Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
22 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 22 defect(s)
** CID 745503: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/scp.c: 1081 in sink()
________________________________________________________________________________________________________
*** CID 745503: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/scp.c: 1081 in sink()
1075 (void) chmod(vect[0], mode);
1076 free(vect[0]);
1077 continue;
1078 }
1079 omode = mode;
1080 mode |= S_IWUSR;
>>> CID 745503: Security best practices violations (TOCTOU)
>>> Calling function "open" that uses "np" after a check function. This can cause a time-of-check, time-of-use race condition.
1081 if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
1082 bad: run_err("%s: %s", np, strerror(errno));
1083 continue;
1084 }
1085 (void) atomicio(vwrite, remout, empty, 1);
1086 if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) {
** CID 1201655: Null pointer dereferences (NULL_RETURNS)
/crypto/external/bsd/openssl/dist/crypto/mem_dbg.c: 646 in print_leak_doall_arg()
________________________________________________________________________________________________________
*** CID 1201655: Null pointer dereferences (NULL_RETURNS)
/crypto/external/bsd/openssl/dist/crypto/mem_dbg.c: 646 in print_leak_doall_arg()
640 if (m->addr == (char *)l->bio)
641 return;
642
643 if (options & V_CRYPTO_MDEBUG_TIME) {
644 lcl = localtime(&m->time);
645
>>> CID 1201655: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "lcl".
646 BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
647 lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
648 bufp += strlen(bufp);
649 }
650
651 BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
** CID 1341547: Error handling issues (CHECKED_RETURN)
/sys/rump/librump/rumpkern/rump_syscalls.c: 781 in rump___sysimpl_sync()
________________________________________________________________________________________________________
*** CID 1341547: Error handling issues (CHECKED_RETURN)
/sys/rump/librump/rumpkern/rump_syscalls.c: 781 in rump___sysimpl_sync()
775 void rump___sysimpl_sync(void);
776 void
777 rump___sysimpl_sync(void )
778 {
779 register_t retval[2];
780
>>> CID 1341547: Error handling issues (CHECKED_RETURN)
>>> Calling "rumpclient_syscall" without checking return value (as is done elsewhere 4 out of 5 times).
781 rsys_syscall(SYS_sync, NULL, 0, retval);
782 }
783 #ifdef RUMP_KERNEL_IS_LIBC
784 __weak_alias(sync,rump___sysimpl_sync);
785 __weak_alias(_sync,rump___sysimpl_sync);
786 __strong_alias(_sys_sync,rump___sysimpl_sync);
** CID 1341548: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 146 in add()
________________________________________________________________________________________________________
*** CID 1341548: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 146 in add()
140
141 ent_set(ent, map, type, name);
142 gpt_write_primary(gpt);
143
144 ent = gpt_ent_backup(gpt, i);
145 ent_set(ent, map, type, name);
>>> CID 1341548: Error handling issues (CHECKED_RETURN)
>>> Calling "gpt_write_backup" without checking return value (as is done elsewhere 6 out of 7 times).
146 gpt_write_backup(gpt);
147
148 gpt_uuid_snprintf(buf, sizeof(buf), "%d", type);
149 gpt_msg(gpt, "Partition %d added: %s %" PRIu64 " %" PRIu64, i + 1,
150 buf, map->map_start, map->map_size);
151 return 0;
** CID 1341549: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 142 in add()
________________________________________________________________________________________________________
*** CID 1341549: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 142 in add()
136 gpt_warnx(gpt, "Not enough space available on device");
137 return -1;
138 }
139 }
140
141 ent_set(ent, map, type, name);
>>> CID 1341549: Error handling issues (CHECKED_RETURN)
>>> Calling "gpt_write_primary" without checking return value (as is done elsewhere 5 out of 6 times).
142 gpt_write_primary(gpt);
143
144 ent = gpt_ent_backup(gpt, i);
145 ent_set(ent, map, type, name);
146 gpt_write_backup(gpt);
147
** CID 1341550: Error handling issues (CHECKED_RETURN)
/sbin/gpt/resizedisk.c: 205 in resizedisk()
________________________________________________________________________________________________________
*** CID 1341550: Error handling issues (CHECKED_RETURN)
/sbin/gpt/resizedisk.c: 205 in resizedisk()
199 hdr = gpt->gpt->map_data;
200 hdr->hdr_lba_alt = (uint64_t)gpt->tpg->map_start;
201 hdr->hdr_crc_self = 0;
202 hdr->hdr_lba_end = htole64((uint64_t)(gpt->lbt->map_start - 1));
203 hdr->hdr_crc_self =
204 htole32(crc32(gpt->gpt->map_data, GPT_HDR_SIZE));
>>> CID 1341550: Error handling issues (CHECKED_RETURN)
>>> Calling "gpt_write" without checking return value (as is done elsewhere 10 out of 11 times).
205 gpt_write(gpt, gpt->gpt);
206
207 hdr = gpt->tpg->map_data;
208 hdr->hdr_lba_self = htole64((uint64_t)gpt->tpg->map_start);
209 hdr->hdr_lba_alt = htole64((uint64_t)gpt->gpt->map_start);
210 hdr->hdr_lba_end = htole64((uint64_t)(gpt->lbt->map_start - 1));
** CID 1341551: Null pointer dereferences (FORWARD_NULL)
/usr.sbin/makemandb/apropos-utils.c: 931 in term_init()
________________________________________________________________________________________________________
*** CID 1341551: Null pointer dereferences (FORWARD_NULL)
/usr.sbin/makemandb/apropos-utils.c: 931 in term_init()
925 int error;
926 const char *bold, *sgr0, *smso, *rmso, *smul, *rmul;
927
928 if (ti_setupterm(&ti, NULL, fd, &error) == -1) {
929 bold = sgr0 = NULL;
930 smso = rmso = smul = rmul = "";
>>> CID 1341551: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "ti" = "NULL".
931 ti = NULL;
932 } else {
933 bold = ti_getstr(ti, "bold");
934 sgr0 = ti_getstr(ti, "sgr0");
935 if (bold == NULL || sgr0 == NULL) {
936 smso = ti_getstr(ti, "smso");
** CID 1341552: (FORWARD_NULL)
/external/bsd/dhcpcd/dist/common.c: 169 in logger()
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
________________________________________________________________________________________________________
*** CID 1341552: (FORWARD_NULL)
/external/bsd/dhcpcd/dist/common.c: 169 in logger()
163 }
164 *fp++ = '\0';
165 fmt = fmt_cpy;
166 }
167 #endif
168
>>> CID 1341552: (FORWARD_NULL)
>>> Dereferencing null pointer "ctx".
169 if ((ctx == NULL || !(ctx->options & DHCPCD_QUIET)) &&
170 (pri < LOG_DEBUG || (ctx->options & DHCPCD_DEBUG)))
171 {
172 va_list vac;
173
174 va_copy(vac, va);
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
178 vfprintf(pri <= LOG_ERR ? stderr : stdout, fmt, vac);
179 fputc('\n', pri <= LOG_ERR ? stderr : stdout);
180 va_end(vac);
181 }
182
183 /* Don't send to syslog if dumping leases or testing */
>>> CID 1341552: (FORWARD_NULL)
>>> Dereferencing null pointer "ctx".
184 if (ctx->options & (DHCPCD_DUMPLEASE | DHCPCD_TEST))
185 goto out;
186
187 if (ctx && ctx->log_fd != -1) {
188 if (pri < LOG_DEBUG || (ctx->options & DHCPCD_DEBUG)) {
189 struct timeval tv;
** CID 1341553: Null pointer dereferences (FORWARD_NULL)
/lib/libterminfo/term.c: 194 in _ti_readterm()
________________________________________________________________________________________________________
*** CID 1341553: Null pointer dereferences (FORWARD_NULL)
/lib/libterminfo/term.c: 194 in _ti_readterm()
188 sizeof(*term->_userdefs)) == -1)
189 return -1;
190 for (num = 0; num < term->_nuserdefs; num++) {
191 ud = &term->_userdefs[num];
192 len = le16dec(cap);
193 cap += sizeof(uint16_t);
>>> CID 1341553: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "ud".
194 ud->id = cap;
195 cap += len;
196 ud->type = *cap++;
197 switch (ud->type) {
198 case 'f':
199 ud->flag = *cap++;
** CID 1341554: Memory - illegal accesses (OVERRUN)
/external/bsd/dhcpcd/dist/dhcp6.c: 2212 in dhcp6_readlease()
________________________________________________________________________________________________________
*** CID 1341554: Memory - illegal accesses (OVERRUN)
/external/bsd/dhcpcd/dist/dhcp6.c: 2212 in dhcp6_readlease()
2206 if ((state->new = malloc(BUFSIZ)) == NULL)
2207 return -1;
2208 retval = -1;
2209 /* DHCPv6 messages have no real maximum size.
2210 * As we could be reading from stdin, we loop like so. */
2211 for (;;) {
>>> CID 1341554: Memory - illegal accesses (OVERRUN)
>>> Overrunning dynamic array "state->new" at offset corresponding to index variable "state->new_len" through dereference in call to "read". [Note: The source code implementation of the function has been overridden by a builtin model.]
2212 bytes = read(fd, state->new + state->new_len, BUFSIZ);
2213 if (bytes == -1)
2214 break;
2215 if (bytes < BUFSIZ) {
2216 state->new_len += (size_t)bytes;
2217 retval = 0;
** CID 1341555: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/gpt_uuid.c: 285 in gpt_uuid_generate()
________________________________________________________________________________________________________
*** CID 1341555: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/gpt_uuid.c: 285 in gpt_uuid_generate()
279 u.clock_seq_hi_and_reserved |= 0x80;
280
281 gpt_dce_to_uuid(&u, t);
282 close(fd);
283 return 0;
284 out:
>>> CID 1341555: Resource leaks (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
285 return -1;
** CID 1341556: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/map.c: 182 in map_add()
________________________________________________________________________________________________________
*** CID 1341556: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/map.c: 182 in map_add()
176 gpt->mediamap = p;
177 }
178
179 return m;
180 oomem:
181 gpt_warn(gpt, "Can't create map");
>>> CID 1341556: Resource leaks (RESOURCE_LEAK)
>>> Variable "m" going out of scope leaks the storage it points to.
182 return NULL;
183 }
184
185 map_t
186 map_alloc(gpt_t gpt, off_t start, off_t size, off_t alignment)
187 {
** CID 1341560: (RESOURCE_LEAK)
/sbin/gpt/add.c: 200 in cmd_add()
/sbin/gpt/add.c: 169 in cmd_add()
/sbin/gpt/add.c: 173 in cmd_add()
/sbin/gpt/add.c: 177 in cmd_add()
/sbin/gpt/add.c: 182 in cmd_add()
/sbin/gpt/add.c: 188 in cmd_add()
/sbin/gpt/add.c: 198 in cmd_add()
________________________________________________________________________________________________________
*** CID 1341560: (RESOURCE_LEAK)
/sbin/gpt/add.c: 200 in cmd_add()
194 if (optind != argc)
195 return usage();
196
197 if ((sectors = gpt_check_ais(gpt, alignment, ~0U, size)) == -1)
198 return -1;
199
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
200 return add(gpt, alignment, block, sectors, size, entry, name, type);
/sbin/gpt/add.c: 169 in cmd_add()
163 gpt_uuid_copy(type, gpt_uuid_nil);
164
165 while ((ch = getopt(argc, argv, GPT_AIS "b:l:t:")) != -1) {
166 switch(ch) {
167 case 'b':
168 if (gpt_human_get(&block) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
169 return usage();
170 break;
171 case 'l':
172 if (gpt_name_get(gpt, &name) == -1)
173 return usage();
174 break;
/sbin/gpt/add.c: 173 in cmd_add()
167 case 'b':
168 if (gpt_human_get(&block) == -1)
169 return usage();
170 break;
171 case 'l':
172 if (gpt_name_get(gpt, &name) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
173 return usage();
174 break;
175 case 't':
176 if (gpt_uuid_get(gpt, &type) == -1)
177 return usage();
178 break;
/sbin/gpt/add.c: 177 in cmd_add()
171 case 'l':
172 if (gpt_name_get(gpt, &name) == -1)
173 return usage();
174 break;
175 case 't':
176 if (gpt_uuid_get(gpt, &type) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
177 return usage();
178 break;
179 default:
180 if (gpt_add_ais(gpt, &alignment, &entry, &size, ch)
181 == -1)
182 return usage();
/sbin/gpt/add.c: 182 in cmd_add()
176 if (gpt_uuid_get(gpt, &type) == -1)
177 return usage();
178 break;
179 default:
180 if (gpt_add_ais(gpt, &alignment, &entry, &size, ch)
181 == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
182 return usage();
183 break;
184 }
185 }
186
187 if (argc != optind)
/sbin/gpt/add.c: 188 in cmd_add()
182 return usage();
183 break;
184 }
185 }
186
187 if (argc != optind)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
188 return usage();
189
190 /* Create NetBSD FFS partitions by default. */
191 if (gpt_uuid_is_nil(type))
192 gpt_uuid_create(GPT_TYPE_NETBSD_FFS, type, NULL, 0);
193
/sbin/gpt/add.c: 198 in cmd_add()
192 gpt_uuid_create(GPT_TYPE_NETBSD_FFS, type, NULL, 0);
193
194 if (optind != argc)
195 return usage();
196
197 if ((sectors = gpt_check_ais(gpt, alignment, ~0U, size)) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
198 return -1;
199
200 return add(gpt, alignment, block, sectors, size, entry, name, type);
** CID 1341561: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
________________________________________________________________________________________________________
*** CID 1341561: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
260 const char *bootpath = NULL;
261
262 while ((ch = getopt(argc, argv, "c:i:L:")) != -1) {
263 switch(ch) {
264 case 'c':
265 if (gpt_name_get(gpt, &bootpath) == -1)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
266 return usage();
267 break;
268 case 'i':
269 if (gpt_uint_get(&entry) == -1)
270 return usage();
271 break;
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
264 case 'c':
265 if (gpt_name_get(gpt, &bootpath) == -1)
266 return usage();
267 break;
268 case 'i':
269 if (gpt_uint_get(&entry) == -1)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
270 return usage();
271 break;
272 case 'L':
273 if (gpt_name_get(gpt, &label) == -1)
274 return usage();
275 break;
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
268 case 'i':
269 if (gpt_uint_get(&entry) == -1)
270 return usage();
271 break;
272 case 'L':
273 if (gpt_name_get(gpt, &label) == -1)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
274 return usage();
275 break;
276 default:
277 return usage();
278 }
279 }
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
271 break;
272 case 'L':
273 if (gpt_name_get(gpt, &label) == -1)
274 return usage();
275 break;
276 default:
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
277 return usage();
278 }
279 }
280
281 if (argc != optind)
282 return usage();
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
276 default:
277 return usage();
278 }
279 }
280
281 if (argc != optind)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
282 return usage();
283
284 #ifdef DIOCGWEDGEINFO
285 if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 if (entry > 0)
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
283
284 #ifdef DIOCGWEDGEINFO
285 if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 if (entry > 0)
288 /* wedges and indexes are mutually exclusive */
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
289 return usage();
290 start = dkw.dkw_offset;
291 size = dkw.dkw_size;
292 ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 gpt->mediasz, gpt->secsz);
294 if (ngpt == NULL)
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
289 return usage();
290 start = dkw.dkw_offset;
291 size = dkw.dkw_size;
292 ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 gpt->mediasz, gpt->secsz);
294 if (ngpt == NULL)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
295 return -1;
296 }
297 #endif
298 biosboot(ngpt, start, size, entry, label, bootpath);
299 if (ngpt != gpt)
300 gpt_close(ngpt);
301
302 return 0;
** CID 1341562: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 302 in cmd_biosboot()
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
________________________________________________________________________________________________________
*** CID 1341562: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 302 in cmd_biosboot()
296 }
297 #endif
298 biosboot(ngpt, start, size, entry, label, bootpath);
299 if (ngpt != gpt)
300 gpt_close(ngpt);
301
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
302 return 0;
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
260 const char *bootpath = NULL;
261
262 while ((ch = getopt(argc, argv, "c:i:L:")) != -1) {
263 switch(ch) {
264 case 'c':
265 if (gpt_name_get(gpt, &bootpath) == -1)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
266 return usage();
267 break;
268 case 'i':
269 if (gpt_uint_get(&entry) == -1)
270 return usage();
271 break;
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
264 case 'c':
265 if (gpt_name_get(gpt, &bootpath) == -1)
266 return usage();
267 break;
268 case 'i':
269 if (gpt_uint_get(&entry) == -1)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
270 return usage();
271 break;
272 case 'L':
273 if (gpt_name_get(gpt, &label) == -1)
274 return usage();
275 break;
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
268 case 'i':
269 if (gpt_uint_get(&entry) == -1)
270 return usage();
271 break;
272 case 'L':
273 if (gpt_name_get(gpt, &label) == -1)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
274 return usage();
275 break;
276 default:
277 return usage();
278 }
279 }
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
271 break;
272 case 'L':
273 if (gpt_name_get(gpt, &label) == -1)
274 return usage();
275 break;
276 default:
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
277 return usage();
278 }
279 }
280
281 if (argc != optind)
282 return usage();
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
276 default:
277 return usage();
278 }
279 }
280
281 if (argc != optind)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
282 return usage();
283
284 #ifdef DIOCGWEDGEINFO
285 if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 if (entry > 0)
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
283
284 #ifdef DIOCGWEDGEINFO
285 if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 if (entry > 0)
288 /* wedges and indexes are mutually exclusive */
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
289 return usage();
290 start = dkw.dkw_offset;
291 size = dkw.dkw_size;
292 ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 gpt->mediasz, gpt->secsz);
294 if (ngpt == NULL)
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
289 return usage();
290 start = dkw.dkw_offset;
291 size = dkw.dkw_size;
292 ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 gpt->mediasz, gpt->secsz);
294 if (ngpt == NULL)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
295 return -1;
296 }
297 #endif
298 biosboot(ngpt, start, size, entry, label, bootpath);
299 if (ngpt != gpt)
300 gpt_close(ngpt);
301
302 return 0;
** CID 1341563: (RESOURCE_LEAK)
/sbin/gpt/label.c: 107 in name_from_file()
/sbin/gpt/label.c: 101 in name_from_file()
________________________________________________________________________________________________________
*** CID 1341563: (RESOURCE_LEAK)
/sbin/gpt/label.c: 107 in name_from_file()
101 return -1;
102 }
103 len = fread(*name, 1, maxlen - 1, f);
104 if (ferror(f)) {
105 free(*name);
106 gpt_warn(gpt, "Can't label from `%s'", fn);
>>> CID 1341563: (RESOURCE_LEAK)
>>> Variable "f" going out of scope leaks the storage it points to.
107 return -1;
108 }
109 if (f != stdin)
110 fclose(f);
111 (*name)[len] = '\0';
112 /* Only keep the first line, excluding the newline character. */
/sbin/gpt/label.c: 101 in name_from_file()
95 }
96 } else
97 f = stdin;
98
99 if ((*name = malloc(maxlen)) == NULL) {
100 gpt_warn(gpt, "Can't copy string");
>>> CID 1341563: (RESOURCE_LEAK)
>>> Variable "f" going out of scope leaks the storage it points to.
101 return -1;
102 }
103 len = fread(*name, 1, maxlen - 1, f);
104 if (ferror(f)) {
105 free(*name);
106 gpt_warn(gpt, "Can't label from `%s'", fn);
** CID 1341564: (RESOURCE_LEAK)
/sbin/gpt/label.c: 134 in cmd_label()
/sbin/gpt/label.c: 138 in cmd_label()
/sbin/gpt/label.c: 142 in cmd_label()
/sbin/gpt/label.c: 148 in cmd_label()
/sbin/gpt/label.c: 134 in cmd_label()
/sbin/gpt/label.c: 138 in cmd_label()
/sbin/gpt/label.c: 142 in cmd_label()
________________________________________________________________________________________________________
*** CID 1341564: (RESOURCE_LEAK)
/sbin/gpt/label.c: 134 in cmd_label()
128
129 /* Get the label options */
130 while ((ch = getopt(argc, argv, GPT_FIND "f:l:")) != -1) {
131 switch(ch) {
132 case 'f':
133 if (name_from_file(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
134 return usage();
135 break;
136 case 'l':
137 if (gpt_name_get(gpt, &name) == -1)
138 return usage();
139 break;
/sbin/gpt/label.c: 138 in cmd_label()
132 case 'f':
133 if (name_from_file(gpt, &name) == -1)
134 return usage();
135 break;
136 case 'l':
137 if (gpt_name_get(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
138 return usage();
139 break;
140 default:
141 if (gpt_add_find(gpt, &find, ch) == -1)
142 return usage();
143 break;
/sbin/gpt/label.c: 142 in cmd_label()
136 case 'l':
137 if (gpt_name_get(gpt, &name) == -1)
138 return usage();
139 break;
140 default:
141 if (gpt_add_find(gpt, &find, ch) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
142 return usage();
143 break;
144 }
145 }
146
147 if (name == NULL || argc != optind)
148 return usage();
149
150 return gpt_change_ent(gpt, &find, change, name);
/sbin/gpt/label.c: 148 in cmd_label()
142 return usage();
143 break;
144 }
145 }
146
147 if (name == NULL || argc != optind)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
148 return usage();
149
150 return gpt_change_ent(gpt, &find, change, name);
/sbin/gpt/label.c: 134 in cmd_label()
128
129 /* Get the label options */
130 while ((ch = getopt(argc, argv, GPT_FIND "f:l:")) != -1) {
131 switch(ch) {
132 case 'f':
133 if (name_from_file(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
134 return usage();
135 break;
136 case 'l':
137 if (gpt_name_get(gpt, &name) == -1)
138 return usage();
139 break;
/sbin/gpt/label.c: 138 in cmd_label()
132 case 'f':
133 if (name_from_file(gpt, &name) == -1)
134 return usage();
135 break;
136 case 'l':
137 if (gpt_name_get(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
138 return usage();
139 break;
140 default:
141 if (gpt_add_find(gpt, &find, ch) == -1)
142 return usage();
143 break;
/sbin/gpt/label.c: 142 in cmd_label()
136 case 'l':
137 if (gpt_name_get(gpt, &name) == -1)
138 return usage();
139 break;
140 default:
141 if (gpt_add_find(gpt, &find, ch) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
142 return usage();
143 break;
144 }
145 }
146
147 if (name == NULL || argc != optind)
148 return usage();
149
150 return gpt_change_ent(gpt, &find, change, name);
** CID 1341565: Null pointer dereferences (REVERSE_INULL)
/usr.sbin/makemandb/apropos-utils.c: 956 in term_init()
________________________________________________________________________________________________________
*** CID 1341565: Null pointer dereferences (REVERSE_INULL)
/usr.sbin/makemandb/apropos-utils.c: 956 in term_init()
950 sa[0] = term_fix_seq(ti, bold ? bold : smso);
951 sa[1] = term_fix_seq(ti, sgr0 ? sgr0 : rmso);
952 sa[2] = estrdup("...");
953 sa[3] = term_fix_seq(ti, smul);
954 sa[4] = term_fix_seq(ti, rmul);
955
>>> CID 1341565: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "ti" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
956 if (ti)
957 del_curterm(ti);
958 }
959
960 /*
961 * run_query_term --
** CID 1341566: Null pointer dereferences (REVERSE_INULL)
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
________________________________________________________________________________________________________
*** CID 1341566: Null pointer dereferences (REVERSE_INULL)
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
178 vfprintf(pri <= LOG_ERR ? stderr : stdout, fmt, vac);
179 fputc('\n', pri <= LOG_ERR ? stderr : stdout);
180 va_end(vac);
181 }
182
183 /* Don't send to syslog if dumping leases or testing */
>>> CID 1341566: Null pointer dereferences (REVERSE_INULL)
>>> Directly dereferencing pointer "ctx".
184 if (ctx->options & (DHCPCD_DUMPLEASE | DHCPCD_TEST))
185 goto out;
186
187 if (ctx && ctx->log_fd != -1) {
188 if (pri < LOG_DEBUG || (ctx->options & DHCPCD_DEBUG)) {
189 struct timeval tv;
** CID 1341567: Null pointer dereferences (REVERSE_INULL)
/sbin/gpt/resizedisk.c: 109 in resizedisk()
________________________________________________________________________________________________________
*** CID 1341567: Null pointer dereferences (REVERSE_INULL)
/sbin/gpt/resizedisk.c: 109 in resizedisk()
103 return -1;
104 }
105 mbr = mbrmap->map_data;
106
107 gpt->gpt = map_find(gpt, MAP_TYPE_PRI_GPT_HDR);
108 ent = NULL;
>>> CID 1341567: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "gpt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
109 if (gpt == NULL) {
110 gpt_warnx(gpt, "No primary GPT header; run create or recover");
111 return -1;
112 }
113 hdr = gpt->gpt->map_data;
114 oldloc = (off_t)le64toh((uint64_t)hdr->hdr_lba_alt);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index