Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
60 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
31 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 60 defect(s)
** CID 420743: (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 133 in exceptions_state_mc()
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 188 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 420743: (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 133 in exceptions_state_mc()
127 /* Allow the code to run the catcher. */
128 current_catcher->state = CATCHER_RUNNING;
129 return 1;
130 default:
131 internal_error (__FILE__, __LINE__, _("bad state"));
132 }
>>> CID 420743: (MISSING_BREAK)
>>> The above case falls through to this one.
133 case CATCHER_RUNNING:
134 switch (action)
135 {
136 case CATCH_ITER:
137 /* No error/quit has occured. Just clean up. */
138 catcher_pop ();
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 188 in exceptions_state_mc()
182 /* The caller didn't request that the event be caught,
183 relay the event to the next containing
184 catch_errors(). */
185 catcher_pop ();
186 throw_exception (exception);
187 }
>>> CID 420743: (MISSING_BREAK)
>>> The above case falls through to this one.
188 default:
189 internal_error (__FILE__, __LINE__, _("bad state"));
190 }
191 default:
192 internal_error (__FILE__, __LINE__, _("bad switch"));
193 }
** CID 603106: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/bfd/dwarf1.c: 419 in dwarf1_unit_find_nearest_line()
________________________________________________________________________________________________________
*** CID 603106: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/bfd/dwarf1.c: 419 in dwarf1_unit_find_nearest_line()
413 if (! parse_functions_in_unit (stash, aUnit))
414 return FALSE;
415 }
416
417 for (i = 0; i < aUnit->line_count; i++)
418 {
>>> CID 603106: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "aUnit->linenumber_table".
419 if (aUnit->linenumber_table[i].addr <= addr
420 && addr < aUnit->linenumber_table[i+1].addr)
421 {
422 *filename_ptr = aUnit->name;
423 *linenumber_ptr = aUnit->linenumber_table[i].linenumber;
424 line_p = TRUE;
** CID 976492: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 150 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 976492: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 150 in exceptions_state_mc()
144 current_catcher->state = CATCHER_ABORTING;
145 /* See also throw_exception. */
146 return 1;
147 default:
148 internal_error (__FILE__, __LINE__, _("bad switch"));
149 }
>>> CID 976492: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
150 case CATCHER_RUNNING_1:
151 switch (action)
152 {
153 case CATCH_ITER:
154 /* The did a "break" from the inner while loop. */
155 catcher_pop ();
** CID 976493: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 167 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 976493: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 167 in exceptions_state_mc()
161 current_catcher->state = CATCHER_ABORTING;
162 /* See also throw_exception. */
163 return 1;
164 default:
165 internal_error (__FILE__, __LINE__, _("bad switch"));
166 }
>>> CID 976493: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
167 case CATCHER_ABORTING:
168 switch (action)
169 {
170 case CATCH_ITER:
171 {
172 struct gdb_exception exception = *current_catcher->exception;
** CID 976494: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 191 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 976494: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 191 in exceptions_state_mc()
185 catcher_pop ();
186 throw_exception (exception);
187 }
188 default:
189 internal_error (__FILE__, __LINE__, _("bad state"));
190 }
>>> CID 976494: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
191 default:
192 internal_error (__FILE__, __LINE__, _("bad switch"));
193 }
194 }
195
196 int
** CID 1102781: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infcmd.c: 1916 in program_info()
________________________________________________________________________________________________________
*** CID 1102781: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infcmd.c: 1916 in program_info()
1910 if (ptid_equal (ptid, null_ptid) || is_exited (ptid))
1911 error (_("Invalid selected thread."));
1912 else if (is_running (ptid))
1913 error (_("Selected thread is running."));
1914
1915 tp = find_thread_ptid (ptid);
>>> CID 1102781: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "tp".
1916 bs = tp->control.stop_bpstat;
1917 stat = bpstat_num (&bs, &num);
1918
1919 target_files_info ();
1920 printf_filtered (_("Program stopped at %s.\n"),
1921 paddress (target_gdbarch (), stop_pc));
** CID 1102783: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infrun.c: 2851 in infrun_thread_stop_requested_callback()
________________________________________________________________________________________________________
*** CID 1102783: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infrun.c: 2851 in infrun_thread_stop_requested_callback()
2845 target_dcache_invalidate ();
2846
2847 /* Go through handle_inferior_event/normal_stop, so we always
2848 have consistent output as if the stop event had been
2849 reported. */
2850 ecs->ptid = info->ptid;
>>> CID 1102783: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "ecs->event_thread" = null return value from "find_thread_ptid".
2851 ecs->event_thread = find_thread_ptid (info->ptid);
2852 ecs->ws.kind = TARGET_WAITKIND_STOPPED;
2853 ecs->ws.value.sig = GDB_SIGNAL_0;
2854
2855 handle_inferior_event (ecs);
2856
** CID 1102784: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/mi/mi-interp.c: 927 in mi_on_resume()
________________________________________________________________________________________________________
*** CID 1102784: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/mi/mi-interp.c: 927 in mi_on_resume()
921 if (ptid_equal (ptid, minus_one_ptid) || ptid_is_pid (ptid))
922 tp = inferior_thread ();
923 else
924 tp = find_thread_ptid (ptid);
925
926 /* Suppress output while calling an inferior function. */
>>> CID 1102784: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "tp".
927 if (tp->control.in_infcall)
928 return;
929
930 /* To cater for older frontends, emit ^running, but do it only once
931 per each command. We do it here, since at this point we know
932 that the target was successfully resumed, and in non-async mode,
** CID 1102785: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/thread.c: 754 in thread_change_ptid()
________________________________________________________________________________________________________
*** CID 1102785: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/thread.c: 754 in thread_change_ptid()
748 changes. E.g, target remote may only discover the remote process
749 pid after adding the inferior to GDB's list. */
750 inf = find_inferior_ptid (old_ptid);
751 inf->pid = ptid_get_pid (new_ptid);
752
753 tp = find_thread_ptid (old_ptid);
>>> CID 1102785: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "tp".
754 tp->ptid = new_ptid;
755
756 observer_notify_thread_ptid_changed (old_ptid, new_ptid);
757 }
758
759 void
** CID 1286780: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/libiberty/cp-demangle.c: 3712 in d_substitution()
________________________________________________________________________________________________________
*** CID 1286780: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/libiberty/cp-demangle.c: 3712 in d_substitution()
3706 c = d_make_sub (di, s, len);
3707 if (d_peek_char (di) == 'B')
3708 {
3709 /* If there are ABI tags on the abbreviation, it becomes
3710 a substitution candidate. */
3711 c = d_abi_tags (di, c);
>>> CID 1286780: Error handling issues (CHECKED_RETURN)
>>> Calling "d_add_substitution" without checking return value (as is done elsewhere 9 out of 10 times).
3712 d_add_substitution (di, c);
3713 }
3714 return c;
3715 }
3716 }
3717
** CID 1315720: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
________________________________________________________________________________________________________
*** CID 1315720: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
498
499 fs = ip->i_lfs;
500
501 ASSERT_NO_SEGLOCK(fs);
502
503 /* If no space, wait for the cleaner */
>>> CID 1315720: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
504 lfs_availwait(fs, lfs_btofsb(fs, 1 << lfs_sb_getbshift(fs)));
505
506 lbp = (struct lbnentry *)pool_get(&lfs_lbnentry_pool, PR_WAITOK);
507 lbp->lbn = lbn;
508 mutex_enter(&lfs_lock);
509 if (SPLAY_INSERT(lfs_splay, &ip->i_lfs_lbtree, lbp) != NULL) {
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
511 /* Already there */
512 pool_put(&lfs_lbnentry_pool, lbp);
513 return;
514 }
515
516 ++ip->i_lfs_nbtree;
>>> CID 1315720: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
517 fs->lfs_favail += lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
518 fs->lfs_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
519 ++locked_fakequeue_count;
520 lfs_subsys_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
521 mutex_exit(&lfs_lock);
522 }
** CID 1315721: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 870 in lfs_do_segclean()
/sys/ufs/lfs/lfs_syscalls.c: 872 in lfs_do_segclean()
________________________________________________________________________________________________________
*** CID 1315721: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 870 in lfs_do_segclean()
864 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
865 if (lfs_sb_getversion(fs) > 1 && segnum == 0 &&
866 lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
867 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
868 mutex_enter(&lfs_lock);
869 lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>> CID 1315721: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
870 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
871 lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
872 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
873 if (lfs_sb_getdmeta(fs) < 0)
874 lfs_sb_setdmeta(fs, 0);
875 mutex_exit(&lfs_lock);
/sys/ufs/lfs/lfs_syscalls.c: 872 in lfs_do_segclean()
866 lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
867 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
868 mutex_enter(&lfs_lock);
869 lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
870 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
871 lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>> CID 1315721: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
872 lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
873 if (lfs_sb_getdmeta(fs) < 0)
874 lfs_sb_setdmeta(fs, 0);
875 mutex_exit(&lfs_lock);
876 sup->su_flags &= ~SEGUSE_DIRTY;
877 LFS_WRITESEGENTRY(sup, fs, segnum, bp);
** CID 1315722: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2287 in lfs_writeseg()
/sys/ufs/lfs/lfs_segment.c: 2289 in lfs_writeseg()
/sbin/fsck_lfs/segwrite.c: 825 in lfs_writeseg()
/sbin/fsck_lfs/segwrite.c: 871 in lfs_writeseg()
________________________________________________________________________________________________________
*** CID 1315722: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2287 in lfs_writeseg()
2281 lfs_ss_setdatasum(fs, ssp, lfs_cksum_fold(sum));
2282 sumstart = lfs_ss_getsumstart(fs);
2283 lfs_ss_setsumsum(fs, ssp, cksum((char *)ssp + sumstart,
2284 lfs_sb_getsumsize(fs) - sumstart));
2285
2286 mutex_enter(&lfs_lock);
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2287 lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2288 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2289 lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2290 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2291 mutex_exit(&lfs_lock);
2292
/sys/ufs/lfs/lfs_segment.c: 2289 in lfs_writeseg()
2283 lfs_ss_setsumsum(fs, ssp, cksum((char *)ssp + sumstart,
2284 lfs_sb_getsumsize(fs) - sumstart));
2285
2286 mutex_enter(&lfs_lock);
2287 lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2288 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2289 lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2290 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2291 mutex_exit(&lfs_lock);
2292
2293 /*
2294 * When we simply write the blocks we lose a rotation for every block
/sbin/fsck_lfs/segwrite.c: 825 in lfs_writeseg()
819 if (lfs_sb_getversion(fs) == 1)
820 sup->su_olastmod = write_time;
821 else
822 sup->su_lastmod = write_time;
823 sup->su_ninos += ninos;
824 ++sup->su_nsums;
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
825 lfs_sb_adddmeta(fs, (lfs_btofsb(fs, lfs_sb_getsumsize(fs)) + lfs_btofsb(fs, ninos *
826 lfs_sb_getibsize(fs))));
827 lfs_sb_subavail(fs, lfs_btofsb(fs, lfs_sb_getsumsize(fs)));
828
829 do_again = !(bp->b_flags & B_GATHERED);
830 LFS_WRITESEGENTRY(sup, fs, sp->seg_number, bp); /* Ifile */
/sbin/fsck_lfs/segwrite.c: 871 in lfs_writeseg()
865 lfs_ss_setdatasum(fs, ssp, cksum(datap, (nblocks - 1) * el_size));
866 sumstart = lfs_ss_getsumstart(fs);
867 lfs_ss_setsumsum(fs, ssp,
868 cksum((char *)ssp + sumstart, lfs_sb_getsumsize(fs) - sumstart));
869 free(datap);
870 datap = dp = NULL;
>>> CID 1315722: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
871 lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
872 lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
873
874 if (devvp == NULL)
875 errx(EXIT_FAILURE, "devvp is NULL");
876 for (bpp = sp->bpp, i = nblocks; i; bpp++, i--) {
** CID 1315723: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
________________________________________________________________________________________________________
*** CID 1315723: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
520 flags |= B_CLRBUF;
521 else
522 flags &= ~B_CLRBUF;
523
524 #ifdef LFS_READWRITE
525 error = lfs_reserve(fs, vp, NULL,
>>> CID 1315723: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
526 lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
527 if (error)
528 break;
529 need_unreserve = true;
530 #endif
531 error = lfs_balloc(vp, uio->uio_offset, xfersize, cred, flags,
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
554 brelse(bp, BC_INVAL);
555 break;
556 }
557 #ifdef LFS_READWRITE
558 (void)VOP_BWRITE(bp->b_vp, bp);
559 lfs_reserve(fs, vp, NULL,
>>> CID 1315723: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
560 -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
561 need_unreserve = false;
562 #else
563 if (ioflag & IO_SYNC)
564 (void)bwrite(bp);
565 else if (xfersize + blkoffset == fs->fs_bsize)
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
570 if (error || xfersize == 0)
571 break;
572 }
573 #ifdef LFS_READWRITE
574 if (need_unreserve) {
575 lfs_reserve(fs, vp, NULL,
>>> CID 1315723: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
576 -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
577 }
578 #endif
579
580 error = ulfs_post_write_update(vp, uio, ioflag, cred, osize, resid,
581 extended, error);
** CID 1315724: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
________________________________________________________________________________________________________
*** CID 1315724: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
526 {
527 ASSERT_MAYBE_SEGLOCK(fs);
528
529 mutex_enter(&lfs_lock);
530 --ip->i_lfs_nbtree;
531 SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
>>> CID 1315724: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
532 if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
533 fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534 fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535 if (locked_fakequeue_count > 0)
536 --locked_fakequeue_count;
537 lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
527 ASSERT_MAYBE_SEGLOCK(fs);
528
529 mutex_enter(&lfs_lock);
530 --ip->i_lfs_nbtree;
531 SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
532 if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
>>> CID 1315724: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
533 fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534 fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535 if (locked_fakequeue_count > 0)
536 --locked_fakequeue_count;
537 lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
538 mutex_exit(&lfs_lock);
** CID 1315725: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 314 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 320 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 333 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 360 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 400 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 416 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 602 in lfs_truncate()
________________________________________________________________________________________________________
*** CID 1315725: (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 314 in lfs_truncate()
308 oip->i_flag |= IN_CHANGE | IN_UPDATE;
309 KASSERT(ovp->v_size == oip->i_size);
310 oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
311 return (lfs_update(ovp, NULL, NULL, 0));
312 } else {
313 error = lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
314 lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
315 if (error)
316 return (error);
317 error = lfs_balloc(ovp, length - 1, 1, cred,
318 aflags, &bp);
319 lfs_reserve(fs, ovp, NULL,
/sys/ufs/lfs/lfs_inode.c: 320 in lfs_truncate()
314 lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
315 if (error)
316 return (error);
317 error = lfs_balloc(ovp, length - 1, 1, cred,
318 aflags, &bp);
319 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
320 -lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
321 if (error)
322 return (error);
323 oip->i_ffs1_size = oip->i_size = length;
324 uvm_vnp_setsize(ovp, length);
325 (void) VOP_BWRITE(bp->b_vp, bp);
/sys/ufs/lfs/lfs_inode.c: 333 in lfs_truncate()
327 oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
328 return (lfs_update(ovp, NULL, NULL, 0));
329 }
330 }
331
332 if ((error = lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
333 lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)))) != 0)
334 return (error);
335
336 /*
337 * Shorten the size of the file. If the file is not being
338 * truncated to a block boundary, the contents of the
/sys/ufs/lfs/lfs_inode.c: 360 in lfs_truncate()
354 aflags = B_CLRBUF;
355 if (ioflag & IO_SYNC)
356 aflags |= B_SYNC;
357 error = lfs_balloc(ovp, length - 1, 1, cred, aflags, &bp);
358 if (error) {
359 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
360 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
361 goto errout;
362 }
363 obufsize = bp->b_bufsize;
364 odb = lfs_btofsb(fs, bp->b_bcount);
365 oip->i_size = oip->i_ffs1_size = length;
/sys/ufs/lfs/lfs_inode.c: 400 in lfs_truncate()
394 voff_t eoz;
395
396 aflags = ioflag & IO_SYNC ? B_SYNC : 0;
397 error = ulfs_balloc_range(ovp, length - 1, 1, cred, aflags);
398 if (error) {
399 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
400 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
401 goto errout;
402 }
403 xlbn = lfs_lblkno(fs, length);
404 size = lfs_blksize(fs, oip, xlbn);
405 eoz = MIN(lfs_lblktosize(fs, xlbn) + size, osize);
/sys/ufs/lfs/lfs_inode.c: 416 in lfs_truncate()
410 error = VOP_PUTPAGES(ovp, round_page(length),
411 round_page(eoz),
412 PGO_CLEANIT | PGO_DEACTIVATE |
413 ((ioflag & IO_SYNC) ? PGO_SYNCIO : 0));
414 if (error) {
415 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
416 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
417 goto errout;
418 }
419 }
420 }
421
/sys/ufs/lfs/lfs_inode.c: 602 in lfs_truncate()
596
597 oip->i_flag |= IN_CHANGE;
598 #if defined(LFS_QUOTA) || defined(LFS_QUOTA2)
599 (void) lfs_chkdq(oip, -blocksreleased, NOCRED, 0);
600 #endif
601 lfs_reserve(fs, ovp, NULL,
>>> CID 1315725: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
602 -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
603 genfs_node_unlock(ovp);
604 errout:
605 oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
606 if (ovp != fs->lfs_ivnode)
607 lfs_segunlock(fs);
** CID 1315726: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 903 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 899 in make_lfs()
________________________________________________________________________________________________________
*** CID 1315726: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 903 in make_lfs()
897 ubb += lfs_btofsb(fs, segp->su_nbytes +
898 segp->su_nsums * lfs_sb_getsumsize(fs) +
899 segp->su_ninos * lfs_sb_getibsize(fs));
900 dmeta += lfs_btofsb(fs,
901 lfs_sb_getsumsize(fs) * segp->su_nsums);
902 dmeta += lfs_btofsb(fs,
>>> CID 1315726: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getibsize(fs) * segp->su_ninos" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
903 lfs_sb_getibsize(fs) * segp->su_ninos);
904 } else {
905 lfs_sb_addavail(fs, lfs_segtod(fs, 1));
906 if (segp->su_flags & SEGUSE_SUPERBLOCK)
907 lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
908 if (i == 0 && lfs_sb_getversion(fs) > 1 &&
/sbin/newfs_lfs/make_lfs.c: 899 in make_lfs()
893 LFS_SEGENTRY(segp, fs, i, bp);
894 if (segp->su_flags & SEGUSE_DIRTY) {
895 bb += lfs_btofsb(fs, segp->su_nbytes +
896 segp->su_nsums * lfs_sb_getsumsize(fs));
897 ubb += lfs_btofsb(fs, segp->su_nbytes +
898 segp->su_nsums * lfs_sb_getsumsize(fs) +
>>> CID 1315726: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "segp->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
899 segp->su_ninos * lfs_sb_getibsize(fs));
900 dmeta += lfs_btofsb(fs,
901 lfs_sb_getsumsize(fs) * segp->su_nsums);
902 dmeta += lfs_btofsb(fs,
903 lfs_sb_getibsize(fs) * segp->su_ninos);
904 } else {
** CID 1315727: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 639 in make_lfs()
________________________________________________________________________________________________________
*** CID 1315727: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 639 in make_lfs()
633 * and segment usage table, and half a block per segment that can't
634 * be written due to fragmentation.
635 */
636 lfs_sb_setdsize(fs,
637 lfs_segtod(fs, lfs_sb_getnseg(fs) - lfs_sb_getminfreeseg(fs)));
638 lfs_sb_setbfree(fs, lfs_sb_getdsize(fs));
>>> CID 1315727: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getnseg(fs) / 2U << lfs_sb_getblktodb(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
639 lfs_sb_subbfree(fs, LFS_DBTOFSB(fs, ((lfs_sb_getnseg(fs) / 2) <<
640 lfs_sb_getblktodb(fs))));
641
642 lfs_sb_setsegtabsz(fs, SEGTABSIZE_SU(fs));
643 lfs_sb_setcleansz(fs, CLEANSIZE_SU(fs));
644 if (time(&stamp) == -1)
** CID 1315728: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 901 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 896 in make_lfs()
/sbin/newfs_lfs/make_lfs.c: 898 in make_lfs()
________________________________________________________________________________________________________
*** CID 1315728: (OVERFLOW_BEFORE_WIDEN)
/sbin/newfs_lfs/make_lfs.c: 901 in make_lfs()
895 bb += lfs_btofsb(fs, segp->su_nbytes +
896 segp->su_nsums * lfs_sb_getsumsize(fs));
897 ubb += lfs_btofsb(fs, segp->su_nbytes +
898 segp->su_nsums * lfs_sb_getsumsize(fs) +
899 segp->su_ninos * lfs_sb_getibsize(fs));
900 dmeta += lfs_btofsb(fs,
>>> CID 1315728: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getsumsize(fs) * segp->su_nsums" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
901 lfs_sb_getsumsize(fs) * segp->su_nsums);
902 dmeta += lfs_btofsb(fs,
903 lfs_sb_getibsize(fs) * segp->su_ninos);
904 } else {
905 lfs_sb_addavail(fs, lfs_segtod(fs, 1));
906 if (segp->su_flags & SEGUSE_SUPERBLOCK)
/sbin/newfs_lfs/make_lfs.c: 896 in make_lfs()
890 lfs_sb_setavail(fs, 0);
891 bb = ubb = dmeta = 0;
892 for (i = 0; i < lfs_sb_getnseg(fs); i++) {
893 LFS_SEGENTRY(segp, fs, i, bp);
894 if (segp->su_flags & SEGUSE_DIRTY) {
895 bb += lfs_btofsb(fs, segp->su_nbytes +
>>> CID 1315728: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "segp->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
896 segp->su_nsums * lfs_sb_getsumsize(fs));
897 ubb += lfs_btofsb(fs, segp->su_nbytes +
898 segp->su_nsums * lfs_sb_getsumsize(fs) +
899 segp->su_ninos * lfs_sb_getibsize(fs));
900 dmeta += lfs_btofsb(fs,
901 lfs_sb_getsumsize(fs) * segp->su_nsums);
/sbin/newfs_lfs/make_lfs.c: 898 in make_lfs()
892 for (i = 0; i < lfs_sb_getnseg(fs); i++) {
893 LFS_SEGENTRY(segp, fs, i, bp);
894 if (segp->su_flags & SEGUSE_DIRTY) {
895 bb += lfs_btofsb(fs, segp->su_nbytes +
896 segp->su_nsums * lfs_sb_getsumsize(fs));
897 ubb += lfs_btofsb(fs, segp->su_nbytes +
>>> CID 1315728: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "segp->su_nsums * lfs_sb_getsumsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
898 segp->su_nsums * lfs_sb_getsumsize(fs) +
899 segp->su_ninos * lfs_sb_getibsize(fs));
900 dmeta += lfs_btofsb(fs,
901 lfs_sb_getsumsize(fs) * segp->su_nsums);
902 dmeta += lfs_btofsb(fs,
903 lfs_sb_getibsize(fs) * segp->su_ninos);
** CID 1315729: (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 117 in pass5()
/sbin/fsck_lfs/pass5.c: 113 in pass5()
________________________________________________________________________________________________________
*** CID 1315729: (OVERFLOW_BEFORE_WIDEN)
/sbin/fsck_lfs/pass5.c: 117 in pass5()
111 ubb += lfs_btofsb(fs, su->su_nbytes +
112 su->su_nsums * lfs_sb_getsumsize(fs) +
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
115 lfs_sb_getsumsize(fs) * su->su_nsums);
116 dmeta += lfs_btofsb(fs,
>>> CID 1315729: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lfs_sb_getibsize(fs) * su->su_ninos" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
117 lfs_sb_getibsize(fs) * su->su_ninos);
118 } else {
119 nclean++;
120 avail += lfs_segtod(fs, 1);
121 if (su->su_flags & SEGUSE_SUPERBLOCK)
122 avail -= lfs_btofsb(fs, LFS_SBPAD);
/sbin/fsck_lfs/pass5.c: 113 in pass5()
107 }
108 if (su->su_flags & SEGUSE_DIRTY) {
109 bb += lfs_btofsb(fs, su->su_nbytes +
110 su->su_nsums * lfs_sb_getsumsize(fs));
111 ubb += lfs_btofsb(fs, su->su_nbytes +
112 su->su_nsums * lfs_sb_getsumsize(fs) +
>>> CID 1315729: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "su->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
113 su->su_ninos * lfs_sb_getibsize(fs));
114 dmeta += lfs_btofsb(fs,
115 lfs_sb_getsumsize(fs) * su->su_nsums);
116 dmeta += lfs_btofsb(fs,
117 lfs_sb_getibsize(fs) * su->su_ninos);
118 } else {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index