Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-kernel



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.

7 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1315719:    (BUFFER_SIZE_WARNING)
/sys/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
/sys/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()


________________________________________________________________________________________________________
*** CID 1315719:    (BUFFER_SIZE_WARNING)
/sys/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
555     lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556     {
557     	if (fs->lfs_is64) {
558     		(void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559     			sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560     	} else {
>>>     CID 1315719:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_32.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
561     		(void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562     			sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563     	}
564     }
565     
566     /* Highest addressable fsb */
/sys/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
552     }
553     
554     static __unused inline void
555     lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556     {
557     	if (fs->lfs_is64) {
>>>     CID 1315719:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_64.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
558     		(void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559     			sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560     	} else {
561     		(void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562     			sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563     	}

** CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()


________________________________________________________________________________________________________
*** CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
498     
499     	fs = ip->i_lfs;
500     
501     	ASSERT_NO_SEGLOCK(fs);
502     
503     	/* If no space, wait for the cleaner */
>>>     CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
504     	lfs_availwait(fs, lfs_btofsb(fs, 1 << lfs_sb_getbshift(fs)));
505     
506     	lbp = (struct lbnentry *)pool_get(&lfs_lbnentry_pool, PR_WAITOK);
507     	lbp->lbn = lbn;
508     	mutex_enter(&lfs_lock);
509     	if (SPLAY_INSERT(lfs_splay, &ip->i_lfs_lbtree, lbp) != NULL) {
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
511     		/* Already there */
512     		pool_put(&lfs_lbnentry_pool, lbp);
513     		return;
514     	}
515     
516     	++ip->i_lfs_nbtree;
>>>     CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
517     	fs->lfs_favail += lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
518     	fs->lfs_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
519     	++locked_fakequeue_count;
520     	lfs_subsys_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
521     	mutex_exit(&lfs_lock);
522     }

** CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 880 in lfs_do_segclean()
/sys/ufs/lfs/lfs_syscalls.c: 882 in lfs_do_segclean()


________________________________________________________________________________________________________
*** CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 880 in lfs_do_segclean()
874     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
875     	if (lfs_sb_getversion(fs) > 1 && segnum == 0 &&
876     	    lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
877     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
878     	mutex_enter(&lfs_lock);
879     	lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>>     CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
880     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
881     	lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
882     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
883     	if (lfs_sb_getdmeta(fs) < 0)
884     		lfs_sb_setdmeta(fs, 0);
885     	mutex_exit(&lfs_lock);
/sys/ufs/lfs/lfs_syscalls.c: 882 in lfs_do_segclean()
876     	    lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
877     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
878     	mutex_enter(&lfs_lock);
879     	lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
880     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
881     	lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>>     CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
882     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
883     	if (lfs_sb_getdmeta(fs) < 0)
884     		lfs_sb_setdmeta(fs, 0);
885     	mutex_exit(&lfs_lock);
886     	sup->su_flags &= ~SEGUSE_DIRTY;
887     	LFS_WRITESEGENTRY(sup, fs, segnum, bp);

** CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2218 in lfs_writeseg()
/sys/ufs/lfs/lfs_segment.c: 2220 in lfs_writeseg()


________________________________________________________________________________________________________
*** CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2218 in lfs_writeseg()
2212     	}
2213     	ssp->ss_datasum = lfs_cksum_fold(sum);
2214     	ssp->ss_sumsum = cksum(&ssp->ss_datasum,
2215     	    lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
2216     
2217     	mutex_enter(&lfs_lock);
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2218     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2219     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2220     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2221     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2222     	mutex_exit(&lfs_lock);
2223     
/sys/ufs/lfs/lfs_segment.c: 2220 in lfs_writeseg()
2214     	ssp->ss_sumsum = cksum(&ssp->ss_datasum,
2215     	    lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
2216     
2217     	mutex_enter(&lfs_lock);
2218     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2219     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2220     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2221     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2222     	mutex_exit(&lfs_lock);
2223     
2224     	/*
2225     	 * When we simply write the blocks we lose a rotation for every block

** CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()


________________________________________________________________________________________________________
*** CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
520     			flags |= B_CLRBUF;
521     		else
522     			flags &= ~B_CLRBUF;
523     
524     #ifdef LFS_READWRITE
525     		error = lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
526     		    lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
527     		if (error)
528     			break;
529     		need_unreserve = true;
530     #endif
531     		error = lfs_balloc(vp, uio->uio_offset, xfersize, cred, flags,
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
554     			brelse(bp, BC_INVAL);
555     			break;
556     		}
557     #ifdef LFS_READWRITE
558     		(void)VOP_BWRITE(bp->b_vp, bp);
559     		lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
560     		    -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
561     		need_unreserve = false;
562     #else
563     		if (ioflag & IO_SYNC)
564     			(void)bwrite(bp);
565     		else if (xfersize + blkoffset == fs->fs_bsize)
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
570     		if (error || xfersize == 0)
571     			break;
572     	}
573     #ifdef LFS_READWRITE
574     	if (need_unreserve) {
575     		lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
576     		    -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
577     	}
578     #endif
579     
580     	error = ulfs_post_write_update(vp, uio, ioflag, cred, osize, resid,
581     	    extended, error);

** CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()


________________________________________________________________________________________________________
*** CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
526     {
527     	ASSERT_MAYBE_SEGLOCK(fs);
528     
529     	mutex_enter(&lfs_lock);
530     	--ip->i_lfs_nbtree;
531     	SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
>>>     CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
532     	if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
533     		fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534     	fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535     	if (locked_fakequeue_count > 0)
536     		--locked_fakequeue_count;
537     	lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
527     	ASSERT_MAYBE_SEGLOCK(fs);
528     
529     	mutex_enter(&lfs_lock);
530     	--ip->i_lfs_nbtree;
531     	SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
532     	if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
>>>     CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
533     		fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534     	fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535     	if (locked_fakequeue_count > 0)
536     		--locked_fakequeue_count;
537     	lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
538     	mutex_exit(&lfs_lock);

** CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 311 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 317 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 330 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 357 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 397 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 413 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 599 in lfs_truncate()


________________________________________________________________________________________________________
*** CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 311 in lfs_truncate()
305     			oip->i_flag |= IN_CHANGE | IN_UPDATE;
306     			KASSERT(ovp->v_size == oip->i_size);
307     			oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
308     			return (lfs_update(ovp, NULL, NULL, 0));
309     		} else {
310     			error = lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
311     			    lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
312     			if (error)
313     				return (error);
314     			error = lfs_balloc(ovp, length - 1, 1, cred,
315     					   aflags, &bp);
316     			lfs_reserve(fs, ovp, NULL,
/sys/ufs/lfs/lfs_inode.c: 317 in lfs_truncate()
311     			    lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
312     			if (error)
313     				return (error);
314     			error = lfs_balloc(ovp, length - 1, 1, cred,
315     					   aflags, &bp);
316     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
317     			    -lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
318     			if (error)
319     				return (error);
320     			oip->i_ffs1_size = oip->i_size = length;
321     			uvm_vnp_setsize(ovp, length);
322     			(void) VOP_BWRITE(bp->b_vp, bp);
/sys/ufs/lfs/lfs_inode.c: 330 in lfs_truncate()
324     			oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
325     			return (lfs_update(ovp, NULL, NULL, 0));
326     		}
327     	}
328     
329     	if ((error = lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
330     	    lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)))) != 0)
331     		return (error);
332     
333     	/*
334     	 * Shorten the size of the file. If the file is not being
335     	 * truncated to a block boundary, the contents of the
/sys/ufs/lfs/lfs_inode.c: 357 in lfs_truncate()
351     		aflags = B_CLRBUF;
352     		if (ioflag & IO_SYNC)
353     			aflags |= B_SYNC;
354     		error = lfs_balloc(ovp, length - 1, 1, cred, aflags, &bp);
355     		if (error) {
356     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
357     			    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
358     			goto errout;
359     		}
360     		obufsize = bp->b_bufsize;
361     		odb = lfs_btofsb(fs, bp->b_bcount);
362     		oip->i_size = oip->i_ffs1_size = length;
/sys/ufs/lfs/lfs_inode.c: 397 in lfs_truncate()
391     		voff_t eoz;
392     
393     		aflags = ioflag & IO_SYNC ? B_SYNC : 0;
394     		error = ulfs_balloc_range(ovp, length - 1, 1, cred, aflags);
395     		if (error) {
396     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
397     				    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
398     			goto errout;
399     		}
400     		xlbn = lfs_lblkno(fs, length);
401     		size = lfs_blksize(fs, oip, xlbn);
402     		eoz = MIN(lfs_lblktosize(fs, xlbn) + size, osize);
/sys/ufs/lfs/lfs_inode.c: 413 in lfs_truncate()
407     			error = VOP_PUTPAGES(ovp, round_page(length),
408     			    round_page(eoz),
409     			    PGO_CLEANIT | PGO_DEACTIVATE |
410     			    ((ioflag & IO_SYNC) ? PGO_SYNCIO : 0));
411     			if (error) {
412     				lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
413     					    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
414     				goto errout;
415     			}
416     		}
417     	}
418     
/sys/ufs/lfs/lfs_inode.c: 599 in lfs_truncate()
593     
594     	oip->i_flag |= IN_CHANGE;
595     #if defined(LFS_QUOTA) || defined(LFS_QUOTA2)
596     	(void) lfs_chkdq(oip, -blocksreleased, NOCRED, 0);
597     #endif
598     	lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
599     	    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
600     	genfs_node_unlock(ovp);
601       errout:
602     	oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
603     	if (ovp != fs->lfs_ivnode)
604     		lfs_segunlock(fs);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-kernel?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782



Home | Main Index | Thread Index | Old Index