New Defects reported by Coverity Scan for NetBSD-amd64-kernel

To: coverity-updates%netbsd.org@localhost
Subject: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
From: scan-admin%coverity.com@localhost
Date: Mon, 27 Jun 2016 18:57:35 -0700

Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.

6 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1362902:  Null pointer dereferences  (FORWARD_NULL)
/sys/dev/dksubr.c: 686 in dk_ioctl()


________________________________________________________________________________________________________
*** CID 1362902:  Null pointer dereferences  (FORWARD_NULL)
/sys/dev/dksubr.c: 686 in dk_ioctl()
680     		error = bufq_alloc(&new, dks->dks_name,
681     		    BUFQ_EXACT|BUFQ_SORT_RAWBLOCK);
682     		if (error) {
683     			return error;
684     		}
685     		mutex_enter(&dksc->sc_iolock);
>>>     CID 1362902:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "old" = "dksc->sc_bufq".
686     		old = dksc->sc_bufq;
687     		bufq_move(new, old);
688     		dksc->sc_bufq = new;
689     		mutex_exit(&dksc->sc_iolock);
690     		bufq_free(old);
691     	    }

** CID 1362905:  Memory - illegal accesses  (UNINIT)
/sys/netinet6/ip6_output.c: 166 in ip6_output()


________________________________________________________________________________________________________
*** CID 1362905:  Memory - illegal accesses  (UNINIT)
/sys/netinet6/ip6_output.c: 166 in ip6_output()
160         struct ip6_moptions *im6o,
161         struct socket *so,
162         struct ifnet **ifpp		/* XXX: just for statistics */
163     )
164     {
165     	struct ip6_hdr *ip6, *mhip6;
>>>     CID 1362905:  Memory - illegal accesses  (UNINIT)
>>>     Declaring variable "ifp" without initializer.
166     	struct ifnet *ifp, *origifp = NULL;
167     	struct mbuf *m = m0;
168     	int hlen, tlen, len, off;
169     	bool tso;
170     	struct route ip6route;
171     	struct rtentry *rt = NULL;

** CID 1362906:  Code maintainability issues  (UNUSED_VALUE)
/sys/dev/dksubr.c: 665 in dk_ioctl()


________________________________________________________________________________________________________
*** CID 1362906:  Code maintainability issues  (UNUSED_VALUE)
/sys/dev/dksubr.c: 665 in dk_ioctl()
659     
660     		mutex_enter(&dksc->sc_iolock);
661     		if (dksc->sc_bufq != NULL)
662     			strlcpy(dks->dks_name, bufq_getstrategyname(dksc->sc_bufq),
663     			    sizeof(dks->dks_name));
664     		else
>>>     CID 1362906:  Code maintainability issues  (UNUSED_VALUE)
>>>     Assigning value "22" to "error" here, but that stored value is overwritten before it can be used.
665     			error = EINVAL;
666     		mutex_exit(&dksc->sc_iolock);
667     		dks->dks_paramlen = 0;
668     	    }
669     
670     	case DIOCSSTRATEGY:

** CID 1362931:  Insecure data handling  (INTEGER_OVERFLOW)
/sys/kern/core_elf32.c: 439 in coredump_note_auxv()


________________________________________________________________________________________________________
*** CID 1362931:  Insecure data handling  (INTEGER_OVERFLOW)
/sys/kern/core_elf32.c: 439 in coredump_note_auxv()
433     	if (error == 0) {
434     		ELFNAMEEND(coredump_savenote)(ns, ELF_NOTE_NETBSD_CORE_AUXV,
435     		    ELF_NOTE_NETBSD_CORE_NAME, kauxv, len);
436     	}
437     	
438     	kmem_free(kauxv, len);
>>>     CID 1362931:  Insecure data handling  (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "error" used as return value.
439     	return error;
440     }
441     
442     static int
443     ELFNAMEEND(coredump_notes)(struct lwp *l, struct note_state *ns)
444     {

** CID 1362932:  Control flow issues  (MISSING_BREAK)
/sys/dev/dksubr.c: 670 in dk_ioctl()


________________________________________________________________________________________________________
*** CID 1362932:  Control flow issues  (MISSING_BREAK)
/sys/dev/dksubr.c: 670 in dk_ioctl()
664     		else
665     			error = EINVAL;
666     		mutex_exit(&dksc->sc_iolock);
667     		dks->dks_paramlen = 0;
668     	    }
669     
>>>     CID 1362932:  Control flow issues  (MISSING_BREAK)
>>>     The above case falls through to this one.
670     	case DIOCSSTRATEGY:
671     	    {
672     		struct disk_strategy *dks = (void *)data;
673     		struct bufq_state *new;
674     		struct bufq_state *old;
675     

** CID 1362933:  Control flow issues  (MISSING_BREAK)
/sys/dev/dksubr.c: 693 in dk_ioctl()


________________________________________________________________________________________________________
*** CID 1362933:  Control flow issues  (MISSING_BREAK)
/sys/dev/dksubr.c: 693 in dk_ioctl()
687     		bufq_move(new, old);
688     		dksc->sc_bufq = new;
689     		mutex_exit(&dksc->sc_iolock);
690     		bufq_free(old);
691     	    }
692     
>>>     CID 1362933:  Control flow issues  (MISSING_BREAK)
>>>     The above case falls through to this one.
693     	default:
694     		error = ENOTTY;
695     	}
696     
697     	return error;
698     }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-kernel?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782

Prev by Date: New Defects reported by Coverity Scan for NetBSD-i386-user
Next by Date: New Defects reported by Coverity Scan for NetBSD-amd64-user
Previous by Thread: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Next by Thread: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Indexes:

Home | Main Index | Thread Index | Old Index