Hi, these bugs were all found using the Coverity Prevent static analysis 
tool.  In addition to our existing platforms, today marks the first 
availablity of a native x86 NetBSD port for the host environment.  All 
cross-compile targets are supported.  For more information about 
Coverity Prevent, see our website, http://www.coverity.com/.

Bug 1:
tp_timer.c tp_slowtimo()
Looks like somebody already knows about this one.  After freeing tpcb at 
line 223, it's used again at line 201.

Bug 2:
est.c est_init()
if any of the sysctl calls fail, freq_names is leaked.  probably minor.

Bug 3:
uaudio.c uadio_identify_ac()
iot allocated at line 1871 is leaked at the return at line 1882.

Bug 4+5:
linux_socket.c bsd_to_linux_msg_flags()
sizeof() at line 270 is pretty clearly wrong.
Same thing in linux_to_bsd_msg_flags.
sizeof() / sizeof(int) / 2  is more like it.

Bug 6:
if_ex_pci.c ex_pci_attach()
line 276 overwrites quite a bit past the size of psc_regs.

-- 
Ted Unangst             www.coverity.com             Coverity, Inc.