New Defects reported by Coverity Scan for NetBSD-i386-kernel

To: coverity-updates%netbsd.org@localhost
Subject: New Defects reported by Coverity Scan for NetBSD-i386-kernel
From: scan-admin%coverity.com@localhost
Date: Thu, 01 Jan 2015 23:48:32 -0800

Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.

3 new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1261465:  Dereference after null check  (FORWARD_NULL)
/sys/dev/usb/umidi.c: 505 in umidi_open()

** CID 1261466:  Out-of-bounds access  (OVERRUN)
/sys/fs/smbfs/smbfs_node.c: 150 in smbfs_nget()

** CID 1261467:  Structurally dead code  (UNREACHABLE)
/sys/dev/usb/umidi.c: 390 in umidi_attach()


________________________________________________________________________________________________________
*** CID 1261465:  Dereference after null check  (FORWARD_NULL)
/sys/dev/usb/umidi.c: 505 in umidi_open()
499     		return EBUSY;
500     	if (sc->sc_dying)
501     		return EIO;
502     
503     	mididev->opened = 1;
504     	mididev->flags = flags;
>>>     CID 1261465:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "mididev->out_jack" to null implies that "mididev->out_jack" might be null.
505     	if ((mididev->flags & FWRITE) && mididev->out_jack) {
506     		err = open_out_jack(mididev->out_jack, arg, ointr);
507     		if (err != USBD_NORMAL_COMPLETION)
508     			goto bad;
509     	}
510     	if ((mididev->flags & FREAD) && mididev->in_jack) {

________________________________________________________________________________________________________
*** CID 1261466:  Out-of-bounds access  (OVERRUN)
/sys/fs/smbfs/smbfs_node.c: 150 in smbfs_nget()
144     	if (key_len > sizeof(small_key))
145     		key = kmem_alloc(key_len, KM_SLEEP);
146     	else
147     		key = &small_key.u_key;
148     	key->k_parent = dvp;
149     	key->k_nmlen = nmlen;
>>>     CID 1261466:  Out-of-bounds access  (OVERRUN)
>>>     Overrunning struct type smbkey of 0 bytes by passing it to a function which accesses it at byte offset 1 using argument "nmlen" (which evaluates to 2).
150     	memcpy(key->k_name, name, nmlen);
151     
152     retry:
153     	error = vcache_get(mp, key, key_len, &vp);
154     	if (error)
155     		goto out;

________________________________________________________________________________________________________
*** CID 1261467:  Structurally dead code  (UNREACHABLE)
/sys/dev/usb/umidi.c: 390 in umidi_attach()
384     		    "assign_all_jacks_automatically failed. (err=%d)\n", err);
385     		goto out_free_jacks;
386     	}
387     	err = attach_all_mididevs(sc);
388     	if (err != USBD_NORMAL_COMPLETION) {
389     		goto out_free_jacks;
>>>     CID 1261467:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "aprint_error_dev(self, "att...".
390     		aprint_error_dev(self,
391     		    "attach_all_mididevs failed. (err=%d)\n", err);
392     	}
393     
394     #ifdef UMIDI_DEBUG
395     	dump_sc(sc);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1450?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click http://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .

Prev by Date: New Defects reported by Coverity Scan for NetBSD-amd64-user
Next by Date: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Previous by Thread: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Next by Thread: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Indexes:

Home | Main Index | Thread Index | Old Index