Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-kernel



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.

3 new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1325753:  Control flow issues  (UNREACHABLE)
/sys/kern/kern_time.c: 322 in sys_clock_nanosleep()


________________________________________________________________________________________________________
*** CID 1325753:  Control flow issues  (UNREACHABLE)
/sys/kern/kern_time.c: 322 in sys_clock_nanosleep()
316     	    SCARG(uap, rmtp) ? &rmt : NULL);
317     	if (SCARG(uap, rmtp) == NULL || (error != 0 && error != EINTR))
318     		goto out;
319     		return error;
320     
321     	if ((error1 = copyout(&rmt, SCARG(uap, rmtp), sizeof(rmt))) != 0)
>>>     CID 1325753:  Control flow issues  (UNREACHABLE)
>>>     This code cannot be reached: "error = error1;".
322     		error = error1;
323     out:
324     	*retval = error;
325     	return 0;
326     }
327     

** CID 1325752:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sys/dev/acpi/acpi_mcfg.c: 186 in acpimcfg_parse_callback()


________________________________________________________________________________________________________
*** CID 1325752:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sys/dev/acpi/acpi_mcfg.c: 186 in acpimcfg_parse_callback()
180     	    "Address=0x%016" PRIx64 ", Length=0x%016" PRIx64 "\n",
181     	    mr->hid, res->Type, type, mapaddr, mapsize);
182     
183     	if (mr->address < mapaddr || mr->address >= mapaddr + mapsize)
184     		return_ACPI_STATUS(AE_OK);
185     
>>>     CID 1325752:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "(mr->bus_end - mr->bus_start + 1) * 1048576" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
186     	size = (mr->bus_end - mr->bus_start + 1) * ACPIMCFG_SIZE_PER_BUS;
187     
188     	/* full map */
189     	if (mr->address + size <= mapaddr + mapsize) {
190     		mr->found = true;
191     		return_ACPI_STATUS(AE_CTRL_TERMINATE);

** CID 1325751:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sys/arch/x86/acpi/acpi_machdep.c: 355 in acpi_md_mcfg_validate()


________________________________________________________________________________________________________
*** CID 1325751:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sys/arch/x86/acpi/acpi_machdep.c: 355 in acpi_md_mcfg_validate()
349     	int i, n;
350     
351     	bim = lookup_bootinfo(BTINFO_MEMMAP);
352     	if (bim == NULL)
353     		return false;
354     
>>>     CID 1325751:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "(*bus_end - bus_start + 1) * 1048576" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
355     	size = (*bus_end - bus_start + 1) * ACPIMCFG_SIZE_PER_BUS;
356     	for (i = 0; i < bim->num; i++) {
357     		mapaddr = bim->entry[i].addr;
358     		mapsize = bim->entry[i].size;
359     		type = bim->entry[i].type;
360     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-kernel?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782



Home | Main Index | Thread Index | Old Index