Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
52 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
28 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 52 defect(s)
** CID 420743: (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 133 in exceptions_state_mc()
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 188 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 420743: (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 133 in exceptions_state_mc()
127 /* Allow the code to run the catcher. */
128 current_catcher->state = CATCHER_RUNNING;
129 return 1;
130 default:
131 internal_error (__FILE__, __LINE__, _("bad state"));
132 }
>>> CID 420743: (MISSING_BREAK)
>>> The above case falls through to this one.
133 case CATCHER_RUNNING:
134 switch (action)
135 {
136 case CATCH_ITER:
137 /* No error/quit has occured. Just clean up. */
138 catcher_pop ();
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 188 in exceptions_state_mc()
182 /* The caller didn't request that the event be caught,
183 relay the event to the next containing
184 catch_errors(). */
185 catcher_pop ();
186 throw_exception (exception);
187 }
>>> CID 420743: (MISSING_BREAK)
>>> The above case falls through to this one.
188 default:
189 internal_error (__FILE__, __LINE__, _("bad state"));
190 }
191 default:
192 internal_error (__FILE__, __LINE__, _("bad switch"));
193 }
** CID 603106: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/bfd/dwarf1.c: 419 in dwarf1_unit_find_nearest_line()
________________________________________________________________________________________________________
*** CID 603106: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/bfd/dwarf1.c: 419 in dwarf1_unit_find_nearest_line()
413 if (! parse_functions_in_unit (stash, aUnit))
414 return FALSE;
415 }
416
417 for (i = 0; i < aUnit->line_count; i++)
418 {
>>> CID 603106: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "aUnit->linenumber_table".
419 if (aUnit->linenumber_table[i].addr <= addr
420 && addr < aUnit->linenumber_table[i+1].addr)
421 {
422 *filename_ptr = aUnit->name;
423 *linenumber_ptr = aUnit->linenumber_table[i].linenumber;
424 line_p = TRUE;
** CID 976492: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 150 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 976492: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 150 in exceptions_state_mc()
144 current_catcher->state = CATCHER_ABORTING;
145 /* See also throw_exception. */
146 return 1;
147 default:
148 internal_error (__FILE__, __LINE__, _("bad switch"));
149 }
>>> CID 976492: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
150 case CATCHER_RUNNING_1:
151 switch (action)
152 {
153 case CATCH_ITER:
154 /* The did a "break" from the inner while loop. */
155 catcher_pop ();
** CID 976493: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 167 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 976493: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 167 in exceptions_state_mc()
161 current_catcher->state = CATCHER_ABORTING;
162 /* See also throw_exception. */
163 return 1;
164 default:
165 internal_error (__FILE__, __LINE__, _("bad switch"));
166 }
>>> CID 976493: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
167 case CATCHER_ABORTING:
168 switch (action)
169 {
170 case CATCH_ITER:
171 {
172 struct gdb_exception exception = *current_catcher->exception;
** CID 976494: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 191 in exceptions_state_mc()
________________________________________________________________________________________________________
*** CID 976494: Control flow issues (MISSING_BREAK)
/external/gpl3/gdb/dist/gdb/common/common-exceptions.c: 191 in exceptions_state_mc()
185 catcher_pop ();
186 throw_exception (exception);
187 }
188 default:
189 internal_error (__FILE__, __LINE__, _("bad state"));
190 }
>>> CID 976494: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
191 default:
192 internal_error (__FILE__, __LINE__, _("bad switch"));
193 }
194 }
195
196 int
** CID 1102781: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infcmd.c: 1916 in program_info()
________________________________________________________________________________________________________
*** CID 1102781: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infcmd.c: 1916 in program_info()
1910 if (ptid_equal (ptid, null_ptid) || is_exited (ptid))
1911 error (_("Invalid selected thread."));
1912 else if (is_running (ptid))
1913 error (_("Selected thread is running."));
1914
1915 tp = find_thread_ptid (ptid);
>>> CID 1102781: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "tp".
1916 bs = tp->control.stop_bpstat;
1917 stat = bpstat_num (&bs, &num);
1918
1919 target_files_info ();
1920 printf_filtered (_("Program stopped at %s.\n"),
1921 paddress (target_gdbarch (), stop_pc));
** CID 1102783: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infrun.c: 2851 in infrun_thread_stop_requested_callback()
________________________________________________________________________________________________________
*** CID 1102783: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/infrun.c: 2851 in infrun_thread_stop_requested_callback()
2845 target_dcache_invalidate ();
2846
2847 /* Go through handle_inferior_event/normal_stop, so we always
2848 have consistent output as if the stop event had been
2849 reported. */
2850 ecs->ptid = info->ptid;
>>> CID 1102783: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "ecs->event_thread" = null return value from "find_thread_ptid".
2851 ecs->event_thread = find_thread_ptid (info->ptid);
2852 ecs->ws.kind = TARGET_WAITKIND_STOPPED;
2853 ecs->ws.value.sig = GDB_SIGNAL_0;
2854
2855 handle_inferior_event (ecs);
2856
** CID 1102784: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/mi/mi-interp.c: 927 in mi_on_resume()
________________________________________________________________________________________________________
*** CID 1102784: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/mi/mi-interp.c: 927 in mi_on_resume()
921 if (ptid_equal (ptid, minus_one_ptid) || ptid_is_pid (ptid))
922 tp = inferior_thread ();
923 else
924 tp = find_thread_ptid (ptid);
925
926 /* Suppress output while calling an inferior function. */
>>> CID 1102784: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "tp".
927 if (tp->control.in_infcall)
928 return;
929
930 /* To cater for older frontends, emit ^running, but do it only once
931 per each command. We do it here, since at this point we know
932 that the target was successfully resumed, and in non-async mode,
** CID 1102785: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/thread.c: 754 in thread_change_ptid()
________________________________________________________________________________________________________
*** CID 1102785: Null pointer dereferences (NULL_RETURNS)
/external/gpl3/gdb/dist/gdb/thread.c: 754 in thread_change_ptid()
748 changes. E.g, target remote may only discover the remote process
749 pid after adding the inferior to GDB's list. */
750 inf = find_inferior_ptid (old_ptid);
751 inf->pid = ptid_get_pid (new_ptid);
752
753 tp = find_thread_ptid (old_ptid);
>>> CID 1102785: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "tp".
754 tp->ptid = new_ptid;
755
756 observer_notify_thread_ptid_changed (old_ptid, new_ptid);
757 }
758
759 void
** CID 1286780: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/libiberty/cp-demangle.c: 3712 in d_substitution()
________________________________________________________________________________________________________
*** CID 1286780: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/libiberty/cp-demangle.c: 3712 in d_substitution()
3706 c = d_make_sub (di, s, len);
3707 if (d_peek_char (di) == 'B')
3708 {
3709 /* If there are ABI tags on the abbreviation, it becomes
3710 a substitution candidate. */
3711 c = d_abi_tags (di, c);
>>> CID 1286780: Error handling issues (CHECKED_RETURN)
>>> Calling "d_add_substitution" without checking return value (as is done elsewhere 9 out of 10 times).
3712 d_add_substitution (di, c);
3713 }
3714 return c;
3715 }
3716 }
3717
** CID 1316544: Incorrect expression (ASSERT_SIDE_EFFECT)
/sys/netinet/if_arp.c: 582 in arp_rtrequest()
________________________________________________________________________________________________________
*** CID 1316544: Incorrect expression (ASSERT_SIDE_EFFECT)
/sys/netinet/if_arp.c: 582 in arp_rtrequest()
576 {
577 /*
578 * Give this route an expiration time, even though
579 * it's a "permanent" route, so that routes cloned
580 * from it do not need their expiration time set.
581 */
>>> CID 1316544: Incorrect expression (ASSERT_SIDE_EFFECT)
>>> Argument "time_uptime" of KASSERT() has a side effect because the variable is volatile. The containing function might work differently in a non-debug build.
582 KASSERT(time_uptime != 0);
583 rt->rt_expire = time_uptime;
584 /*
585 * linklayers with particular link MTU limitation.
586 */
587 switch (ifp->if_type) {
** CID 1316545: Control flow issues (DEADCODE)
/sys/ufs/lfs/lfs_alloc.c: 312 in lfs_valloc_fixed()
________________________________________________________________________________________________________
*** CID 1316545: Control flow issues (DEADCODE)
/sys/ufs/lfs/lfs_alloc.c: 312 in lfs_valloc_fixed()
306 brelse(bp, 0);
307 }
308 if (nextfree == LFS_UNUSED_INUM) {
309 brelse(bp, 0);
310 return ENOENT;
311 }
>>> CID 1316545: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "lfs_if_setnextfree(fs, ifp,...".
312 lfs_if_setnextfree(fs, ifp, oldnext);
313 LFS_BWRITE_LOG(bp);
314 }
315
316 return 0;
317 }
** CID 1316549: Memory - corruptions (ARRAY_VS_SINGLETON)
/sbin/newfs_lfs/make_lfs.c: 840 in make_lfs()
________________________________________________________________________________________________________
*** CID 1316549: Memory - corruptions (ARRAY_VS_SINGLETON)
/sbin/newfs_lfs/make_lfs.c: 840 in make_lfs()
834 } else if (version > 1) {
835 ip32 = &ipall->u_32;
836 for (i = LFS_IFILE_INUM; i <= HIGHEST_USED_INO; i++) {
837 ip32->if_version = 1;
838 ip32->if_daddr = 0x0;
839 ip32->if_nextfree = 0;
>>> CID 1316549: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "ip32" as an array. This might corrupt or misinterpret adjacent memory locations.
840 ++ip32;
841 }
842 } else {
843 ip_v1 = &ipall->u_v1;
844 for (i = LFS_IFILE_INUM; i <= HIGHEST_USED_INO; i++) {
845 ip_v1->if_version = 1;
** CID 1316550: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/bfd/plugin.c: 198 in try_claim()
________________________________________________________________________________________________________
*** CID 1316550: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/bfd/plugin.c: 198 in try_claim()
192 file.filesize = stat_buf.st_size;
193 }
194
195 file.handle = abfd;
196 off_t cur_offset = lseek(file.fd, 0, SEEK_CUR);
197 claim_file (&file, &claimed);
>>> CID 1316550: Error handling issues (CHECKED_RETURN)
>>> Calling "lseek(file.fd, cur_offset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
198 lseek(file.fd, cur_offset, SEEK_SET);
199 if (!claimed)
200 return 0;
201
202 return 1;
203 }
** CID 1316551: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/gdb/gcore.c: 97 in write_gcore_file_1()
________________________________________________________________________________________________________
*** CID 1316551: Error handling issues (CHECKED_RETURN)
/external/gpl3/gdb/dist/gdb/gcore.c: 97 in write_gcore_file_1()
91 | SEC_ALLOC);
92 if (note_sec == NULL)
93 error (_("Failed to create 'note' section for corefile: %s"),
94 bfd_errmsg (bfd_get_error ()));
95
96 bfd_set_section_vma (obfd, note_sec, 0);
>>> CID 1316551: Error handling issues (CHECKED_RETURN)
>>> Calling "bfd_set_section_alignment" without checking return value (as is done elsewhere 27 out of 30 times).
97 bfd_set_section_alignment (obfd, note_sec, 0);
98 bfd_set_section_size (obfd, note_sec, note_size);
99
100 /* Now create the memory/load sections. */
101 if (gcore_memory_sections (obfd) == 0)
102 error (_("gcore: failed to get corefile memory sections from target."));
** CID 1316552: Incorrect expression (COPY_PASTE_ERROR)
/external/gpl3/gdb/dist/gdb/i386-tdep.c: 8525 in i386_gdbarch_init()
________________________________________________________________________________________________________
*** CID 1316552: Incorrect expression (COPY_PASTE_ERROR)
/external/gpl3/gdb/dist/gdb/i386-tdep.c: 8525 in i386_gdbarch_init()
8519
8520 mm0_regnum = ymm0_regnum;
8521 if (tdep->num_ymm_regs)
8522 {
8523 /* Support YMM pseudo-register if it is available. */
8524 tdep->ymm0_regnum = ymm0_regnum;
>>> CID 1316552: Incorrect expression (COPY_PASTE_ERROR)
>>> "mm0_regnum" in "mm0_regnum += tdep->num_ymm_regs" looks like a copy-paste error.
8525 mm0_regnum += tdep->num_ymm_regs;
8526 }
8527 else
8528 tdep->ymm0_regnum = -1;
8529
8530 if (tdep->num_ymm_avx512_regs)
** CID 1316553: Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/frame.c: 1820 in get_prev_frame_always_1()
________________________________________________________________________________________________________
*** CID 1316553: Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/frame.c: 1820 in get_prev_frame_always_1()
1814 if (frame_debug)
1815 {
1816 fprintf_unfiltered (gdb_stdlog, "{ get_prev_frame_always (this_frame=");
1817 if (this_frame != NULL)
1818 fprintf_unfiltered (gdb_stdlog, "%d", this_frame->level);
1819 else
>>> CID 1316553: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "fprintf_unfiltered(gdb_stdl...".
1820 fprintf_unfiltered (gdb_stdlog, "<NULL>");
1821 fprintf_unfiltered (gdb_stdlog, ") ");
1822 }
1823
1824 /* Only try to do the unwind once. */
1825 if (this_frame->prev_p)
** CID 1316554: Possible Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/eval.c: 911 in evaluate_subexp_standard()
________________________________________________________________________________________________________
*** CID 1316554: Possible Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/eval.c: 911 in evaluate_subexp_standard()
905
906 element = evaluate_subexp (element_type, exp, pos, noside);
907 if (value_type (element) != element_type)
908 element = value_cast (element_type, element);
909 if (index_pc)
910 {
>>> CID 1316554: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "continue_pc = *pos;".
911 int continue_pc = *pos;
912
913 *pos = index_pc;
914 index = init_array_element (array, element, exp, pos, noside,
915 low_bound, high_bound);
916 *pos = continue_pc;
** CID 1316555: Possible Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/auto-load.c: 1484 in _initialize_auto_load()
________________________________________________________________________________________________________
*** CID 1316555: Possible Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/auto-load.c: 1484 in _initialize_auto_load()
1478 suffix = ext_lang_auto_load_suffix (get_ext_lang_defn (EXT_LANG_GUILE));
1479 guile_name_help
1480 = xstrprintf (_("\
1481 Guile scripts: OBJFILE%s\n"),
1482 suffix);
1483 #endif
>>> CID 1316555: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "guile_name_help" inside this statement: "scripts_directory_help = xs...".
1484 scripts_directory_help
1485 = xstrprintf (_("\
1486 Automatically loaded scripts are located in one of the directories listed\n\
1487 by this option.\n\
1488 \n\
1489 Script names:\n\
** CID 1316556: Possible Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/auto-load.c: 1484 in _initialize_auto_load()
________________________________________________________________________________________________________
*** CID 1316556: Possible Control flow issues (DEADCODE)
/external/gpl3/gdb/dist/gdb/auto-load.c: 1484 in _initialize_auto_load()
1478 suffix = ext_lang_auto_load_suffix (get_ext_lang_defn (EXT_LANG_GUILE));
1479 guile_name_help
1480 = xstrprintf (_("\
1481 Guile scripts: OBJFILE%s\n"),
1482 suffix);
1483 #endif
>>> CID 1316556: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "python_name_help" inside this statement: "scripts_directory_help = xs...".
1484 scripts_directory_help
1485 = xstrprintf (_("\
1486 Automatically loaded scripts are located in one of the directories listed\n\
1487 by this option.\n\
1488 \n\
1489 Script names:\n\
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index