Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.

15 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)


** CID 976381:  Insecure data handling  (INTEGER_OVERFLOW)
/libexec/lfs_cleanerd/coalesce.c: 187 in clean_inode()


________________________________________________________________________________________________________
*** CID 976381:  Insecure data handling  (INTEGER_OVERFLOW)
/libexec/lfs_cleanerd/coalesce.c: 187 in clean_inode()
181     		dlog("ino %d, computed blocks %d > held blocks %d", ino, nb,
182     		     dip->di_blocks);
183     		free(dip);
184     		return COALESCE_BADBLOCKSIZE;
185     	}
186     
>>>     CID 976381:  Insecure data handling  (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "48UL * nb" used as critical argument to function. [Note: The source code implementation of the function has been overridden by a builtin model.]
187     	bip = (BLOCK_INFO *)malloc(sizeof(BLOCK_INFO) * nb);
188     	if (bip == NULL) {
189     		syslog(LOG_WARNING, "ino %llu, %d blocks: %m",
190     		    (unsigned long long)ino, nb);
191     		free(dip);
192     		return COALESCE_NOMEM;

** CID 1315719:    (BUFFER_SIZE_WARNING)
/sys/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
/sys/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()


________________________________________________________________________________________________________
*** CID 1315719:    (BUFFER_SIZE_WARNING)
/sys/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
555     lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556     {
557     	if (fs->lfs_is64) {
558     		(void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559     			sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560     	} else {
>>>     CID 1315719:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_32.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
561     		(void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562     			sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563     	}
564     }
565     
566     /* Highest addressable fsb */
/sys/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
552     }
553     
554     static __unused inline void
555     lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556     {
557     	if (fs->lfs_is64) {
>>>     CID 1315719:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_64.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
558     		(void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559     			sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560     	} else {
561     		(void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562     			sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563     	}
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 561 in lfs_sb_setfsmnt()
555     lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556     {
557     	if (fs->lfs_is64) {
558     		(void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559     			sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560     	} else {
>>>     CID 1315719:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_32.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
561     		(void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562     			sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563     	}
564     }
565     
566     /* Highest addressable fsb */
/obj/destdir.amd64/usr/include/ufs/lfs/lfs_accessors.h: 558 in lfs_sb_setfsmnt()
552     }
553     
554     static __unused inline void
555     lfs_sb_setfsmnt(STRUCT_LFS *fs, const char *str)
556     {
557     	if (fs->lfs_is64) {
>>>     CID 1315719:    (BUFFER_SIZE_WARNING)
>>>     Calling strncpy with a maximum size argument of 90 bytes on destination array "fs->lfs_dlfs_u.u_64.dlfs_fsmnt" of size 90 bytes might leave the destination string unterminated.
558     		(void)strncpy(fs->lfs_dlfs_u.u_64.dlfs_fsmnt, str,
559     			sizeof(fs->lfs_dlfs_u.u_64.dlfs_fsmnt));
560     	} else {
561     		(void)strncpy(fs->lfs_dlfs_u.u_32.dlfs_fsmnt, str,
562     			sizeof(fs->lfs_dlfs_u.u_32.dlfs_fsmnt));
563     	}

** CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()


________________________________________________________________________________________________________
*** CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
498     
499     	fs = ip->i_lfs;
500     
501     	ASSERT_NO_SEGLOCK(fs);
502     
503     	/* If no space, wait for the cleaner */
>>>     CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
504     	lfs_availwait(fs, lfs_btofsb(fs, 1 << lfs_sb_getbshift(fs)));
505     
506     	lbp = (struct lbnentry *)pool_get(&lfs_lbnentry_pool, PR_WAITOK);
507     	lbp->lbn = lbn;
508     	mutex_enter(&lfs_lock);
509     	if (SPLAY_INSERT(lfs_splay, &ip->i_lfs_lbtree, lbp) != NULL) {
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
511     		/* Already there */
512     		pool_put(&lfs_lbnentry_pool, lbp);
513     		return;
514     	}
515     
516     	++ip->i_lfs_nbtree;
>>>     CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
517     	fs->lfs_favail += lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
518     	fs->lfs_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
519     	++locked_fakequeue_count;
520     	lfs_subsys_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
521     	mutex_exit(&lfs_lock);
522     }

** CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 880 in lfs_do_segclean()
/sys/ufs/lfs/lfs_syscalls.c: 882 in lfs_do_segclean()


________________________________________________________________________________________________________
*** CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 880 in lfs_do_segclean()
874     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
875     	if (lfs_sb_getversion(fs) > 1 && segnum == 0 &&
876     	    lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
877     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
878     	mutex_enter(&lfs_lock);
879     	lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>>     CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
880     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
881     	lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
882     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
883     	if (lfs_sb_getdmeta(fs) < 0)
884     		lfs_sb_setdmeta(fs, 0);
885     	mutex_exit(&lfs_lock);
/sys/ufs/lfs/lfs_syscalls.c: 882 in lfs_do_segclean()
876     	    lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
877     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
878     	mutex_enter(&lfs_lock);
879     	lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
880     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
881     	lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>>     CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
882     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
883     	if (lfs_sb_getdmeta(fs) < 0)
884     		lfs_sb_setdmeta(fs, 0);
885     	mutex_exit(&lfs_lock);
886     	sup->su_flags &= ~SEGUSE_DIRTY;
887     	LFS_WRITESEGENTRY(sup, fs, segnum, bp);

** CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2218 in lfs_writeseg()
/sys/ufs/lfs/lfs_segment.c: 2220 in lfs_writeseg()
/sbin/fsck_lfs/segwrite.c: 780 in lfs_writeseg()
/sbin/fsck_lfs/segwrite.c: 825 in lfs_writeseg()


________________________________________________________________________________________________________
*** CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2218 in lfs_writeseg()
2212     	}
2213     	ssp->ss_datasum = lfs_cksum_fold(sum);
2214     	ssp->ss_sumsum = cksum(&ssp->ss_datasum,
2215     	    lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
2216     
2217     	mutex_enter(&lfs_lock);
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2218     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2219     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2220     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2221     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2222     	mutex_exit(&lfs_lock);
2223     
/sys/ufs/lfs/lfs_segment.c: 2220 in lfs_writeseg()
2214     	ssp->ss_sumsum = cksum(&ssp->ss_datasum,
2215     	    lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
2216     
2217     	mutex_enter(&lfs_lock);
2218     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2219     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2220     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2221     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2222     	mutex_exit(&lfs_lock);
2223     
2224     	/*
2225     	 * When we simply write the blocks we lose a rotation for every block
/sbin/fsck_lfs/segwrite.c: 780 in lfs_writeseg()
774     	if (lfs_sb_getversion(fs) == 1)
775     		sup->su_olastmod = write_time;
776     	else
777     		sup->su_lastmod = write_time;
778     	sup->su_ninos += ninos;
779     	++sup->su_nsums;
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
780     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, lfs_sb_getsumsize(fs)) + lfs_btofsb(fs, ninos *
781     		lfs_sb_getibsize(fs))));
782     	lfs_sb_subavail(fs, lfs_btofsb(fs, lfs_sb_getsumsize(fs)));
783     
784     	do_again = !(bp->b_flags & B_GATHERED);
785     	LFS_WRITESEGENTRY(sup, fs, sp->seg_number, bp);	/* Ifile */
/sbin/fsck_lfs/segwrite.c: 825 in lfs_writeseg()
819     
820     	ssp->ss_datasum = cksum(datap, (nblocks - 1) * el_size);
821     	ssp->ss_sumsum =
822     	    cksum(&ssp->ss_datasum, lfs_sb_getsumsize(fs) - sizeof(ssp->ss_sumsum));
823     	free(datap);
824     	datap = dp = NULL;
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
825     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
826     	    lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
827     
828     	if (devvp == NULL)
829     		errx(EXIT_FAILURE, "devvp is NULL");
830     	for (bpp = sp->bpp, i = nblocks; i; bpp++, i--) {

** CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()


________________________________________________________________________________________________________
*** CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
520     			flags |= B_CLRBUF;
521     		else
522     			flags &= ~B_CLRBUF;
523     
524     #ifdef LFS_READWRITE
525     		error = lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
526     		    lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
527     		if (error)
528     			break;
529     		need_unreserve = true;
530     #endif
531     		error = lfs_balloc(vp, uio->uio_offset, xfersize, cred, flags,
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
554     			brelse(bp, BC_INVAL);
555     			break;
556     		}
557     #ifdef LFS_READWRITE
558     		(void)VOP_BWRITE(bp->b_vp, bp);
559     		lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
560     		    -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
561     		need_unreserve = false;
562     #else
563     		if (ioflag & IO_SYNC)
564     			(void)bwrite(bp);
565     		else if (xfersize + blkoffset == fs->fs_bsize)
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
570     		if (error || xfersize == 0)
571     			break;
572     	}
573     #ifdef LFS_READWRITE
574     	if (need_unreserve) {
575     		lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
576     		    -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
577     	}
578     #endif
579     
580     	error = ulfs_post_write_update(vp, uio, ioflag, cred, osize, resid,
581     	    extended, error);

** CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()


________________________________________________________________________________________________________
*** CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
526     {
527     	ASSERT_MAYBE_SEGLOCK(fs);
528     
529     	mutex_enter(&lfs_lock);
530     	--ip->i_lfs_nbtree;
531     	SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
>>>     CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
532     	if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
533     		fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534     	fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535     	if (locked_fakequeue_count > 0)
536     		--locked_fakequeue_count;
537     	lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
527     	ASSERT_MAYBE_SEGLOCK(fs);
528     
529     	mutex_enter(&lfs_lock);
530     	--ip->i_lfs_nbtree;
531     	SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
532     	if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
>>>     CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
533     		fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534     	fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535     	if (locked_fakequeue_count > 0)
536     		--locked_fakequeue_count;
537     	lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
538     	mutex_exit(&lfs_lock);

** CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 311 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 317 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 330 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 357 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 397 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 413 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 599 in lfs_truncate()


________________________________________________________________________________________________________
*** CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 311 in lfs_truncate()
305     			oip->i_flag |= IN_CHANGE | IN_UPDATE;
306     			KASSERT(ovp->v_size == oip->i_size);
307     			oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
308     			return (lfs_update(ovp, NULL, NULL, 0));
309     		} else {
310     			error = lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
311     			    lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
312     			if (error)
313     				return (error);
314     			error = lfs_balloc(ovp, length - 1, 1, cred,
315     					   aflags, &bp);
316     			lfs_reserve(fs, ovp, NULL,
/sys/ufs/lfs/lfs_inode.c: 317 in lfs_truncate()
311     			    lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
312     			if (error)
313     				return (error);
314     			error = lfs_balloc(ovp, length - 1, 1, cred,
315     					   aflags, &bp);
316     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
317     			    -lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
318     			if (error)
319     				return (error);
320     			oip->i_ffs1_size = oip->i_size = length;
321     			uvm_vnp_setsize(ovp, length);
322     			(void) VOP_BWRITE(bp->b_vp, bp);
/sys/ufs/lfs/lfs_inode.c: 330 in lfs_truncate()
324     			oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
325     			return (lfs_update(ovp, NULL, NULL, 0));
326     		}
327     	}
328     
329     	if ((error = lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
330     	    lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)))) != 0)
331     		return (error);
332     
333     	/*
334     	 * Shorten the size of the file. If the file is not being
335     	 * truncated to a block boundary, the contents of the
/sys/ufs/lfs/lfs_inode.c: 357 in lfs_truncate()
351     		aflags = B_CLRBUF;
352     		if (ioflag & IO_SYNC)
353     			aflags |= B_SYNC;
354     		error = lfs_balloc(ovp, length - 1, 1, cred, aflags, &bp);
355     		if (error) {
356     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
357     			    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
358     			goto errout;
359     		}
360     		obufsize = bp->b_bufsize;
361     		odb = lfs_btofsb(fs, bp->b_bcount);
362     		oip->i_size = oip->i_ffs1_size = length;
/sys/ufs/lfs/lfs_inode.c: 397 in lfs_truncate()
391     		voff_t eoz;
392     
393     		aflags = ioflag & IO_SYNC ? B_SYNC : 0;
394     		error = ulfs_balloc_range(ovp, length - 1, 1, cred, aflags);
395     		if (error) {
396     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
397     				    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
398     			goto errout;
399     		}
400     		xlbn = lfs_lblkno(fs, length);
401     		size = lfs_blksize(fs, oip, xlbn);
402     		eoz = MIN(lfs_lblktosize(fs, xlbn) + size, osize);
/sys/ufs/lfs/lfs_inode.c: 413 in lfs_truncate()
407     			error = VOP_PUTPAGES(ovp, round_page(length),
408     			    round_page(eoz),
409     			    PGO_CLEANIT | PGO_DEACTIVATE |
410     			    ((ioflag & IO_SYNC) ? PGO_SYNCIO : 0));
411     			if (error) {
412     				lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
413     					    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
414     				goto errout;
415     			}
416     		}
417     	}
418     
/sys/ufs/lfs/lfs_inode.c: 599 in lfs_truncate()
593     
594     	oip->i_flag |= IN_CHANGE;
595     #if defined(LFS_QUOTA) || defined(LFS_QUOTA2)
596     	(void) lfs_chkdq(oip, -blocksreleased, NOCRED, 0);
597     #endif
598     	lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
599     	    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
600     	genfs_node_unlock(ovp);
601       errout:
602     	oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
603     	if (ovp != fs->lfs_ivnode)
604     		lfs_segunlock(fs);

** CID 1315726:    (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 866 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 862 in make_lfs()


________________________________________________________________________________________________________
*** CID 1315726:    (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 866 in make_lfs()
860                             ubb += lfs_btofsb(fs, segp->su_nbytes +
861                                 segp->su_nsums * lfs_sb_getsumsize(fs) +
862                                 segp->su_ninos * lfs_sb_getibsize(fs));
863                             dmeta += lfs_btofsb(fs,
864                                 lfs_sb_getsumsize(fs) * segp->su_nsums);
865                             dmeta += lfs_btofsb(fs,
>>>     CID 1315726:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "lfs_sb_getibsize(fs) * segp->su_ninos" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
866                                 lfs_sb_getibsize(fs) * segp->su_ninos);
867     		} else {
868                             lfs_sb_addavail(fs, lfs_segtod(fs, 1));
869                             if (segp->su_flags & SEGUSE_SUPERBLOCK)
870                                     lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
871                             if (i == 0 && lfs_sb_getversion(fs) > 1 &&
/sbin/newfs_lfs/make_lfs.c: 862 in make_lfs()
856     		LFS_SEGENTRY(segp, fs, i, bp);
857                     if (segp->su_flags & SEGUSE_DIRTY) {
858                             bb += lfs_btofsb(fs, segp->su_nbytes +
859                                 segp->su_nsums * lfs_sb_getsumsize(fs));
860                             ubb += lfs_btofsb(fs, segp->su_nbytes +
861                                 segp->su_nsums * lfs_sb_getsumsize(fs) +
>>>     CID 1315726:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "segp->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
862                                 segp->su_ninos * lfs_sb_getibsize(fs));
863                             dmeta += lfs_btofsb(fs,
864                                 lfs_sb_getsumsize(fs) * segp->su_nsums);
865                             dmeta += lfs_btofsb(fs,
866                                 lfs_sb_getibsize(fs) * segp->su_ninos);
867     		} else {

** CID 1315727:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 630 in make_lfs()


________________________________________________________________________________________________________
*** CID 1315727:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 630 in make_lfs()
624     	 * and segment usage table, and half a block per segment that can't
625     	 * be written due to fragmentation.
626     	 */
627     	lfs_sb_setdsize(fs,
628     		lfs_segtod(fs, lfs_sb_getnseg(fs) - lfs_sb_getminfreeseg(fs)));
629     	lfs_sb_setbfree(fs, lfs_sb_getdsize(fs));
>>>     CID 1315727:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "lfs_sb_getnseg(fs) / 2U << lfs_sb_getblktodb(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
630     	lfs_sb_subbfree(fs, LFS_DBTOFSB(fs, ((lfs_sb_getnseg(fs) / 2) << 
631     		lfs_sb_getblktodb(fs))));
632     
633     	lfs_sb_setsegtabsz(fs, SEGTABSIZE_SU(fs));
634     	lfs_sb_setcleansz(fs, CLEANSIZE_SU(fs));
635     	if (time(&stamp) == -1)

** CID 1315728:    (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 864 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 861 in make_lfs()


________________________________________________________________________________________________________
*** CID 1315728:    (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 864 in make_lfs()
858                             bb += lfs_btofsb(fs, segp->su_nbytes +
859                                 segp->su_nsums * lfs_sb_getsumsize(fs));
860                             ubb += lfs_btofsb(fs, segp->su_nbytes +
861                                 segp->su_nsums * lfs_sb_getsumsize(fs) +
862                                 segp->su_ninos * lfs_sb_getibsize(fs));
863                             dmeta += lfs_btofsb(fs,
>>>     CID 1315728:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "lfs_sb_getsumsize(fs) * segp->su_nsums" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
864                                 lfs_sb_getsumsize(fs) * segp->su_nsums);
865                             dmeta += lfs_btofsb(fs,
866                                 lfs_sb_getibsize(fs) * segp->su_ninos);
867     		} else {
868                             lfs_sb_addavail(fs, lfs_segtod(fs, 1));
869                             if (segp->su_flags & SEGUSE_SUPERBLOCK)
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
853     	lfs_sb_setavail(fs, 0);
854     	bb = ubb = dmeta = 0;
855     	for (i = 0; i < lfs_sb_getnseg(fs); i++) {
856     		LFS_SEGENTRY(segp, fs, i, bp);
857                     if (segp->su_flags & SEGUSE_DIRTY) {
858                             bb += lfs_btofsb(fs, segp->su_nbytes +
>>>     CID 1315728:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "segp->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
859                                 segp->su_nsums * lfs_sb_getsumsize(fs));
860                             ubb += lfs_btofsb(fs, segp->su_nbytes +
861                                 segp->su_nsums * lfs_sb_getsumsize(fs) +
862                                 segp->su_ninos * lfs_sb_getibsize(fs));
863                             dmeta += lfs_btofsb(fs,
864                                 lfs_sb_getsumsize(fs) * segp->su_nsums);
/sbin/newfs_lfs/make_lfs.c: 861 in make_lfs()
855     	for (i = 0; i < lfs_sb_getnseg(fs); i++) {
856     		LFS_SEGENTRY(segp, fs, i, bp);
857                     if (segp->su_flags & SEGUSE_DIRTY) {
858                             bb += lfs_btofsb(fs, segp->su_nbytes +
859                                 segp->su_nsums * lfs_sb_getsumsize(fs));
860                             ubb += lfs_btofsb(fs, segp->su_nbytes +
>>>     CID 1315728:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "segp->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
861                                 segp->su_nsums * lfs_sb_getsumsize(fs) +
862                                 segp->su_ninos * lfs_sb_getibsize(fs));
863                             dmeta += lfs_btofsb(fs,
864                                 lfs_sb_getsumsize(fs) * segp->su_nsums);
865                             dmeta += lfs_btofsb(fs,
866                                 lfs_sb_getibsize(fs) * segp->su_ninos);

** CID 1315729:    (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 117 in pass5()
/sbin/fsck_lfs/pass5.c: 113 in pass5()


________________________________________________________________________________________________________
*** CID 1315729:    (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 117 in pass5()
111     			ubb += lfs_btofsb(fs, su->su_nbytes +
112     			    su->su_nsums * lfs_sb_getsumsize(fs) +
113     			    su->su_ninos * lfs_sb_getibsize(fs));
114     			dmeta += lfs_btofsb(fs,
115     			    lfs_sb_getsumsize(fs) * su->su_nsums);
116     			dmeta += lfs_btofsb(fs,
>>>     CID 1315729:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "lfs_sb_getibsize(fs) * su->su_ninos" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
117     			    lfs_sb_getibsize(fs) * su->su_ninos);
118     		} else {
119     			nclean++;
120     			avail += lfs_segtod(fs, 1);
121     			if (su->su_flags & SEGUSE_SUPERBLOCK)
122     				avail -= lfs_btofsb(fs, LFS_SBPAD);
/sbin/fsck_lfs/pass5.c: 113 in pass5()
107     		}
108     		if (su->su_flags & SEGUSE_DIRTY) {
109     			bb += lfs_btofsb(fs, su->su_nbytes +
110     			    su->su_nsums * lfs_sb_getsumsize(fs));
111     			ubb += lfs_btofsb(fs, su->su_nbytes +
112     			    su->su_nsums * lfs_sb_getsumsize(fs) +
>>>     CID 1315729:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "su->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
113     			    su->su_ninos * lfs_sb_getibsize(fs));
114     			dmeta += lfs_btofsb(fs,
115     			    lfs_sb_getsumsize(fs) * su->su_nsums);
116     			dmeta += lfs_btofsb(fs,
117     			    lfs_sb_getibsize(fs) * su->su_ninos);
118     		} else {

** CID 1315730:    (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 115 in pass5()
/sbin/fsck_lfs/pass5.c: 110 in pass5()
/sbin/fsck_lfs/pass5.c: 112 in pass5()


________________________________________________________________________________________________________
*** CID 1315730:    (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 115 in pass5()
109     			bb += lfs_btofsb(fs, su->su_nbytes +
110     			    su->su_nsums * lfs_sb_getsumsize(fs));
111     			ubb += lfs_btofsb(fs, su->su_nbytes +
112     			    su->su_nsums * lfs_sb_getsumsize(fs) +
113     			    su->su_ninos * lfs_sb_getibsize(fs));
114     			dmeta += lfs_btofsb(fs,
>>>     CID 1315730:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "lfs_sb_getsumsize(fs) * su->su_nsums" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
115     			    lfs_sb_getsumsize(fs) * su->su_nsums);
116     			dmeta += lfs_btofsb(fs,
117     			    lfs_sb_getibsize(fs) * su->su_ninos);
118     		} else {
119     			nclean++;
120     			avail += lfs_segtod(fs, 1);
/sbin/fsck_lfs/pass5.c: 110 in pass5()
104     				su->su_nbytes = seg_table[i].su_nbytes;
105     				++diddirty;
106     			}
107     		}
108     		if (su->su_flags & SEGUSE_DIRTY) {
109     			bb += lfs_btofsb(fs, su->su_nbytes +
>>>     CID 1315730:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "su->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
110     			    su->su_nsums * lfs_sb_getsumsize(fs));
111     			ubb += lfs_btofsb(fs, su->su_nbytes +
112     			    su->su_nsums * lfs_sb_getsumsize(fs) +
113     			    su->su_ninos * lfs_sb_getibsize(fs));
114     			dmeta += lfs_btofsb(fs,
115     			    lfs_sb_getsumsize(fs) * su->su_nsums);
/sbin/fsck_lfs/pass5.c: 112 in pass5()
106     			}
107     		}
108     		if (su->su_flags & SEGUSE_DIRTY) {
109     			bb += lfs_btofsb(fs, su->su_nbytes +
110     			    su->su_nsums * lfs_sb_getsumsize(fs));
111     			ubb += lfs_btofsb(fs, su->su_nbytes +
>>>     CID 1315730:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "su->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
112     			    su->su_nsums * lfs_sb_getsumsize(fs) +
113     			    su->su_ninos * lfs_sb_getibsize(fs));
114     			dmeta += lfs_btofsb(fs,
115     			    lfs_sb_getsumsize(fs) * su->su_nsums);
116     			dmeta += lfs_btofsb(fs,
117     			    lfs_sb_getibsize(fs) * su->su_ninos);

** CID 1315731:  Uninitialized variables  (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()


________________________________________________________________________________________________________
*** CID 1315731:  Uninitialized variables  (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
130     
131     int datasum_check = 0;
132     
133     int
134     main(int argc, char **argv)
135     {
>>>     CID 1315731:  Uninitialized variables  (UNINIT)
>>>     Declaring variable "lfs_sb1" without initializer.
136     	struct lfs lfs_sb1, lfs_sb2, *lfs_master;
137     	daddr_t seg_addr, idaddr, sbdaddr;
138     	int ch, do_allsb, do_ientries, do_segentries, fd, segnum;
139     	void *sbuf;
140     
141     	do_allsb = 0;

** CID 1315732:    (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
/usr.sbin/dumplfs/dumplfs.c: 136 in main()


________________________________________________________________________________________________________
*** CID 1315732:    (UNINIT)
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
130     
131     int datasum_check = 0;
132     
133     int
134     main(int argc, char **argv)
135     {
>>>     CID 1315732:    (UNINIT)
>>>     Declaring variable "lfs_sb2" without initializer.
136     	struct lfs lfs_sb1, lfs_sb2, *lfs_master;
137     	daddr_t seg_addr, idaddr, sbdaddr;
138     	int ch, do_allsb, do_ientries, do_segentries, fd, segnum;
139     	void *sbuf;
140     
141     	do_allsb = 0;
/usr.sbin/dumplfs/dumplfs.c: 136 in main()
130     
131     int datasum_check = 0;
132     
133     int
134     main(int argc, char **argv)
135     {
>>>     CID 1315732:    (UNINIT)
>>>     Declaring variable "lfs_sb2" without initializer.
136     	struct lfs lfs_sb1, lfs_sb2, *lfs_master;
137     	daddr_t seg_addr, idaddr, sbdaddr;
138     	int ch, do_allsb, do_ientries, do_segentries, fd, segnum;
139     	void *sbuf;
140     
141     	do_allsb = 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782




Home | Main Index | Thread Index | Old Index