Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
15 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)
** CID 976381: Insecure data handling (INTEGER_OVERFLOW)
/libexec/lfs_cleanerd/coalesce.c: 187 in clean_inode()
________________________________________________________________________________________________________
*** CID 976381: Insecure data handling (INTEGER_OVERFLOW)
/libexec/lfs_cleanerd/coalesce.c: 187 in clean_inode()
181 dlog("ino %d, computed blocks %d > held blocks %d", ino, nb,
182 dip->di_blocks);
183 free(dip);
184 return COALESCE_BADBLOCKSIZE;
185 }
186
>>> CID 976381: Insecure data handling (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "48UL * nb" used as critical argument to function. [Note: The source code implementation of the function has been overridden by a builtin model.]
187 bip = (BLOCK_INFO *)malloc(sizeof(BLOCK_INFO) * nb);
188 if (bip == NULL) {
189 syslog(LOG_WARNING, "ino %llu, %d blocks: %m",
190 (unsigned long long)ino, nb);
191 free(dip);
192 return COALESCE_NOMEM;
** CID 1315719: (BUFFER_SIZE_WARNING)
/sys/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
/sys/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
________________________________________________________________________________________________________
*** CID 1315719: (BUFFER_SIZE_WARNING)
/sys/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
555 lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556 {
557 if (fs->lfs_is64) {
558 (void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559 sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560 } else {
>>> CID 1315719: (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_32.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
561 (void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562 sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563 }
564 }
565
566 /* Highest addressable fsb */
/sys/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
552 }
553
554 static __unused inline void
555 lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556 {
557 if (fs->lfs_is64) {
>>> CID 1315719: (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_64.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
558 (void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559 sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560 } else {
561 (void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562 sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563 }
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
555 lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556 {
557 if (fs->lfs_is64) {
558 (void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559 sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560 } else {
>>> CID 1315719: (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_32.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
561 (void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562 sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563 }
564 }
565
566 /* Highest addressable fsb */
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
552 }
553
554 static __unused inline void
555 lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556 {
557 if (fs->lfs_is64) {
>>> CID 1315719: (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_64.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
558 (void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559 sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560 } else {
561 (void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562 sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563 }
** CID 1315720: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
________________________________________________________________________________________________________
*** CID 1315720: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
498
499 fs = ip->i_lfs;
500
501 ASSERT_NO_SEGLOCK(fs);
502
503 /* If no space, wait for the cleaner */
>>> CID 1315720: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
504 lfs_availwait(fs, lfs_btofsb(fs, 1 << lfs_sb_getbshift(fs)));
505
506 lbp = (struct lbnentry *)pool_get(&lfs_lbnentry_pool, PR_WAITOK);
507 lbp->lbn = lbn;
508 mutex_enter(&lfs_lock);
509 if (SPLAY_INSERT(lfs_splay, &ip->i_lfs_lbtree, lbp) != NULL) {
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
511 /* Already there */
512 pool_put(&lfs_lbnentry_pool, lbp);
513 return;
514 }
515
516 ++ip->i_lfs_nbtree;
>>> CID 1315720: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
517 fs->lfs_favail += lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
518 fs->lfs_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
519 ++locked_fakequeue_count;
520 lfs_subsys_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
521 mutex_exit(&lfs_lock);
522 }
** CID 1315721: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 880 in lfs_do_segclean()
/sys/ufs/lfs/lfs_syscalls.c: 882 in lfs_do_segclean()
________________________________________________________________________________________________________
*** CID 1315721: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 880 in lfs_do_segclean()
874 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
875 if (lfs_sb_getversion(fs) > 1 && segnum == 0 &&
876 lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
877 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
878 mutex_enter(&lfs_lock);
879 lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>> CID 1315721: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
880 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
881 lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
882 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
883 if (lfs_sb_getdmeta(fs) < 0)
884 lfs_sb_setdmeta(fs, 0);
885 mutex_exit(&lfs_lock);
/sys/ufs/lfs/lfs_syscalls.c: 882 in lfs_do_segclean()
876 lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
877 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
878 mutex_enter(&lfs_lock);
879 lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
880 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
881 lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>> CID 1315721: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
882 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
883 if (lfs_sb_getdmeta(fs) < 0)
884 lfs_sb_setdmeta(fs, 0);
885 mutex_exit(&lfs_lock);
886 sup->su_flags &= ~SEGUSE_DIRTY;
887 LFS_WRITESEGENTRY(sup, fs, segnum, bp);
** CID 1315722: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2218 in lfs_writeseg()
/sys/ufs/lfs/lfs_segment.c: 2220 in lfs_writeseg()
/sbin/fsck_lfs/segwrite.c: 780 in lfs_writeseg()
/sbin/fsck_lfs/segwrite.c: 825 in lfs_writeseg()
________________________________________________________________________________________________________
*** CID 1315722: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2218 in lfs_writeseg()
2212 }
2213 ssp->ss_datasum = lfs_cksum_fold(sum);
2214 ssp->ss_sumsum = cksum(&ssp->ss_datasum,
2215 lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
2216
2217 mutex_enter(&lfs_lock);
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2218 lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2219 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2220 lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2221 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2222 mutex_exit(&lfs_lock);
2223
/sys/ufs/lfs/lfs_segment.c: 2220 in lfs_writeseg()
2214 ssp->ss_sumsum = cksum(&ssp->ss_datasum,
2215 lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
2216
2217 mutex_enter(&lfs_lock);
2218 lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2219 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2220 lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2221 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2222 mutex_exit(&lfs_lock);
2223
2224 /*
2225 * When we simply write the blocks we lose a rotation for every block
/sbin/fsck_lfs/segwrite.c: 780 in lfs_writeseg()
774 if (lfs_sb_getversion(fs) == 1)
775 sup->su_olastmod = write_time;
776 else
777 sup->su_lastmod = write_time;
778 sup->su_ninos += ninos;
779 ++sup->su_nsums;
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
780 lfs_sb_adddmeta(fs, (lfs_btofsb(fs, lfs_sb_getsumsize(fs)) + lfs_btofsb(fs, ninos *
781 lfs_sb_getibsize(fs))));
782 lfs_sb_subavail(fs, lfs_btofsb(fs, lfs_sb_getsumsize(fs)));
783
784 do_again = !(bp->b_flags & B_GATHERED);
785 LFS_WRITESEGENTRY(sup, fs, sp->seg_number, bp); /* Ifile */
/sbin/fsck_lfs/segwrite.c: 825 in lfs_writeseg()
819
820 ssp->ss_datasum = cksum(datap, (nblocks - 1) * el_size);
821 ssp->ss_sumsum =
822 cksum(&ssp->ss_datasum, lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
823 free(datap);
824 datap = dp = NULL;
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
825 lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
826 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
827
828 if (devvp == NULL)
829 errx(EXIT_FAILURE, "devvp is NULL");
830 for (bpp = sp->bpp, i = nblocks; i; bpp++, i--) {
** CID 1315723: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
________________________________________________________________________________________________________
*** CID 1315723: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
520 flags |= B_CLRBUF;
521 else
522 flags &= ~B_CLRBUF;
523
524 #ifdef LFS_READWRITE
525 error = lfs_reserve(fs, vp, NULL,
>>> CID 1315723: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
526 lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
527 if (error)
528 break;
529 need_unreserve = true;
530 #endif
531 error = lfs_balloc(vp, uio->uio_offset, xfersize, cred, flags,
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
554 brelse(bp, BC_INVAL);
555 break;
556 }
557 #ifdef LFS_READWRITE
558 (void)VOP_BWRITE(bp->b_vp, bp);
559 lfs_reserve(fs, vp, NULL,
>>> CID 1315723: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
560 -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
561 need_unreserve = false;
562 #else
563 if (ioflag & IO_SYNC)
564 (void)bwrite(bp);
565 else if (xfersize + blkoffset == fs->fs_bsize)
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
570 if (error || xfersize == 0)
571 break;
572 }
573 #ifdef LFS_READWRITE
574 if (need_unreserve) {
575 lfs_reserve(fs, vp, NULL,
>>> CID 1315723: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
576 -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
577 }
578 #endif
579
580 error = ulfs_post_write_update(vp, uio, ioflag, cred, osize, resid,
581 extended, error);
** CID 1315724: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
________________________________________________________________________________________________________
*** CID 1315724: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
526 {
527 ASSERT_MAYBE_SEGLOCK(fs);
528
529 mutex_enter(&lfs_lock);
530 --ip->i_lfs_nbtree;
531 SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
>>> CID 1315724: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
532 if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
533 fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534 fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535 if (locked_fakequeue_count > 0)
536 --locked_fakequeue_count;
537 lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
527 ASSERT_MAYBE_SEGLOCK(fs);
528
529 mutex_enter(&lfs_lock);
530 --ip->i_lfs_nbtree;
531 SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
532 if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
>>> CID 1315724: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
533 fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534 fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535 if (locked_fakequeue_count > 0)
536 --locked_fakequeue_count;
537 lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
538 mutex_exit(&lfs_lock);
** CID 1315725: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 311 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 317 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 330 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 357 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 397 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 413 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 599 in lfs_truncate()
________________________________________________________________________________________________________
*** CID 1315725: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 311 in lfs_truncate()
305 oip->i_flag |= IN_CHANGE | IN_UPDATE;
306 KASSERT(ovp->v_size == oip->i_size);
307 oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
308 return (lfs_update(ovp, NULL, NULL, 0));
309 } else {
310 error = lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
311 lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
312 if (error)
313 return (error);
314 error = lfs_balloc(ovp, length - 1, 1, cred,
315 aflags, &bp);
316 lfs_reserve(fs, ovp, NULL,
/sys/ufs/lfs/lfs_inode.c: 317 in lfs_truncate()
311 lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
312 if (error)
313 return (error);
314 error = lfs_balloc(ovp, length - 1, 1, cred,
315 aflags, &bp);
316 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
317 -lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
318 if (error)
319 return (error);
320 oip->i_ffs1_size = oip->i_size = length;
321 uvm_vnp_setsize(ovp, length);
322 (void) VOP_BWRITE(bp->b_vp, bp);
/sys/ufs/lfs/lfs_inode.c: 330 in lfs_truncate()
324 oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
325 return (lfs_update(ovp, NULL, NULL, 0));
326 }
327 }
328
329 if ((error = lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
330 lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)))) != 0)
331 return (error);
332
333 /*
334 * Shorten the size of the file. If the file is not being
335 * truncated to a block boundary, the contents of the
/sys/ufs/lfs/lfs_inode.c: 357 in lfs_truncate()
351 aflags = B_CLRBUF;
352 if (ioflag & IO_SYNC)
353 aflags |= B_SYNC;
354 error = lfs_balloc(ovp, length - 1, 1, cred, aflags, &bp);
355 if (error) {
356 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
357 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
358 goto errout;
359 }
360 obufsize = bp->b_bufsize;
361 odb = lfs_btofsb(fs, bp->b_bcount);
362 oip->i_size = oip->i_ffs1_size = length;
/sys/ufs/lfs/lfs_inode.c: 397 in lfs_truncate()
391 voff_t eoz;
392
393 aflags = ioflag & IO_SYNC ? B_SYNC : 0;
394 error = ulfs_balloc_range(ovp, length - 1, 1, cred, aflags);
395 if (error) {
396 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
397 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
398 goto errout;
399 }
400 xlbn = lfs_lblkno(fs, length);
401 size = lfs_blksize(fs, oip, xlbn);
402 eoz = MIN(lfs_lblktosize(fs, xlbn) + size, osize);
/sys/ufs/lfs/lfs_inode.c: 413 in lfs_truncate()
407 error = VOP_PUTPAGES(ovp, round_page(length),
408 round_page(eoz),
409 PGO_CLEANIT | PGO_DEACTIVATE |
410 ((ioflag & IO_SYNC) ? PGO_SYNCIO : 0));
411 if (error) {
412 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
413 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
414 goto errout;
415 }
416 }
417 }
418
/sys/ufs/lfs/lfs_inode.c: 599 in lfs_truncate()
593
594 oip->i_flag |= IN_CHANGE;
595 #if defined(LFS_QUOTA) || defined(LFS_QUOTA2)
596 (void) lfs_chkdq(oip, -blocksreleased, NOCRED, 0);
597 #endif
598 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
599 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
600 genfs_node_unlock(ovp);
601 errout:
602 oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
603 if (ovp != fs->lfs_ivnode)
604 lfs_segunlock(fs);
** CID 1315726: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 866 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 862 in make_lfs()
________________________________________________________________________________________________________
*** CID 1315726: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 866 in make_lfs()
860 ubb += lfs_btofsb(fs, segp->su_nbytes +
861 segp->su_nsums * lfs_sb_getsumsize(fs) +
862 segp->su_ninos * lfs_sb_getibsize(fs));
863 dmeta += lfs_btofsb(fs,
864 lfs_sb_getsumsize(fs) * segp->su_nsums);
865 dmeta += lfs_btofsb(fs,
>>> CID 1315726: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getibsize(fs) * segp->su_ninos" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
866 lfs_sb_getibsize(fs) * segp->su_ninos);
867 } else {
868 lfs_sb_addavail(fs, lfs_segtod(fs, 1));
869 if (segp->su_flags & SEGUSE_SUPERBLOCK)
870 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
871 if (i == 0 && lfs_sb_getversion(fs) > 1 &&
/sbin/newfs_lfs/make_lfs.c: 862 in make_lfs()
856 LFS_SEGENTRY(segp, fs, i, bp);
857 if (segp->su_flags & SEGUSE_DIRTY) {
858 bb += lfs_btofsb(fs, segp->su_nbytes +
859 segp->su_nsums * lfs_sb_getsumsize(fs));
860 ubb += lfs_btofsb(fs, segp->su_nbytes +
861 segp->su_nsums * lfs_sb_getsumsize(fs) +
>>> CID 1315726: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "segp->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
862 segp->su_ninos * lfs_sb_getibsize(fs));
863 dmeta += lfs_btofsb(fs,
864 lfs_sb_getsumsize(fs) * segp->su_nsums);
865 dmeta += lfs_btofsb(fs,
866 lfs_sb_getibsize(fs) * segp->su_ninos);
867 } else {
** CID 1315727: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 630 in make_lfs()
________________________________________________________________________________________________________
*** CID 1315727: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 630 in make_lfs()
624 * and segment usage table, and half a block per segment that can't
625 * be written due to fragmentation.
626 */
627 lfs_sb_setdsize(fs,
628 lfs_segtod(fs, lfs_sb_getnseg(fs) - lfs_sb_getminfreeseg(fs)));
629 lfs_sb_setbfree(fs, lfs_sb_getdsize(fs));
>>> CID 1315727: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getnseg(fs) / 2U << lfs_sb_getblktodb(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
630 lfs_sb_subbfree(fs, LFS_DBTOFSB(fs, ((lfs_sb_getnseg(fs) / 2) <<
631 lfs_sb_getblktodb(fs))));
632
633 lfs_sb_setsegtabsz(fs, SEGTABSIZE_SU(fs));
634 lfs_sb_setcleansz(fs, CLEANSIZE_SU(fs));
635 if (time(&stamp) == -1)
** CID 1315728: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 864 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 861 in make_lfs()
________________________________________________________________________________________________________
*** CID 1315728: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 864 in make_lfs()
858 bb += lfs_btofsb(fs, segp->su_nbytes +
859 segp->su_nsums * lfs_sb_getsumsize(fs));
860 ubb += lfs_btofsb(fs, segp->su_nbytes +
861 segp->su_nsums * lfs_sb_getsumsize(fs) +
862 segp->su_ninos * lfs_sb_getibsize(fs));
863 dmeta += lfs_btofsb(fs,
>>> CID 1315728: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getsumsize(fs) * segp->su_nsums" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
864 lfs_sb_getsumsize(fs) * segp->su_nsums);
865 dmeta += lfs_btofsb(fs,
866 lfs_sb_getibsize(fs) * segp->su_ninos);
867 } else {
868 lfs_sb_addavail(fs, lfs_segtod(fs, 1));
869 if (segp->su_flags & SEGUSE_SUPERBLOCK)
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
853 lfs_sb_setavail(fs, 0);
854 bb = ubb = dmeta = 0;
855 for (i = 0; i < lfs_sb_getnseg(fs); i++) {
856 LFS_SEGENTRY(segp, fs, i, bp);
857 if (segp->su_flags & SEGUSE_DIRTY) {
858 bb += lfs_btofsb(fs, segp->su_nbytes +
>>> CID 1315728: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "segp->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
859 segp->su_nsums * lfs_sb_getsumsize(fs));
860 ubb += lfs_btofsb(fs, segp->su_nbytes +
861 segp->su_nsums * lfs_sb_getsumsize(fs) +
862 segp->su_ninos * lfs_sb_getibsize(fs));
863 dmeta += lfs_btofsb(fs,
864 lfs_sb_getsumsize(fs) * segp->su_nsums);
/sbin/newfs_lfs/make_lfs.c: 861 in make_lfs()
855 for (i = 0; i < lfs_sb_getnseg(fs); i++) {
856 LFS_SEGENTRY(segp, fs, i, bp);
857 if (segp->su_flags & SEGUSE_DIRTY) {
858 bb += lfs_btofsb(fs, segp->su_nbytes +
859 segp->su_nsums * lfs_sb_getsumsize(fs));
860 ubb += lfs_btofsb(fs, segp->su_nbytes +
>>> CID 1315728: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "segp->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
861 segp->su_nsums * lfs_sb_getsumsize(fs) +
862 segp->su_ninos * lfs_sb_getibsize(fs));
863 dmeta += lfs_btofsb(fs,
864 lfs_sb_getsumsize(fs) * segp->su_nsums);
865 dmeta += lfs_btofsb(fs,
866 lfs_sb_getibsize(fs) * segp->su_ninos);
** CID 1315729: (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 117 in pass5()
/sbin/fsck_lfs/pass5.c: 113 in pass5()
________________________________________________________________________________________________________
*** CID 1315729: (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 117 in pass5()
111 ubb += lfs_btofsb(fs, su->su_nbytes +
112 su->su_nsums * lfs_sb_getsumsize(fs) +
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
115 lfs_sb_getsumsize(fs) * su->su_nsums);
116 dmeta += lfs_btofsb(fs,
>>> CID 1315729: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getibsize(fs) * su->su_ninos" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
117 lfs_sb_getibsize(fs) * su->su_ninos);
118 } else {
119 nclean++;
120 avail += lfs_segtod(fs, 1);
121 if (su->su_flags & SEGUSE_SUPERBLOCK)
122 avail -= lfs_btofsb(fs, LFS_SBPAD);
/sbin/fsck_lfs/pass5.c: 113 in pass5()
107 }
108 if (su->su_flags & SEGUSE_DIRTY) {
109 bb += lfs_btofsb(fs, su->su_nbytes +
110 su->su_nsums * lfs_sb_getsumsize(fs));
111 ubb += lfs_btofsb(fs, su->su_nbytes +
112 su->su_nsums * lfs_sb_getsumsize(fs) +
>>> CID 1315729: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "su->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
115 lfs_sb_getsumsize(fs) * su->su_nsums);
116 dmeta += lfs_btofsb(fs,
117 lfs_sb_getibsize(fs) * su->su_ninos);
118 } else {
** CID 1315730: (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 115 in pass5()
/sbin/fsck_lfs/pass5.c: 110 in pass5()
/sbin/fsck_lfs/pass5.c: 112 in pass5()
________________________________________________________________________________________________________
*** CID 1315730: (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 115 in pass5()
109 bb += lfs_btofsb(fs, su->su_nbytes +
110 su->su_nsums * lfs_sb_getsumsize(fs));
111 ubb += lfs_btofsb(fs, su->su_nbytes +
112 su->su_nsums * lfs_sb_getsumsize(fs) +
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
>>> CID 1315730: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getsumsize(fs) * su->su_nsums" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
115 lfs_sb_getsumsize(fs) * su->su_nsums);
116 dmeta += lfs_btofsb(fs,
117 lfs_sb_getibsize(fs) * su->su_ninos);
118 } else {
119 nclean++;
120 avail += lfs_segtod(fs, 1);
/sbin/fsck_lfs/pass5.c: 110 in pass5()
104 su->su_nbytes = seg_table[i].su_nbytes;
105 ++diddirty;
106 }
107 }
108 if (su->su_flags & SEGUSE_DIRTY) {
109 bb += lfs_btofsb(fs, su->su_nbytes +
>>> CID 1315730: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "su->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
110 su->su_nsums * lfs_sb_getsumsize(fs));
111 ubb += lfs_btofsb(fs, su->su_nbytes +
112 su->su_nsums * lfs_sb_getsumsize(fs) +
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
115 lfs_sb_getsumsize(fs) * su->su_nsums);
/sbin/fsck_lfs/pass5.c: 112 in pass5()
106 }
107 }
108 if (su->su_flags & SEGUSE_DIRTY) {
109 bb += lfs_btofsb(fs, su->su_nbytes +
110 su->su_nsums * lfs_sb_getsumsize(fs));
111 ubb += lfs_btofsb(fs, su->su_nbytes +
>>> CID 1315730: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "su->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
112 su->su_nsums * lfs_sb_getsumsize(fs) +
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
115 lfs_sb_getsumsize(fs) * su->su_nsums);
116 dmeta += lfs_btofsb(fs,
117 lfs_sb_getibsize(fs) * su->su_ninos);
** CID 1315731: Uninitialized variables (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
________________________________________________________________________________________________________
*** CID 1315731: Uninitialized variables (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
130
131 int datasum_check = 0;
132
133 int
134 main(int argc, char **argv)
135 {
>>> CID 1315731: Uninitialized variables (UNINIT)
>>> Declaring variable "lfs_sb1" without initializer.
136 struct lfs lfs_sb1, lfs_sb2, *lfs_master;
137 daddr_t seg_addr, idaddr, sbdaddr;
138 int ch, do_allsb, do_ientries, do_segentries, fd, segnum;
139 void *sbuf;
140
141 do_allsb = 0;
** CID 1315732: (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
________________________________________________________________________________________________________
*** CID 1315732: (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
130
131 int datasum_check = 0;
132
133 int
134 main(int argc, char **argv)
135 {
>>> CID 1315732: (UNINIT)
>>> Declaring variable "lfs_sb2" without initializer.
136 struct lfs lfs_sb1, lfs_sb2, *lfs_master;
137 daddr_t seg_addr, idaddr, sbdaddr;
138 int ch, do_allsb, do_ientries, do_segentries, fd, segnum;
139 void *sbuf;
140
141 do_allsb = 0;
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
130
131 int datasum_check = 0;
132
133 int
134 main(int argc, char **argv)
135 {
>>> CID 1315732: (UNINIT)
>>> Declaring variable "lfs_sb2" without initializer.
136 struct lfs lfs_sb1, lfs_sb2, *lfs_master;
137 daddr_t seg_addr, idaddr, sbdaddr;
138 int ch, do_allsb, do_ientries, do_segentries, fd, segnum;
139 void *sbuf;
140
141 do_allsb = 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index