Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
11 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
14 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1008426: Incorrect expression (NO_EFFECT)
/usr.bin/systat/ifstat.c: 359 in right_align_string()
________________________________________________________________________________________________________
*** CID 1008426: Incorrect expression (NO_EFFECT)
/usr.bin/systat/ifstat.c: 359 in right_align_string()
353 static void
354 right_align_string(struct if_stat *ifp)
355 {
356 int str_len = 0, pad_len = 0;
357 char *newstr = NULL, *ptr = NULL;
358
>>> CID 1008426: Incorrect expression (NO_EFFECT)
>>> Comparing an array to null is not useful: "ifp->if_mib.ifdr_name == NULL".
359 if (ifp == NULL || ifp->if_mib.ifdr_name == NULL)
360 return;
361 else {
362 /* string length + '\0' */
363 str_len = strlen(ifp->if_mib.ifdr_name)+1;
364 pad_len = IF_NAMESIZE-(str_len);
** CID 1364757: Incorrect expression (IDENTICAL_BRANCHES)
/sys/netinet6/in6.c: 488 in in6_control1()
________________________________________________________________________________________________________
*** CID 1364757: Incorrect expression (IDENTICAL_BRANCHES)
/sys/netinet6/in6.c: 488 in in6_control1()
482 }
483
484 switch (cmd) {
485
486 case SIOCGIFADDR_IN6:
487 ifr->ifr_addr = ia->ia_addr;
>>> CID 1364757: Incorrect expression (IDENTICAL_BRANCHES)
>>> The same code is executed when the condition "(error = sa6_recoverscope(&ifr->ifr_ifru.ifru_addr)) != 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
488 if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0)
489 break;
490 break;
491
492 case SIOCGIFDSTADDR_IN6:
493 if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {
** CID 1364759: Memory - illegal accesses (UNINIT)
/sys/net/route.c: 781 in rt_getifa()
________________________________________________________________________________________________________
*** CID 1364759: Memory - illegal accesses (UNINIT)
/sys/net/route.c: 781 in rt_getifa()
775 if (sa != NULL && info->rti_ifp != NULL)
776 ifa = ifaof_ifpforaddr_psref(sa, info->rti_ifp, psref);
777 else if (dst != NULL && gateway != NULL)
778 ifa = ifa_ifwithroute_psref(flags, dst, gateway, psref);
779 else if (sa != NULL)
780 ifa = ifa_ifwithroute_psref(flags, sa, sa, psref);
>>> CID 1364759: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ifa".
781 if (ifa == NULL)
782 return NULL;
783 got:
784 if (ifa->ifa_getifa != NULL) {
785 /* FIXME NOMPSAFE */
786 ifa = (*ifa->ifa_getifa)(ifa, dst);
** CID 1364760: Error handling issues (CHECKED_RETURN)
/sys/dev/vnd.c: 2117 in vnd_modcmd()
________________________________________________________________________________________________________
*** CID 1364760: Error handling issues (CHECKED_RETURN)
/sys/dev/vnd.c: 2117 in vnd_modcmd()
2111 aprint_error("%s: failed to detach %s cfattach, "
2112 "error %d\n", __func__, vnd_cd.cd_name, error);
2113 break;
2114 }
2115 error = config_cfdriver_detach(&vnd_cd);
2116 if (error) {
>>> CID 1364760: Error handling issues (CHECKED_RETURN)
>>> Calling "config_cfattach_attach" without checking return value (as is done elsewhere 24 out of 29 times).
2117 config_cfattach_attach(vnd_cd.cd_name, &vnd_ca);
2118 devsw_attach("vnd", &vnd_bdevsw, &vnd_bmajor,
2119 &vnd_cdevsw, &vnd_cmajor);
2120 aprint_error("%s: failed to detach %s cfdriver, "
2121 "error %d\n", __func__, vnd_cd.cd_name, error);
2122 break;
** CID 1364761: Error handling issues (CHECKED_RETURN)
/sys/dev/cgd.c: 1093 in cgd_modcmd()
________________________________________________________________________________________________________
*** CID 1364761: Error handling issues (CHECKED_RETURN)
/sys/dev/cgd.c: 1093 in cgd_modcmd()
1087 aprint_error("%s: failed to detach %s cfattach, "
1088 "error %d\n", __func__, cgd_cd.cd_name, error);
1089 break;
1090 }
1091 error = config_cfdriver_detach(&cgd_cd);
1092 if (error) {
>>> CID 1364761: Error handling issues (CHECKED_RETURN)
>>> Calling "config_cfattach_attach" without checking return value (as is done elsewhere 24 out of 29 times).
1093 config_cfattach_attach(cgd_cd.cd_name, &cgd_ca);
1094 devsw_attach("cgd", &cgd_bdevsw, &cgd_bmajor,
1095 &cgd_cdevsw, &cgd_cmajor);
1096 aprint_error("%s: failed to detach %s cfdriver, "
1097 "error %d\n", __func__, cgd_cd.cd_name, error);
1098 break;
** CID 1364762: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1364762: Null pointer dereferences (FORWARD_NULL)
/crypto/external/bsd/openssh/dist/ssh.c: 872 in main()
866 exit(255);
867 }
868 break;
869
870 case 'D':
871 if (parse_forward(&fwd, optarg, 1, 0)) {
>>> CID 1364762: Null pointer dereferences (FORWARD_NULL)
>>> Passing "&options" to "add_local_forward", which dereferences null "options.local_forwards".
872 add_local_forward(&options, &fwd);
873 } else {
874 fprintf(stderr,
875 "Bad dynamic forwarding specification "
876 "'%s'\n", optarg);
877 exit(255);
** CID 1364763: Error handling issues (NEGATIVE_RETURNS)
/usr.bin/systat/ifstat.c: 180 in openifstat()
________________________________________________________________________________________________________
*** CID 1364763: Error handling issues (NEGATIVE_RETURNS)
/usr.bin/systat/ifstat.c: 180 in openifstat()
174 mvprintw(p->if_ypos+1, col2-3, "%s", (const char *)"out"); \
175 } while (0)
176
177 WINDOW *
178 openifstat(void)
179 {
>>> CID 1364763: Error handling issues (NEGATIVE_RETURNS)
>>> A negative constant "-1" is passed as an argument to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
180 return (subwin(stdscr, -1, 0, 5, 0));
181 }
182
183 void
184 closeifstat(WINDOW *w)
185 {
** CID 1364764: (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/readconf.c: 1554 in process_config_line_depth()
/crypto/external/bsd/openssh/dist/readconf.c: 1587 in process_config_line_depth()
/crypto/external/bsd/openssh/dist/readconf.c: 1753 in process_config_line_depth()
________________________________________________________________________________________________________
*** CID 1364764: (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/readconf.c: 1554 in process_config_line_depth()
1548 filename, linenum, arg);
1549 if (*arg != '/' && *arg != '~') {
1550 xasprintf(&arg2, "%s/%s",
1551 (flags & SSHCONF_USERCONF) ?
1552 "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
1553 } else
>>> CID 1364764: (RESOURCE_LEAK)
>>> Overwriting "arg2" in "arg2 = ssh_strdup(arg)" leaks the storage that "arg2" points to.
1554 arg2 = xstrdup(arg);
1555 memset(&gl, 0, sizeof(gl));
1556 r = glob(arg2, GLOB_TILDE | GLOB_LIMIT, NULL, &gl);
1557 if (r == GLOB_NOMATCH) {
1558 debug("%.200s line %d: include %s matched no "
1559 "files",filename, linenum, arg2);
/crypto/external/bsd/openssh/dist/readconf.c: 1587 in process_config_line_depth()
1581 if (r != 1)
1582 value = -1;
1583 }
1584 globfree(&gl);
1585 }
1586 if (value != 0)
>>> CID 1364764: (RESOURCE_LEAK)
>>> Variable "arg2" going out of scope leaks the storage it points to.
1587 return value;
1588 break;
1589
1590 case oIPQoS:
1591 arg = strdelim(&s);
1592 if ((value = parse_ipqos(arg)) == -1)
/crypto/external/bsd/openssh/dist/readconf.c: 1753 in process_config_line_depth()
1747
1748 /* Check that there is no garbage at end of line. */
1749 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1750 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
1751 filename, linenum, arg);
1752 }
>>> CID 1364764: (RESOURCE_LEAK)
>>> Variable "arg2" going out of scope leaks the storage it points to.
1753 return 0;
1754 }
1755
1756 /*
1757 * Reads the config file and modifies the options accordingly. Options
1758 * should already be initialized before this call. This never returns if
** CID 1364765: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/utf8.c: 260 in vfmprintf()
________________________________________________________________________________________________________
*** CID 1364765: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/openssh/dist/utf8.c: 260 in vfmprintf()
254 vfmprintf(FILE *stream, const char *fmt, va_list ap)
255 {
256 char *str;
257 int ret;
258
259 if ((ret = vasnmprintf(&str, INT_MAX, NULL, fmt, ap)) < 0)
>>> CID 1364765: Resource leaks (RESOURCE_LEAK)
>>> Variable "str" going out of scope leaks the storage it points to.
260 return -1;
261 if (fputs(str, stream) == EOF)
262 ret = -1;
263 free(str);
264 return ret;
265 }
** CID 1364766: Resource leaks (RESOURCE_LEAK)
/usr.sbin/intrctl/intrctl_io.c: 80 in intrctl_io_alloc()
________________________________________________________________________________________________________
*** CID 1364766: Resource leaks (RESOURCE_LEAK)
/usr.sbin/intrctl/intrctl_io.c: 80 in intrctl_io_alloc()
74 buf = temp;
75 } else {
76 free(buf);
77 return NULL;
78 }
79 }
>>> CID 1364766: Resource leaks (RESOURCE_LEAK)
>>> Variable "buf" going out of scope leaks the storage it points to.
80 return NULL;
81 }
82
83 void
84 intrctl_io_free(void *handle)
85 {
** CID 1364767: (UNINIT)
/external/bsd/dhcpcd/dist/if.c: 539 in if_nametospec()
/external/bsd/dhcpcd/dist/if.c: 539 in if_nametospec()
________________________________________________________________________________________________________
*** CID 1364767: (UNINIT)
/external/bsd/dhcpcd/dist/if.c: 539 in if_nametospec()
533
534 /* Decode bge0:1 as dev = bge, ppa = 0 and lun = 1 */
535 int
536 if_nametospec(const char *ifname, struct if_spec *spec)
537 {
538 char *ep;
>>> CID 1364767: (UNINIT)
>>> Declaring variable "e" without initializer.
539 int e;
540
541 if (ifname == NULL || *ifname == '\0' ||
542 strlcpy(spec->ifname, ifname, sizeof(spec->ifname)) >=
543 sizeof(spec->ifname) ||
544 strlcpy(spec->drvname, ifname, sizeof(spec->drvname)) >=
/external/bsd/dhcpcd/dist/if.c: 539 in if_nametospec()
533
534 /* Decode bge0:1 as dev = bge, ppa = 0 and lun = 1 */
535 int
536 if_nametospec(const char *ifname, struct if_spec *spec)
537 {
538 char *ep;
>>> CID 1364767: (UNINIT)
>>> Declaring variable "e" without initializer.
539 int e;
540
541 if (ifname == NULL || *ifname == '\0' ||
542 strlcpy(spec->ifname, ifname, sizeof(spec->ifname)) >=
543 sizeof(spec->ifname) ||
544 strlcpy(spec->drvname, ifname, sizeof(spec->drvname)) >=
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjWas0CuiLQxeHDPm0bvVkx3qGSbylcqhUWgyuH34f4u8-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05VAIHUODu-2FxMOBqHBfCaG8Uy-2FEsU9As0f-2ByozvS7DBmZwK9ThTgf-2FM4aJgxoACmmQe0VBPpSuGqzGll3sbl0yEw3wd6u0tJnfKqd6-2BkDvq72BWcQcF3MrXpHYuCBWo9T-2B8XmxUTRcvpWhfRmb5cYwAfjP9vIGjzKb8NvujAwbdOaiySMrlt-2BfXUFzncJoou1ck-3D
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05VAIHUODu-2FxMOBqHBfCaG8Uy-2FEsU9As0f-2ByozvS7DBmZ1uD8qgF8fWy4V1PcFzbqxa2SqmJfu1nApyXg1fBp9BFI6c1KXQhogU5nf3nPyGO5bix4P0HUb4qkRI3vT-2Bh1JRjncFPiHzbMkcuaC45ngO2fV-2FSmLEViYNq1NiC05z0s8-2BeznArLhGyDcYL3dV5W-2Bs-3D
Home |
Main Index |
Thread Index |
Old Index