New Defects reported by Coverity Scan for NetBSD-amd64-kernel

To: coverity-updates%netbsd.org@localhost
Subject: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
From: scan-admin%coverity.com@localhost
Date: Thu, 01 Dec 2016 05:24:44 -0800
Hi,

Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.

9 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 1396598:  Null pointer dereferences  (FORWARD_NULL)
/sys/netinet6/in6_src.c: 673 in in6_selectroute()


________________________________________________________________________________________________________
*** CID 1396598:  Null pointer dereferences  (FORWARD_NULL)
/sys/netinet6/in6_src.c: 673 in in6_selectroute()
667     	 * the interface specified by ipi6_ifindex (if specified).
668     	 * Note that loopback interface is always okay.
669     	 * (this may happen when we are sending a packet to one of
670     	 *  our own addresses.)
671     	 */
672     	if (opts && opts->ip6po_pktinfo && opts->ip6po_pktinfo->ipi6_ifindex) {
>>>     CID 1396598:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "rt".
673     		if (!(rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
674     		    rt->rt_ifp->if_index != opts->ip6po_pktinfo->ipi6_ifindex) {
675     			if (rt != NULL && count_discard)
676     				in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
677     			error = EHOSTUNREACH;
678     			rt = NULL;

** CID 1396600:  Null pointer dereferences  (FORWARD_NULL)
/sys/net/if_spppsubr.c: 4915 in sppp_set_ip_addrs_work()


________________________________________________________________________________________________________
*** CID 1396600:  Null pointer dereferences  (FORWARD_NULL)
/sys/net/if_spppsubr.c: 4915 in sppp_set_ip_addrs_work()
4909     	else if (dest != NULL)
4910     		hisaddr = ntohl(dest->sin_addr.s_addr);
4911     
4912     	if (si != NULL) {
4913     		int error;
4914     		struct sockaddr_in new_sin = *si;
>>>     CID 1396600:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "dest".
4915     		struct sockaddr_in new_dst = *dest;
4916     
4917     		if (myaddr != 0)
4918     			new_sin.sin_addr.s_addr = htonl(myaddr);
4919     		if (hisaddr != 0) {
4920     			new_dst.sin_addr.s_addr = htonl(hisaddr);

** CID 1396620:  Null pointer dereferences  (NULL_RETURNS)
/sys/dev/scsipi/scsiconf.c: 473 in scsidevdetached()


________________________________________________________________________________________________________
*** CID 1396620:  Null pointer dereferences  (NULL_RETURNS)
/sys/dev/scsipi/scsiconf.c: 473 in scsidevdetached()
467     	target = device_locator(child, SCSIBUSCF_TARGET);
468     	lun = device_locator(child, SCSIBUSCF_LUN);
469     
470     	mutex_enter(chan_mtx(chan));
471     
472     	periph = scsipi_lookup_periph_locked(chan, target, lun);
>>>     CID 1396620:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a null pointer "periph".
473     	KASSERT(periph->periph_dev == child);
474     
475     	scsipi_remove_periph(chan, periph);
476     	scsipi_free_periph(periph);
477     
478     	mutex_exit(chan_mtx(chan));

** CID 1396634:  Null pointer dereferences  (REVERSE_INULL)
/sys/netinet6/in6_src.c: 675 in in6_selectroute()


________________________________________________________________________________________________________
*** CID 1396634:  Null pointer dereferences  (REVERSE_INULL)
/sys/netinet6/in6_src.c: 675 in in6_selectroute()
669     	 * (this may happen when we are sending a packet to one of
670     	 *  our own addresses.)
671     	 */
672     	if (opts && opts->ip6po_pktinfo && opts->ip6po_pktinfo->ipi6_ifindex) {
673     		if (!(rt->rt_ifp->if_flags & IFF_LOOPBACK) &&
674     		    rt->rt_ifp->if_index != opts->ip6po_pktinfo->ipi6_ifindex) {
>>>     CID 1396634:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "rt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
675     			if (rt != NULL && count_discard)
676     				in6_ifstat_inc(rt->rt_ifp, ifs6_out_discard);
677     			error = EHOSTUNREACH;
678     			rt = NULL;
679     		}
680     	}

** CID 1396647:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 2320 in vmxnet3_stop_locked()


________________________________________________________________________________________________________
*** CID 1396647:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 2320 in vmxnet3_stop_locked()
2314     vmxnet3_stop_locked(struct vmxnet3_softc *sc)
2315     {
2316     	struct ifnet *ifp;
2317     	int q;
2318     
2319     	ifp = &sc->vmx_ethercom.ec_if;
>>>     CID 1396647:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "mutex_owned" without checking return value (as is done elsewhere 976 out of 982 times).
2320     	VMXNET3_CORE_LOCK_ASSERT(sc);
2321     
2322     	ifp->if_flags &= ~IFF_RUNNING;
2323     	sc->vmx_link_active = 0;
2324     	callout_stop(&sc->vmx_tick);
2325     

** CID 1396648:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 2018 in vmxnet3_rxq_eof()


________________________________________________________________________________________________________
*** CID 1396648:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 2018 in vmxnet3_rxq_eof()
2012     	int idx, length;
2013     
2014     	sc = rxq->vxrxq_sc;
2015     	ifp = &sc->vmx_ethercom.ec_if;
2016     	rxc = &rxq->vxrxq_comp_ring;
2017     
>>>     CID 1396648:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "mutex_owned" without checking return value (as is done elsewhere 976 out of 982 times).
2018     	VMXNET3_RXQ_LOCK_ASSERT(rxq);
2019     
2020     	if ((ifp->if_flags & IFF_RUNNING) == 0)
2021     		return;
2022     
2023     	m_head = rxq->vxrxq_mhead;

** CID 1396649:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 2750 in vmxnet3_start_locked()


________________________________________________________________________________________________________
*** CID 1396649:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 2750 in vmxnet3_start_locked()
2744     
2745     	sc = ifp->if_softc;
2746     	txq = &sc->vmx_txq[0];
2747     	txr = &txq->vxtxq_cmd_ring;
2748     	tx = 0;
2749     
>>>     CID 1396649:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "mutex_owned" without checking return value (as is done elsewhere 976 out of 982 times).
2750     	VMXNET3_TXQ_LOCK_ASSERT(txq);
2751     
2752     	if ((ifp->if_flags & IFF_RUNNING) == 0 ||
2753     	    sc->vmx_link_active == 0)
2754     		return;
2755     

** CID 1396650:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 1793 in vmxnet3_txq_eof()


________________________________________________________________________________________________________
*** CID 1396650:  Error handling issues  (CHECKED_RETURN)
/sys/arch/x86/pci/if_vmx.c: 1793 in vmxnet3_txq_eof()
1787     	u_int sop;
1788     
1789     	sc = txq->vxtxq_sc;
1790     	txr = &txq->vxtxq_cmd_ring;
1791     	txc = &txq->vxtxq_comp_ring;
1792     
>>>     CID 1396650:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "mutex_owned" without checking return value (as is done elsewhere 976 out of 982 times).
1793     	VMXNET3_TXQ_LOCK_ASSERT(txq);
1794     
1795     	for (;;) {
1796     		txcd = &txc->vxcr_u.txcd[txc->vxcr_next];
1797     		if (txcd->gen != txc->vxcr_gen)
1798     			break;

** CID 1396651:  Null pointer dereferences  (NULL_RETURNS)
/sys/arch/x86/pci/if_vmx.c: 2568 in vmxnet3_txq_offload_ctx()


________________________________________________________________________________________________________
*** CID 1396651:  Null pointer dereferences  (NULL_RETURNS)
/sys/arch/x86/pci/if_vmx.c: 2568 in vmxnet3_txq_offload_ctx()
2562     	mp = m_pulldown(m, 0, *csum_start + 2, &offp);
2563     
2564     	if (m->m_pkthdr.csum_flags & (M_CSUM_TSOv4 | M_CSUM_TSOv6)) {
2565     		struct tcphdr *tcp;
2566     
2567     		txq->vxtxq_stats.vmtxs_tso++;
>>>     CID 1396651:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a null pointer "mp".
2568     		tcp = (void *)(mtod(mp, char *) + offp + *start);
2569     
2570     		if (v4) {
2571     			struct ip *ip;
2572     
2573     			ip = (void *)(mtod(mp, char *) + offp + offset);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBj0qtSICo2DZNjmmsVjYof54PahgUQ7xLRwU5wjlAON3Q-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UG-2FMYE3DVyMM9LJtR3-2BT73TlMAsRqDjhgUPPpjR7piWTaHoic5FYVRA-2F7LwjKLUAohpIxiuWzfp8SbJkflp1Gj1-2BY-2FMUf8tlcsSAMu74teXv0Tx-2FurpjQG0oEKDaNVmU72vOfx-2Fv2M5s2nniEUlarzyLyOe-2Bg-2Ff90oSO-2BwuXaeCKf11dMwoab4IRP9MGhNwV0-3D

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UG-2FMYE3DVyMM9LJtR3-2BT73TlMAsRqDjhgUPPpjR7piWdW-2BAiq5GcWPXtN5CEMh9QRqQBAmDhcvIFuyTQPWTSaYvyhkaNm8HXAbeVLD8kcuGZkXZ34ahxTpLG6mfyX5L0lpcmmtZoMU6MRVH-2FwDoDAjmeQmurDVlB8sNkv-2BISz40FLY76DnrTKQKqCJKq4pqjA-3D
Prev by Date: New Defects reported by Coverity Scan for NetBSD-i386-user
Next by Date: New Defects reported by Coverity Scan for NetBSD-amd64-user
Previous by Thread: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Next by Thread: New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Indexes:
Home | Main Index | Thread Index | Old Index