Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.

57 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
76 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 57 defect(s)


** CID 271729:  Resource leaks  (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/read-stringtable.c: 943 in stringtable_parse()


________________________________________________________________________________________________________
*** CID 271729:  Resource leaks  (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/read-stringtable.c: 943 in stringtable_parse()
937     	  else
938     	    {
939     	      po_xerror (PO_SEVERITY_ERROR, NULL,
940     			 real_file_name, gram_pos.line_number, (size_t)(-1),
941     			 false, _("\
942     warning: syntax error, expected ';' after string"));
>>>     CID 271729:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "msgstr" going out of scope leaks the storage it points to.
943     	      break;
944     	    }
945     	}
946           else
947     	{
948     	  po_xerror (PO_SEVERITY_ERROR, NULL,

** CID 272135:  Resource leaks  (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/msgmerge.c: 1691 in merge()


________________________________________________________________________________________________________
*** CID 272135:  Resource leaks  (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/msgmerge.c: 1691 in merge()
1685     	     (long) stats.obsolete);
1686       else if (!quiet)
1687         fputs (_(" done.\n"), stderr);
1688     
1689       /* Return results.  */
1690       *defp = def;
>>>     CID 272135:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "empty_list" going out of scope leaks the storage it points to.
1691       return result;

** CID 600473:  Null pointer dereferences  (FORWARD_NULL)
/external/gpl2/diffutils/dist/src/diff.c: 1257 in compare_files()


________________________________________________________________________________________________________
*** CID 600473:  Null pointer dereferences  (FORWARD_NULL)
/external/gpl2/diffutils/dist/src/diff.c: 1257 in compare_files()
1251     		  || (unidirectional_new_file
1252     		      && cmp.file[0].desc == NONEXISTENT)))
1253     	    status = diff_dirs (&cmp, compare_files);
1254     	  else
1255     	    {
1256     	      char const *dir
>>>     CID 600473:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "parent".
1257     		= parent->file[cmp.file[0].desc == NONEXISTENT].name;
1258     
1259     	      /* See POSIX 1003.1-2001 for this format.  */
1260     	      message ("Only in %s: %s\n", dir, name0);
1261     
1262     	      status = EXIT_FAILURE;

** CID 600477:  Null pointer dereferences  (FORWARD_NULL)
/external/gpl3/gdb/dist/gdb/ada-lang.c: 10672 in ada_evaluate_subexp()


________________________________________________________________________________________________________
*** CID 600477:  Null pointer dereferences  (FORWARD_NULL)
/external/gpl3/gdb/dist/gdb/ada-lang.c: 10672 in ada_evaluate_subexp()
10666           {
10667             struct type *type_arg;
10668     
10669             if (exp->elts[*pos].opcode == OP_TYPE)
10670               {
10671                 evaluate_subexp (NULL_TYPE, exp, pos, EVAL_SKIP);
>>>     CID 600477:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "arg1" = "NULL".
10672                 arg1 = NULL;
10673                 type_arg = check_typedef (exp->elts[pc + 2].type);
10674               }
10675             else
10676               {
10677                 arg1 = evaluate_subexp (NULL_TYPE, exp, pos, noside);

** CID 602870:    (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 132 in proper_name_utf8()
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 146 in proper_name_utf8()
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 154 in proper_name_utf8()


________________________________________________________________________________________________________
*** CID 602870:    (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 132 in proper_name_utf8()
126     	  || (name_converted_translit != NULL
127     	      && strstr (translation, name_converted_translit) != NULL))
128     	{
129     	  if (alloc_name_converted != NULL)
130     	    free (alloc_name_converted);
131     	  if (alloc_name_converted_translit != NULL)
>>>     CID 602870:    (DEADCODE)
>>>     Execution cannot reach this statement: "free(alloc_name_converted_t...".
132     	    free (alloc_name_converted_translit);
133     	  return translation;
134     	}
135           else
136     	{
137     	  /* Return "TRANSLATION (NAME)".  */
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 146 in proper_name_utf8()
140     
141     	  sprintf (result, "%s (%s)", translation, name);
142     
143     	  if (alloc_name_converted != NULL)
144     	    free (alloc_name_converted);
145     	  if (alloc_name_converted_translit != NULL)
>>>     CID 602870:    (DEADCODE)
>>>     Execution cannot reach this statement: "free(alloc_name_converted_t...".
146     	    free (alloc_name_converted_translit);
147     	  return result;
148     	}
149         }
150       else
151         {
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 154 in proper_name_utf8()
148     	}
149         }
150       else
151         {
152           if (alloc_name_converted != NULL && alloc_name_converted != name)
153     	free (alloc_name_converted);
>>>     CID 602870:    (DEADCODE)
>>>     Execution cannot reach the expression "alloc_name_converted_translit != name" inside this statement: "if (alloc_name_converted_tr...".
154           if (alloc_name_converted_translit != NULL
155     	  && alloc_name_converted_translit != name)
156     	free (alloc_name_converted_translit);
157           return name;
158         }

** CID 980971:  Integer handling issues  (SIGN_EXTENSION)
/sys/dev/usb/hid.c: 464 in hid_get_udata()


________________________________________________________________________________________________________
*** CID 980971:  Integer handling issues  (SIGN_EXTENSION)
/sys/dev/usb/hid.c: 464 in hid_get_udata()
458     
459     	data = 0;
460     	off = hpos / 8;
461     	num = (hpos + hsize + 7) / 8 - off;
462     
463     	for (i = 0; i < num; i++)
>>>     CID 980971:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "buf[off + i]" with type "unsigned char" (8 bits, unsigned) is promoted in "buf[off + i] << i * 8U" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "buf[off + i] << i * 8U" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
464     		data |= buf[off + i] << (i * 8);
465     
466     	data >>= hpos % 8;
467     	if (hsize < sizeof(data) * NBBY)
468     		data &= (1UL << hsize) - 1;
469     

** CID 991186:  Control flow issues  (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 115 in proper_name_utf8()


________________________________________________________________________________________________________
*** CID 991186:  Control flow issues  (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 115 in proper_name_utf8()
109         {
110           name_converted = name_utf8;
111           name_converted_translit = name_utf8;
112         }
113     
114       /* The name in locale encoding.  */
>>>     CID 991186:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "name_converted_translit" inside this statement: "name = ((name_converted != ...".
115       name = (name_converted != NULL ? name_converted :
116     	  name_converted_translit != NULL ? name_converted_translit :
117     	  name_ascii);
118     
119       if (translation != name_ascii)
120         {

** CID 1006746:    (STRING_OVERFLOW)
/external/bsd/flex/dist/src/scan.l: 296 in flexscan()
/external/bsd/flex/dist/src/scan.l: 439 in flexscan()
/external/bsd/flex/dist/src/scan.l: 188 in flexscan()
/external/bsd/flex/dist/src/scan.l: 200 in flexscan()


________________________________________________________________________________________________________
*** CID 1006746:    (STRING_OVERFLOW)
/external/bsd/flex/dist/src/scan.l: 296 in flexscan()
290     <PICKUPDEF>{
291     	{WS}		/* separates name and definition */
292     
293     	{NOT_WS}[^\r\n]*	{
294      		        if(yyleng < MAXLINE)
295      		         {
>>>     CID 1006746:    (STRING_OVERFLOW)
>>>     You might overrun the 2048 byte fixed-size string "nmdef" by copying "yytext" without checking the length.
296     			strcpy( (char *) nmdef, yytext );
297      		         }
298      		        else
299      		         {
300      		           format_synerr( _("Definition value for {%s} too long\n"), nmstr);
301      		           FLEX_EXIT(EXIT_FAILURE);
/external/bsd/flex/dist/src/scan.l: 439 in flexscan()
433                         }
434     
435     
436     	\"[^"\n]*\"	{
437     			if(yyleng-1 < MAXLINE)
438             		 {
>>>     CID 1006746:    (STRING_OVERFLOW)
>>>     You might overrun the 2048 byte fixed-size string "nmstr" by copying "yytext + 1" without checking the length.
439     			strcpy( nmstr, yytext + 1 );
440     			 }
441     			else
442     			 {
443     			   synerr( _("Option line too long\n"));
444     			   FLEX_EXIT(EXIT_FAILURE);
/external/bsd/flex/dist/src/scan.l: 188 in flexscan()
182     	/* xgettext: no-c-format */
183     	^"%"[^sxaceknopr{}].*	synerr( _( "unrecognized '%' directive" ) );
184     
185     	^{NAME}		{
186     			if(yyleng < MAXLINE)
187             		 {
>>>     CID 1006746:    (STRING_OVERFLOW)
>>>     You might overrun the 2048 byte fixed-size string "nmstr" by copying "yytext" without checking the length.
188     			strcpy( nmstr, yytext );
189     			 }
190     			else
191     			 {
192     			   synerr( _("Definition name too long\n"));
193     			   FLEX_EXIT(EXIT_FAILURE);
/external/bsd/flex/dist/src/scan.l: 200 in flexscan()
194     			 }
195     
196     			didadef = false;
197     			BEGIN(PICKUPDEF);
198     			}
199     
>>>     CID 1006746:    (STRING_OVERFLOW)
>>>     You might overrun the 2048 byte fixed-size string "nmstr" by copying "yytext" without checking the length.
200     	{SCNAME}	RETURNNAME;
201     	^{OPTWS}{NL}	++linenum; /* allows blank lines in section 1 */
202     	{OPTWS}{NL}	ACTION_ECHO; ++linenum; /* maybe end of comment line */
203     }
204     
205     

** CID 1056891:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet6.c: 491 in in6_addr_flags()


________________________________________________________________________________________________________
*** CID 1056891:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet6.c: 491 in in6_addr_flags()
485     	int s;
486     	struct in6_ifreq ifr;
487     
488     	if ((s = getsock(AF_INET6)) == -1)
489     		err(EXIT_FAILURE, "%s: getsock", __func__);
490     	memset(&ifr, 0, sizeof(ifr));
>>>     CID 1056891:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 16 bytes on destination array "ifr.ifr_name" of size 16 bytes might leave the destination string unterminated.
491     	strncpy(ifr.ifr_name, ifa->ifa_name, sizeof(ifr.ifr_name));
492     	ifr.ifr_addr = *(struct sockaddr_in6 *)ifa->ifa_addr;
493     	if (prog_ioctl(s, SIOCGIFAFLAG_IN6, &ifr) == -1)
494     		err(EXIT_FAILURE, "SIOCGIFAFLAG_IN6");
495     	return ifr.ifr_ifru.ifru_flags6 & flags ? true : false;
496     }

** CID 1233467:  Security best practices violations  (STRING_OVERFLOW)
/external/bsd/dhcp/dist/server/ddns.c: 1158 in ddns_update_lease_ptr()


________________________________________________________________________________________________________
*** CID 1233467:  Security best practices violations  (STRING_OVERFLOW)
/external/bsd/dhcp/dist/server/ddns.c: 1158 in ddns_update_lease_ptr()
1152     	if (ddns_cb == NULL) {
1153     		log_info("%s(%d): No control block for lease update",
1154     			 file, line);
1155     		return (ISC_R_FAILURE);
1156     	}
1157     	else {
>>>     CID 1233467:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 46 byte fixed-size string "ddns_address" by copying the return value of "piaddr" without checking the length.
1158     		strcpy(ddns_address, piaddr(ddns_cb->address));
1159     	}
1160     #if defined (DEBUG_DNS_UPDATES)
1161     	log_info("%s(%d): Updating lease_ptr for ddns_cp=%p (addr=%s)",
1162     		 file, line, ddns_cb, ddns_address );
1163     #endif

** CID 1298238:    (TAINTED_STRING)
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()


________________________________________________________________________________________________________
*** CID 1298238:    (TAINTED_STRING)
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459     			e = fscanf(pidfd, "%ld\n", &temp);
460     			oldpid = (pid_t)temp;
461     
462     			if (e != 0 && e != EOF && oldpid) {
463     				if (kill(oldpid, SIGTERM) == 0) {
464     					log_info("Killed old client process");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465     					(void) unlink(path_dhclient_pid);
466     					/*
467     					 * wait for the old process to
468     					 * cleanly terminate.
469     					 * Note kill() with sig=0 could
470     					 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470     					 * detect termination but only
471     					 * the parent can be signaled...
472     					 */
473     					sleep(1);
474     				} else if (errno == ESRCH) {
475     					log_info("Removed stale PID file");
>>>     CID 1298238:    (TAINTED_STRING)
>>>     Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476     					(void) unlink(path_dhclient_pid);
477     				}
478     			}
479     			fclose(pidfd);
480     		}
481     	}

** CID 1298707:  Uninitialized variables  (UNINIT)
/sys/external/bsd/acpica/dist/compiler/dttable1.c: 1232 in DtCompileIort()


________________________________________________________________________________________________________
*** CID 1298707:  Uninitialized variables  (UNINIT)
/sys/external/bsd/acpica/dist/compiler/dttable1.c: 1232 in DtCompileIort()
1226         UINT32                  NodeNumber;
1227         UINT32                  NodeLength;
1228         UINT32                  IdMappingNumber;
1229         UINT32                  ItsNumber;
1230         UINT32                  ContextIrptNumber;
1231         UINT32                  PmuIrptNumber;
>>>     CID 1298707:  Uninitialized variables  (UNINIT)
>>>     Declaring variable "PaddingLength" without initializer.
1232         UINT32                  PaddingLength;
1233     
1234     
1235         ParentTable = DtPeekSubtable ();
1236     
1237         Status = DtCompileTable (PFieldList, AcpiDmTableInfoIort,

** CID 1311982:  Error handling issues  (CHECKED_RETURN)
/external/bsd/dhcp/dist/common/options.c: 4351 in parse_vendor_option()


________________________________________________________________________________________________________
*** CID 1311982:  Error handling issues  (CHECKED_RETURN)
/external/bsd/dhcp/dist/common/options.c: 4351 in parse_vendor_option()
4345     	oc = lookup_option(vendor_cfg_option->universe,
4346     			   out_options, vendor_cfg_option->code);
4347     	if (oc == NULL)
4348     		return;
4349     
4350     	memset(&name, 0, sizeof(name));
>>>     CID 1311982:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "evaluate_option_cache" without checking return value (as is done elsewhere 150 out of 157 times).
4351     	evaluate_option_cache(&name, packet, lease, client_state,
4352     			      in_options, out_options, scope, oc, MDL);
4353     
4354     	/* No name, all done */
4355     	if (name.len == 0)
4356     		return;

** CID 1330835:  Uninitialized variables  (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 793 in gl_linked_iterator()


________________________________________________________________________________________________________
*** CID 1330835:  Uninitialized variables  (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 793 in gl_linked_iterator()
787     #ifdef lint
788       result.i = 0;
789       result.j = 0;
790       result.count = 0;
791     #endif
792     
>>>     CID 1330835:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "result". Field "result.count" is uninitialized.
793       return result;
794     }
795     
796     static gl_list_iterator_t
797     gl_linked_iterator_from_to (gl_list_t list,
798     			    size_t start_index, size_t end_index)

** CID 1330836:  Uninitialized variables  (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 864 in gl_linked_iterator_from_to()


________________________________________________________________________________________________________
*** CID 1330836:  Uninitialized variables  (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 864 in gl_linked_iterator_from_to()
858     #ifdef lint
859       result.i = 0;
860       result.j = 0;
861       result.count = 0;
862     #endif
863     
>>>     CID 1330836:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "result". Field "result.count" is uninitialized.
864       return result;
865     }
866     
867     static bool
868     gl_linked_iterator_next (gl_list_iterator_t *iterator,
869     			 const void **eltp, gl_list_node_t *nodep)

** CID 1340268:    (RESOURCE_LEAK)
/sys/external/bsd/acpica/dist/common/adisasm.c: 209 in AdAmlDisassemble()
/sys/external/bsd/acpica/dist/common/adisasm.c: 301 in AdAmlDisassemble()


________________________________________________________________________________________________________
*** CID 1340268:    (RESOURCE_LEAK)
/sys/external/bsd/acpica/dist/common/adisasm.c: 209 in AdAmlDisassemble()
203     
204             /* Process any user-specified files for external objects */
205     
206             Status = AdDoExternalFileList (Filename);
207             if (ACPI_FAILURE (Status))
208             {
>>>     CID 1340268:    (RESOURCE_LEAK)
>>>     Variable "ListHead" going out of scope leaks the storage it points to.
209                 return (Status);
210             }
211         }
212         else
213         {
214             Status = AdGetLocalTables ();
/sys/external/bsd/acpica/dist/common/adisasm.c: 301 in AdAmlDisassemble()
295             fclose (File);
296             AcpiOsRedirectOutput (stdout);
297         }
298     
299         AcpiPsDeleteParseTree (AcpiGbl_ParseOpRoot);
300         AcpiGbl_ParseOpRoot = NULL;
>>>     CID 1340268:    (RESOURCE_LEAK)
>>>     Variable "ListHead" going out of scope leaks the storage it points to.
301         return (Status);
302     }
303     
304     
305     /******************************************************************************
306      *

** CID 1348201:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet.c: 234 in in_addr_flags()


________________________________________________________________________________________________________
*** CID 1348201:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet.c: 234 in in_addr_flags()
228     in_addr_flags(struct ifaddrs *ifa, int flags)
229     {
230     	int s;
231     	struct ifreq ifr;
232     
233     	memset(&ifr, 0, sizeof(ifr));
>>>     CID 1348201:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 16 bytes on destination array "ifr.ifr_name" of size 16 bytes might leave the destination string unterminated.
234     	strncpy(ifr.ifr_name, ifa->ifa_name, sizeof(ifr.ifr_name));
235     	ifr.ifr_addr = *ifa->ifa_addr;
236     	if ((s = getsock(AF_INET)) == -1)
237     		err(EXIT_FAILURE, "%s: getsock", __func__);
238     	if (prog_ioctl(s, SIOCGIFAFLAG_IN, &ifr) == -1)
239     		err(EXIT_FAILURE, "SIOCGIFAFLAG_IN");

** CID 1348202:  Error handling issues  (CHECKED_RETURN)


________________________________________________________________________________________________________
*** CID 1348202:  Error handling issues  (CHECKED_RETURN)
/external/bsd/tmux/dist/client.c: 594 in client_exec()
588     		xasprintf(&argv0, "%s", name);
589     	setenv("SHELL", shell, 1);
590     
591     	setblocking(STDIN_FILENO, 1);
592     	setblocking(STDOUT_FILENO, 1);
593     	setblocking(STDERR_FILENO, 1);
>>>     CID 1348202:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "closefrom(3)" without checking return value. It wraps a library function that may fail and return an error code.
594     	closefrom(STDERR_FILENO + 1);
595     
596     	execl(shell, argv0, "-c", shell_cmd, (char *) NULL);
597     	fatal("execl failed");
598     }
599     

** CID 1348203:    (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 403 in AcValidateTableHeader()
/sys/external/bsd/acpica/dist/common/acfileio.c: 400 in AcValidateTableHeader()


________________________________________________________________________________________________________
*** CID 1348203:    (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 403 in AcValidateTableHeader()
397         /* Read a potential table header */
398     
399         OriginalOffset = ftell (File);
400         fseek (File, TableOffset, SEEK_SET);
401     
402         Actual = fread (&TableHeader, 1, sizeof (ACPI_TABLE_HEADER), File);
>>>     CID 1348203:    (CHECKED_RETURN)
>>>     Calling "fseek(File, OriginalOffset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
403         fseek (File, OriginalOffset, SEEK_SET);
404     
405         if (Actual < sizeof (ACPI_TABLE_HEADER))
406         {
407             return (AE_ERROR);
408         }
/sys/external/bsd/acpica/dist/common/acfileio.c: 400 in AcValidateTableHeader()
394         ACPI_FUNCTION_TRACE ("AcValidateTableHeader");
395     
396     
397         /* Read a potential table header */
398     
399         OriginalOffset = ftell (File);
>>>     CID 1348203:    (CHECKED_RETURN)
>>>     Calling "fseek(File, TableOffset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
400         fseek (File, TableOffset, SEEK_SET);
401     
402         Actual = fread (&TableHeader, 1, sizeof (ACPI_TABLE_HEADER), File);
403         fseek (File, OriginalOffset, SEEK_SET);
404     
405         if (Actual < sizeof (ACPI_TABLE_HEADER))

** CID 1348204:  Error handling issues  (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 288 in AcGetOneTableFromFile()


________________________________________________________________________________________________________
*** CID 1348204:  Error handling issues  (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 288 in AcGetOneTableFromFile()
282         {
283             return (AE_NO_MEMORY);
284         }
285     
286         /* Read the entire ACPI table, including header */
287     
>>>     CID 1348204:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "fseek(File, TableOffset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
288         fseek (File, TableOffset, SEEK_SET);
289     
290         Count = fread (Table, 1, TableHeader.Length, File);
291         if (Count != (INT32) TableHeader.Length)
292         {
293             Status = AE_ERROR;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782



Home | Main Index | Thread Index | Old Index