array "fs->e2fs.e2fs_fsmnt" of size 64 bytes might leave the destination string unterminated.
248     		(void)strncpy(fs->e2fs.e2fs_fsmnt, mp->mnt_stat.f_mntonname,
249                         sizeof(fs->e2fs.e2fs_fsmnt));
250     
251     		fs->e2fs.e2fs_mtime = time_second;
252     		fs->e2fs.e2fs_mnt_count++;
253     

** CID 1371645:  Control flow issues  (DEADCODE)
/sys/ufs/ext2fs/ext2fs_htree.c: 455 in ext2fs_htree_create_index()


________________________________________________________________________________________________________
*** CID 1371645:  Control flow issues  (DEADCODE)
/sys/ufs/ext2fs/ext2fs_htree.c: 455 in ext2fs_htree_create_index()
449     		(void)bwrite(bp);
450     	else
451     		bdwrite(bp);
452     	
453     	dp->i_flag |= IN_CHANGE | IN_UPDATE;
454     	if (error)
>>>     CID 1371645:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "goto out;".
455     		goto out;
456     
457     	/*
458     	 * Write directory block 1.
459     	 */
460     	error = ext2fs_htree_append_block(vp, buf1, cnp, blksize);

** CID 1371646:  Null pointer dereferences  (NULL_RETURNS)
/sys/net/if_sl.c: 303 in slcreate()


________________________________________________________________________________________________________
*** CID 1371646:  Null pointer dereferences  (NULL_RETURNS)
/sys/net/if_sl.c: 303 in slcreate()
297     
298     static int
299     slcreate(struct sl_softc *sc)
300     {
301     
302     	if (sc->sc_mbuf == NULL) {
>>>     CID 1371646:  Null pointer dereferences  (NULL_RETURNS)
>>>     Assigning: "sc->sc_mbuf" = null return value from "m_gethdr".
303     		sc->sc_mbuf = m_gethdr(M_WAIT, MT_DATA);
304     		m_clget(sc->sc_mbuf, M_WAIT);
305     	}
306     	sc->sc_ep = (u_char *)sc->sc_mbuf->m_ext.ext_buf +
307     	    sc->sc_mbuf->m_ext.ext_size;
308     	sc->sc_mp = sc->sc_pktstart = (u_char *)sc->sc_mbuf->m_ext.ext_buf +

** CID 1371647:  Memory - corruptions  (OVERRUN)
/sys/kern/kern_sig.c: 601 in sigget()


________________________________________________________________________________________________________
*** CID 1371647:  Memory - corruptions  (OVERRUN)
/sys/kern/kern_sig.c: 601 in sigget()
595     	}
596     
597     	sigdelset(&sp->sp_set, signo);
598     out:
599     	count = siggetinfo(sp, out, signo);
600     	if (count > 1)
>>>     CID 1371647:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "sp->sp_set.__bits" of 4 4-byte elements at element index 134217727 (byte offset 536870908) using index "(unsigned int)signo - 1U >> 5" (which evaluates to 134217727).
601     		sigaddset(&sp->sp_set, signo);
602     	return signo;
603     }
604     
605     /*
606      * sigput:

** CID 1371648:  Memory - illegal accesses  (OVERRUN)
/sys/ufs/ext2fs/ext2fs_xattr.c: 295 in ext2fs_list_xattr()


________________________________________________________________________________________________________
*** CID 1371648:  Memory - illegal accesses  (OVERRUN)
/sys/ufs/ext2fs/ext2fs_xattr.c: 295 in ext2fs_list_xattr()
289     		if ((attrnamespace == EXTATTR_NAMESPACE_USER && e->e_name_index != EXT2FS_XATTR_PREFIX_USER) ||
290     		    (attrnamespace == EXTATTR_NAMESPACE_SYSTEM && e->e_name_index == EXT2FS_XATTR_PREFIX_USER)) {
291     			continue;
292     		}
293     
294     		if (e->e_name_index <= sizeof(xattr_prefix_index)/sizeof(void *))
>>>     CID 1371648:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "xattr_prefix_index" of 10 4-byte elements at element index 10 (byte offset 40) using index "e->e_name_index" (which evaluates to 10).
295     			prefix = xattr_prefix_index[e->e_name_index];
296     		else
297     			prefix = "";
298     
299     		len = snprintf(name, sizeof(name), "%s%.*s",
300     			prefix,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjEGdxS-2FDDouPkeZ4HbDca3C30UoLW748TLKQM-2BXRpGRc-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UduUK7YhoUTPGnpyZN7gvCtxn-2F2jvXvbjXZUQLU7NcWJtQUz8IXo-2B3N5wFmwUyF4ZctR1PvULjquC1XL6Cizrek6HjHTX3LTKkVJxGUT-2FQiZHDg8Fxug50FX8kOY6lhbkEeWmgr-2F053NE5mh4MfoD1mPRsk5E-2BDlolR0Ujy9awBHz9CHpN-2F5pZ5rDgeEtBJAM-3D

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UduUK7YhoUTPGnpyZN7gvCtxn-2F2jvXvbjXZUQLU7NcWDr-2Ftjn-2FqiWGGh1xkv-2BeredgWvv-2Fm0P6lY0E-2BjXJ0WtSuSv40X7reIQrqz4pRdjejccVgRcdwa5pA6tmYxP5xzQ1UIlW2kq6TyvGA5wyQ3wj0sw1674rMuEX51HAmA-2BPzoj3fA4-2BkjuPXC2bpIS8T4U-3D
Prev by Date: New Defects reported by Coverity Scan for NetBSD-amd64-user
Next by Date: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Previous by Thread: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Next by Thread: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Indexes:
Home | Main Index | Thread Index | Old Index