Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
137 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
75 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 137 defect(s)
** CID 271016: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/gdb/printcmd.c: 1113 in do_examine()
________________________________________________________________________________________________________
*** CID 271016: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/gdb/printcmd.c: 1113 in do_examine()
1107 next_address = find_string_backward (gdbarch, addr, count,
1108 TYPE_LENGTH (val_type),
1109 &opts, &count);
1110 }
1111 else
1112 {
>>> CID 271016: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "val_type".
1113 next_address = addr - count * TYPE_LENGTH (val_type);
1114 }
1115
1116 /* The following call to print_formatted updates next_address in every
1117 iteration. In backward case, we store the start address here
1118 and update next_address with it before exiting the function. */
** CID 732669: Integer handling issues (NO_EFFECT)
/external/gpl3/gcc/dist/libgcc/soft-fp/floatunditf.c: 41 in __floatunditf()
________________________________________________________________________________________________________
*** CID 732669: Integer handling issues (NO_EFFECT)
/external/gpl3/gcc/dist/libgcc/soft-fp/floatunditf.c: 41 in __floatunditf()
35 TFtype
36 __floatunditf (UDItype i)
37 {
38 FP_DECL_Q (A);
39 TFtype a;
40
>>> CID 732669: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "i < 0UL".
41 FP_FROM_INT_Q (A, i, DI_BITS, UDItype);
42 FP_PACK_RAW_Q (a, A);
43
44 return a;
** CID 732670: Integer handling issues (NO_EFFECT)
/external/gpl3/gcc/dist/libgcc/soft-fp/floatunsitf.c: 41 in __floatunsitf()
________________________________________________________________________________________________________
*** CID 732670: Integer handling issues (NO_EFFECT)
/external/gpl3/gcc/dist/libgcc/soft-fp/floatunsitf.c: 41 in __floatunsitf()
35 TFtype
36 __floatunsitf (USItype i)
37 {
38 FP_DECL_Q (A);
39 TFtype a;
40
>>> CID 732670: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "i < 0U".
41 FP_FROM_INT_Q (A, i, SI_BITS, USItype);
42 FP_PACK_RAW_Q (a, A);
43
44 return a;
** CID 732671: Integer handling issues (NO_EFFECT)
/external/gpl3/gcc/dist/libgcc/soft-fp/floatuntitf.c: 41 in __floatuntitf()
________________________________________________________________________________________________________
*** CID 732671: Integer handling issues (NO_EFFECT)
/external/gpl3/gcc/dist/libgcc/soft-fp/floatuntitf.c: 41 in __floatuntitf()
35 {
36 FP_DECL_EX;
37 FP_DECL_Q (A);
38 TFtype a;
39
40 FP_INIT_ROUNDMODE;
>>> CID 732671: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "i < 0".
41 FP_FROM_INT_Q (A, i, TI_BITS, UTItype);
42 FP_PACK_RAW_Q (a, A);
43 FP_HANDLE_EXCEPTIONS;
44
45 return a;
** CID 976933: Null pointer dereferences (NULL_RETURNS)
/external/bsd/openldap/dist/libraries/libldap/tls_o.c: 815 in tlso_sb_setup()
________________________________________________________________________________________________________
*** CID 976933: Null pointer dereferences (NULL_RETURNS)
/external/bsd/openldap/dist/libraries/libldap/tls_o.c: 815 in tlso_sb_setup()
809 return -1;
810 }
811
812 p->session = arg;
813 p->sbiod = sbiod;
814 bio = BIO_new( &tlso_bio_method );
>>> CID 976933: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "bio".
815 bio->ptr = (void *)p;
816 SSL_set_bio( p->session, bio, bio );
817 sbiod->sbiod_pvt = p;
818 return 0;
819 }
820
** CID 976963: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/dwarf2-frame.c: 1512 in dwarf2_frame_cfa()
________________________________________________________________________________________________________
*** CID 976963: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/dwarf2-frame.c: 1512 in dwarf2_frame_cfa()
1506 if (frame_unwinder_is (this_frame, &record_btrace_tailcall_frame_unwind)
1507 || frame_unwinder_is (this_frame, &record_btrace_frame_unwind))
1508 throw_error (NOT_AVAILABLE_ERROR,
1509 _("cfa not available for record btrace target"));
1510
1511 while (get_frame_type (this_frame) == INLINE_FRAME)
>>> CID 976963: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "this_frame" = null return value from "get_prev_frame".
1512 this_frame = get_prev_frame (this_frame);
1513 if (get_frame_unwind_stop_reason (this_frame) == UNWIND_UNAVAILABLE)
1514 throw_error (NOT_AVAILABLE_ERROR,
1515 _("can't compute CFA for this frame: "
1516 "required registers or memory are unavailable"));
1517
** CID 976964: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/elfread.c: 899 in elf_gnu_ifunc_resolver_stop()
________________________________________________________________________________________________________
*** CID 976964: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/elfread.c: 899 in elf_gnu_ifunc_resolver_stop()
893 /* Handle inferior hit of bp_gnu_ifunc_resolver, see its definition. */
894
895 static void
896 elf_gnu_ifunc_resolver_stop (struct breakpoint *b)
897 {
898 struct breakpoint *b_return;
>>> CID 976964: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "prev_frame" = null return value from "get_prev_frame".
899 struct frame_info *prev_frame = get_prev_frame (get_current_frame ());
900 struct frame_id prev_frame_id = get_stack_frame_id (prev_frame);
901 CORE_ADDR prev_pc = get_frame_pc (prev_frame);
902 int thread_id = ptid_to_global_thread_id (inferior_ptid);
903
904 gdb_assert (b->type == bp_gnu_ifunc_resolver);
** CID 980439: Memory - illegal accesses (OVERRUN)
/sys/kern/sys_ptrace_common.c: 1074 in process_dofpregs()
________________________________________________________________________________________________________
*** CID 980439: Memory - illegal accesses (OVERRUN)
/sys/kern/sys_ptrace_common.c: 1074 in process_dofpregs()
1068 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r))
1069 return EINVAL;
1070
1071 kl = sizeof(r);
1072 kv = (char *)&r;
1073
>>> CID 980439: Memory - illegal accesses (OVERRUN)
>>> Incrementing "kv" by 512. "kv" may now point between bytes 0 and 512 (inclusive) of "r" (which consists of 512 bytes).
1074 kv += uio->uio_offset;
1075 kl -= uio->uio_offset;
1076 if (kl > uio->uio_resid)
1077 kl = uio->uio_resid;
1078
1079 error = process_read_fpregs(l, &r, &kl);
** CID 980440: Memory - illegal accesses (OVERRUN)
/sys/kern/sys_ptrace_common.c: 1024 in process_doregs()
________________________________________________________________________________________________________
*** CID 980440: Memory - illegal accesses (OVERRUN)
/sys/kern/sys_ptrace_common.c: 1024 in process_doregs()
1018 if (uio->uio_offset < 0 || uio->uio_offset > (off_t)sizeof(r))
1019 return EINVAL;
1020
1021 kl = sizeof(r);
1022 kv = (char *)&r;
1023
>>> CID 980440: Memory - illegal accesses (OVERRUN)
>>> Incrementing "kv" by 208. "kv" may now point between bytes 0 and 208 (inclusive) of "r" (which consists of 208 bytes).
1024 kv += uio->uio_offset;
1025 kl -= uio->uio_offset;
1026 if ((size_t)kl > uio->uio_resid)
1027 kl = uio->uio_resid;
1028
1029 error = process_read_regs(l, &r);
** CID 997262: Resource leaks (RESOURCE_LEAK)
/sys/external/bsd/acpica/dist/compiler/prmacros.c: 456 in PrAddMacro()
________________________________________________________________________________________________________
*** CID 997262: Resource leaks (RESOURCE_LEAK)
/sys/external/bsd/acpica/dist/compiler/prmacros.c: 456 in PrAddMacro()
450
451 DefineInfo->Body = Body;
452 DefineInfo->Args = Args;
453 DefineInfo->ArgCount = ArgCount;
454 }
455
>>> CID 997262: Resource leaks (RESOURCE_LEAK)
>>> Variable "Args" going out of scope leaks the storage it points to.
456 return;
457
458
459 ErrorExit:
460 ACPI_FREE (Args);
461 return;
** CID 1088030: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/lib/hx509/ca.c: 1099 in ca_sign()
________________________________________________________________________________________________________
*** CID 1088030: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/lib/hx509/ca.c: 1099 in ca_sign()
1093 if (tbsc->serialNumber.data == NULL){
1094 ret = ENOMEM;
1095 hx509_set_error_string(context, 0, ret, "Out of memory");
1096 goto out;
1097 }
1098 /* XXX diffrent */
>>> CID 1088030: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_bytes" without checking return value (as is done elsewhere 82 out of 102 times).
1099 RAND_bytes(tbsc->serialNumber.data, tbsc->serialNumber.length);
1100 ((unsigned char *)tbsc->serialNumber.data)[0] &= 0x7f;
1101 }
1102 /* signature AlgorithmIdentifier, */
1103 ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature);
1104 if (ret) {
** CID 1088031: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kcm/protocol.c: 1284 in kcm_op_add_ntlm_cred()
________________________________________________________________________________________________________
*** CID 1088031: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kcm/protocol.c: 1284 in kcm_op_add_ntlm_cred()
1278 krb5_error_code ret;
1279
1280 cred = calloc(1, sizeof(*cred));
1281 if (cred == NULL)
1282 return ENOMEM;
1283
>>> CID 1088031: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_bytes" without checking return value (as is done elsewhere 82 out of 102 times).
1284 RAND_bytes(cred->uuid, sizeof(cred->uuid));
1285
1286 ret = krb5_ret_stringz(request, &cred->user);
1287 if (ret)
1288 goto error;
1289
** CID 1088032: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kcm/cache.c: 550 in kcm_ccache_store_cred_internal()
________________________________________________________________________________________________________
*** CID 1088032: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kcm/cache.c: 550 in kcm_ccache_store_cred_internal()
544 ;
545
546 *c = (struct kcm_creds *)calloc(1, sizeof(**c));
547 if (*c == NULL)
548 return KRB5_CC_NOMEM;
549
>>> CID 1088032: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_bytes" without checking return value (as is done elsewhere 82 out of 102 times).
550 RAND_bytes((*c)->uuid, sizeof((*c)->uuid));
551
552 *credp = &(*c)->cred;
553
554 if (copy) {
555 ret = krb5_copy_creds_contents(context, creds, *credp);
** CID 1088033: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kcm/cache.c: 305 in kcm_ccache_alloc()
________________________________________________________________________________________________________
*** CID 1088033: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/heimdal/dist/kcm/cache.c: 305 in kcm_ccache_alloc()
299 }
300 slot->next = ccache_head;
301 HEIMDAL_MUTEX_init(&slot->mutex);
302 new_slot = 1;
303 }
304
>>> CID 1088033: Error handling issues (CHECKED_RETURN)
>>> Calling "RAND_bytes" without checking return value (as is done elsewhere 82 out of 102 times).
305 RAND_bytes(slot->uuid, sizeof(slot->uuid));
306
307 slot->name = strdup(name);
308 if (slot->name == NULL) {
309 ret = KRB5_CC_NOMEM;
310 goto out;
** CID 1170877: Parse warnings (PARSE_ERROR)
/external/gpl3/gcc/dist/libgcc/soft-fp/extended.h: 66 in ()
________________________________________________________________________________________________________
*** CID 1170877: Parse warnings (PARSE_ERROR)
/external/gpl3/gcc/dist/libgcc/soft-fp/extended.h: 66 in ()
60
61 #define _FP_WFRACBITS_DW_E (2 * _FP_WFRACBITS_E)
62 #define _FP_WFRACXBITS_DW_E (_FP_FRACTBITS_DW_E - _FP_WFRACBITS_DW_E)
63 #define _FP_HIGHBIT_DW_E \
64 ((_FP_W_TYPE) 1 << (_FP_WFRACBITS_DW_E - 1) % _FP_W_TYPE_SIZE)
65
>>> CID 1170877: Parse warnings (PARSE_ERROR)
>>> During compilation of file '/home/phil/cov/src/external/gpl3/gcc/dist/libgcc/soft-fp/extendxftf2.c'
66 typedef float XFtype __attribute__ ((mode (XF)));
67
68 #if _FP_W_TYPE_SIZE < 64
69
70 union _FP_UNION_E
71 {
** CID 1211911: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/ssl/ssl_cert.c: 1129 in ssl_add_cert_chain()
________________________________________________________________________________________________________
*** CID 1211911: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/ssl/ssl_cert.c: 1129 in ssl_add_cert_chain()
1123 X509_STORE_CTX xs_ctx;
1124
1125 if (!X509_STORE_CTX_init(&xs_ctx, chain_store, x, NULL)) {
1126 SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, ERR_R_X509_LIB);
1127 return (0);
1128 }
>>> CID 1211911: Error handling issues (CHECKED_RETURN)
>>> Calling "X509_verify_cert" without checking return value (as is done elsewhere 12 out of 15 times).
1129 X509_verify_cert(&xs_ctx);
1130 /* Don't leave errors in the queue */
1131 ERR_clear_error();
1132 for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
1133 x = sk_X509_value(xs_ctx.chain, i);
1134
** CID 1211912: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_scts.c: 166 in timestamp_print()
________________________________________________________________________________________________________
*** CID 1211912: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_scts.c: 166 in timestamp_print()
160 /*
161 * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
162 * characters long with a final Z. Update it with fractional seconds.
163 */
164 BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
165 ASN1_STRING_data(gen), (unsigned int)(timestamp % 1000));
>>> CID 1211912: Error handling issues (CHECKED_RETURN)
>>> Calling "ASN1_GENERALIZEDTIME_set_string" without checking return value (as is done elsewhere 5 out of 6 times).
166 ASN1_GENERALIZEDTIME_set_string(gen, genstr);
167 ASN1_GENERALIZEDTIME_print(out, gen);
168 ASN1_GENERALIZEDTIME_free(gen);
169 }
170
171 static void SCT_free(SCT *sct)
** CID 1211914: Control flow issues (DEADCODE)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 484 in ssl_print_curves()
________________________________________________________________________________________________________
*** CID 1211914: Control flow issues (DEADCODE)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 484 in ssl_print_curves()
478 if (!cname)
479 cname = OBJ_nid2sn(nid);
480 BIO_printf(out, "%s", cname);
481 }
482 }
483 if (ncurves == 0)
>>> CID 1211914: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "BIO_puts(out, "NONE");".
484 BIO_puts(out, "NONE");
485 OPENSSL_free(curves);
486 if (noshared) {
487 BIO_puts(out, "\n");
488 return 1;
489 }
** CID 1211915: Control flow issues (DEADCODE)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 447 in ssl_print_point_formats()
________________________________________________________________________________________________________
*** CID 1211915: Control flow issues (DEADCODE)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 447 in ssl_print_point_formats()
441 BIO_printf(out, "unknown(%d)", (int)*pformats);
442 break;
443
444 }
445 }
446 if (nformats <= 0)
>>> CID 1211915: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "BIO_puts(out, "NONE");".
447 BIO_puts(out, "NONE");
448 BIO_puts(out, "\n");
449 return 1;
450 }
451
452 int ssl_print_curves(BIO *out, SSL *s, int noshared)
** CID 1211918: Control flow issues (MISSING_BREAK)
/crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_ht.c: 359 in OCSP_REQ_CTX_nbio()
________________________________________________________________________________________________________
*** CID 1211918: Control flow issues (MISSING_BREAK)
/crypto/external/bsd/openssl/dist/crypto/ocsp/ocsp_ht.c: 359 in OCSP_REQ_CTX_nbio()
353 rctx->state = OHS_ASN1_WRITE_INIT;
354
355 case OHS_ASN1_WRITE_INIT:
356 rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
357 rctx->state = OHS_ASN1_WRITE;
358
>>> CID 1211918: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
359 case OHS_ASN1_WRITE:
360 n = BIO_get_mem_data(rctx->mem, &p);
361
362 i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len);
363
364 if (i <= 0) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjWas0CuiLQxeHDPm0bvVkx3qGSbylcqhUWgyuH34f4u8-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UsKOfB3Dqhcks2p-2FFJ2pMSMUf5vE6Q55SW5IMWcCBLw3CBB09u7v3WKMIDXvalU-2FwAKToFl-2FezSKW9Bji57Y-2FomU8FNpGJ-2BFZ3FeOgChDlAwF7PDZva-2FiL0Let1KMb6U5HWrvVE8k5rwhNQl0-2FLIHJjToe-2B-2Fe7u1DPHyc50wBCVqJScp0WY9L-2FaisMmz37Uw8-3D
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UsKOfB3Dqhcks2p-2FFJ2pMSMUf5vE6Q55SW5IMWcCBLwyEGysWiMz5-2BUw0FZg1yNomxA5AWT0ywRYvvr-2BexSHJJLK9SrwCbzSOXMWWqGHAa1Z-2BTSfvr5nv4Q3SLGs-2FDeFOJnOqF4eUn3SAH1G4AqA48YBHCd2ebzHmnDuVfQDQ2TurHqmFk17ekGovRARhb4JQ-3D
Home |
Main Index |
Thread Index |
Old Index