Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user

Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
127 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
149 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 127 defect(s)
** CID 270354: Resource leak (RESOURCE_LEAK)
/external/gpl3/binutils/dist/binutils/nm.c: 1187 in display_archive()
** CID 274047: Dereference null return value (NULL_RETURNS)
/external/bsd/am-utils/dist/libamu/wire.c: 326 in is_network_member()
** CID 460444: Dereference null return value (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/dbe/dbe.c: 1653 in DbeExtensionInit()
** CID 975012: Unchecked return value (CHECKED_RETURN)
/external/bsd/wpa/dist/src/crypto/tls_openssl.c: 669 in tls_engine_load_dynamic_generic()
** CID 975115: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 258 in svc_com_create()
** CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
/lib/libc/rpc/svc_vc.c: 515 in read_vc()
/lib/libc/rpc/svc_vc.c: 519 in read_vc()
** CID 976453: Missing break in switch (MISSING_BREAK)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 1219 in wpa_driver_bsd_event_receive()
** CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
/external/bsd/dhcpcd/dist/dhcp.c: 1647 in send_message()
** CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
/lib/libc/rpc/svc_vc.c: 287 in makefd_xprt()
** CID 978280: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/check_bound.c: 108 in check_bound()
** CID 978282: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 270 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 281 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 306 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 316 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 332 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 506 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 503 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 253 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 264 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 484 in init_transport()
** CID 978502: Dereference before null check (REVERSE_INULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_ioctl.c: 3091 in zfs_ioc_rollback()
** CID 979065: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
** CID 979066: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
/sys/kern/vfs_wapbl.c: 2526 in wapbl_replay_start()
** CID 987315: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 474 in viaOverlayGetSrcStartAddress()
** CID 987434: Unsigned compared against 0 (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 1762 in SetVideoWindow()
** CID 987784: Resource leak (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
** CID 988186: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/MesaGLUT/dist/src/glut/glx/glut_cursor.c: 93 in makeBlankCursor()
** CID 988193: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/beforelight/dist/b4light.c: 294 in main()
** CID 988252: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_exa.c: 569 in viaAccelDMADownload()
________________________________________________________________________________________________________
*** CID 270354: Resource leak (RESOURCE_LEAK)
/external/gpl3/binutils/dist/binutils/nm.c: 1187 in display_archive()
1181 if (last_arfile != NULL)
1182 {
1183 bfd_close (last_arfile);
1184 lineno_cache_bfd = NULL;
1185 lineno_cache_rel_bfd = NULL;
1186 }
>>> CID 270354: Resource leak (RESOURCE_LEAK)
>>> Variable "matching" going out of scope leaks the storage it points to.
1187 }
1188 
1189 static bfd_boolean
1190 display_file (char *filename)
1191 {
1192 bfd_boolean retval = TRUE;
________________________________________________________________________________________________________
*** CID 274047: Dereference null return value (NULL_RETURNS)
/external/bsd/am-utils/dist/libamu/wire.c: 326 in is_network_member()
320 if (STREQ(net, al->ip_net_name) || STREQ(net, al->ip_net_num))
321 	return TRUE;
322 } else {
323 char *netstr = strdup(net), *maskstr;
324 u_long netnum, masknum = 0;
325 maskstr = strchr(netstr, '/');
>>> CID 274047: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "maskstr".
326 maskstr[0] = '0円';		/* null terminate netstr */
327 maskstr++;
328 if (*maskstr == '0円')	/* if empty string, make it NULL */
329 maskstr = NULL;
330 /* check if netmask uses a dotted-quad or bit-length, or not defined at all */
331 if (maskstr) {
________________________________________________________________________________________________________
*** CID 460444: Dereference null return value (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/dbe/dbe.c: 1653 in DbeExtensionInit()
1647 
1648 /* Now add the extension. */
1649 extEntry = AddExtension(DBE_PROTOCOL_NAME, DbeNumberEvents, 
1650 DbeNumberErrors, ProcDbeDispatch, SProcDbeDispatch,
1651 DbeResetProc, StandardMinorOpcode);
1652 
>>> CID 460444: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "extEntry".
1653 dbeErrorBase = extEntry->errorBase;
1654 SetResourceTypeErrorValue(dbeWindowPrivResType, dbeErrorBase + DbeBadBuffer);
1655 SetResourceTypeErrorValue(dbeDrawableResType, dbeErrorBase + DbeBadBuffer);
1656 
________________________________________________________________________________________________________
*** CID 975012: Unchecked return value (CHECKED_RETURN)
/external/bsd/wpa/dist/src/crypto/tls_openssl.c: 669 in tls_engine_load_dynamic_generic()
663 	while (post && post[0]) {
664 		wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
665 		if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
666 			wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
667 				" %s %s [%s]", post[0], post[1],
668 				 ERR_error_string(ERR_get_error(), NULL));
>>> CID 975012: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "ENGINE_remove(engine)".
669 			ENGINE_remove(engine);
670 			ENGINE_free(engine);
671 			return -1;
672 		}
673 		post += 2;
674 	}
________________________________________________________________________________________________________
*** CID 975115: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 258 in svc_com_create()
252 		madefd = TRUE;
253 	}
254 
255 	memset(&sccsin, 0, sizeof sccsin);
256 	sccsin.sin_family = AF_INET;
257 	(void)bindresvport(fd, &sccsin);
>>> CID 975115: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "listen(fd, 128)".
258 	listen(fd, SOMAXCONN);
259 	svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize);
260 	(void) freenetconfigent(nconf);
261 	if (svc == NULL) {
262 		if (madefd)
263 			(void) close(fd);
________________________________________________________________________________________________________
*** CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
/lib/libc/rpc/svc_vc.c: 515 in read_vc()
509 		if (cmp->cmsg_level != SOL_SOCKET ||
510 		 cmp->cmsg_type != SCM_CREDS)
511 			goto fatal_err;
512 
513 		sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
514 
>>> CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "24U + 4U * (sc->sc_ngroups ? sc->sc_ngroups - 1 : 0)" used as critical argument to function.
515 		xprt->xp_p2 = mem_alloc(SOCKCREDSIZE(sc->sc_ngroups));
516 		if (xprt->xp_p2 == NULL)
517 			goto fatal_err;
518 
519 		memcpy(xprt->xp_p2, sc, SOCKCREDSIZE(sc->sc_ngroups));
520 		free(crmsg);
/lib/libc/rpc/svc_vc.c: 519 in read_vc()
513 		sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
514 
515 		xprt->xp_p2 = mem_alloc(SOCKCREDSIZE(sc->sc_ngroups));
516 		if (xprt->xp_p2 == NULL)
517 			goto fatal_err;
518 
>>> CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "24U + 4U * (sc->sc_ngroups ? sc->sc_ngroups - 1 : 0)" used as critical argument to function.
519 		memcpy(xprt->xp_p2, sc, SOCKCREDSIZE(sc->sc_ngroups));
520 		free(crmsg);
521 		crmsg = NULL;
522 	}
523 
524 	cfp = (struct cf_conn *)xprt->xp_p1;
________________________________________________________________________________________________________
*** CID 976453: Missing break in switch (MISSING_BREAK)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 1219 in wpa_driver_bsd_event_receive()
1213 			break;
1214 		os_strlcpy(event.interface_status.ifname, drv->ifname,
1215 			 sizeof(event.interface_status.ifname));
1216 		switch (ifan->ifan_what) {
1217 		case IFAN_DEPARTURE:
1218 			event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
>>> CID 976453: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
1219 		default:
1220 #if 1
1221 			event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1222 			break;
1223 #else
1224 			return;
________________________________________________________________________________________________________
*** CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
/external/bsd/dhcpcd/dist/dhcp.c: 1647 in send_message()
1641 		struct sockaddr_in sin;
1642 
1643 		memset(&sin, 0, sizeof(sin));
1644 		sin.sin_family = AF_INET;
1645 		sin.sin_addr.s_addr = to.s_addr;
1646 		sin.sin_port = htons(DHCP_SERVER_PORT);
>>> CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "s" is passed to a parameter that cannot be negative.
1647 		r = sendto(s, (uint8_t *)dhcp, len, 0,
1648 		 (struct sockaddr *)&sin, sizeof(sin));
1649 		if (r == -1)
1650 			syslog(LOG_ERR, "%s: dhcp_sendpacket: %m", iface->name);
1651 	} else {
1652 		size_t ulen;
________________________________________________________________________________________________________
*** CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
/lib/libc/rpc/svc_vc.c: 287 in makefd_xprt()
281 	xdrrec_create(&(cd->xdrs), sendsize, recvsize,
282 	 (caddr_t)(void *)xprt, read_vc, write_vc);
283 	xprt->xp_p1 = (caddr_t)(void *)cd;
284 	xprt->xp_verf.oa_base = cd->verf_body;
285 	svc_vc_ops(xprt); /* truely deals with calls */
286 	xprt->xp_port = 0; /* this is a connection, not a rendezvouser */
>>> CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "xprt->xp_fd" = "fd".
287 	xprt->xp_fd = fd;
288 	if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si, &netid))
289 		if ((xprt->xp_netid = strdup(netid)) == NULL)
290 			goto outofmem;
291 
292 	if (!xprt_register(xprt))
________________________________________________________________________________________________________
*** CID 978280: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/check_bound.c: 108 in check_bound()
102 
103 	ans = bind(fd, (struct sockaddr *)na->buf, na->len);
104 
105 	rump_sys_close(fd);
106 	free(na);
107 
>>> CID 978280: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
108 	return (ans == 0 ? FALSE : TRUE);
109 }
110 
111 int
112 add_bndlist(struct netconfig *nconf, struct netbuf *baddr)
113 {
________________________________________________________________________________________________________
*** CID 978282: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 270 in init_transport()
264 		warn("Cannot create socket for `%s'", nconf->nc_netid);
265 		return 1;
266 	}
267 
268 	if (!__rpc_nconf2sockinfo(nconf, &si)) {
269 		warnx("Cannot get information for `%s'", nconf->nc_netid);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
270 		return 1;
271 	}
272 
273 	if (si.si_af == AF_INET6) {
274 		/*
275 		 * We're doing host-based access checks here, so don't allow
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 281 in init_transport()
275 		 * We're doing host-based access checks here, so don't allow
276 		 * v4-in-v6 to confuse things.
277 		 */
278 		if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
279 		 sizeof one) < 0) {
280 			warn("Can't make socket ipv6 only");
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
281 			return 1;
282 		}
283 	}
284 
285 
286 	if (!strcmp(nconf->nc_netid, "local")) {
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 306 in init_transport()
300 		hints.ai_family = si.si_af;
301 		hints.ai_socktype = si.si_socktype;
302 		hints.ai_protocol = si.si_proto;
303 		if ((aicode = getaddrinfo(NULL, servname, &hints, &res)) != 0) {
304 			warnx("Cannot get local address for `%s' (%s)",
305 			 nconf->nc_netid, gai_strerror(aicode));
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
306 			return 1;
307 		}
308 		addrlen = res->ai_addrlen;
309 		sa = (struct sockaddr *)res->ai_addr;
310 	}
311 
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 316 in init_transport()
310 	}
311 
312 	if (bind(fd, sa, addrlen) < 0) {
313 		warn("Cannot bind `%s'", nconf->nc_netid);
314 		if (res != NULL)
315 			freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
316 		return 1;
317 	}
318 #if 0
319 	if (sa->sa_family == AF_LOCAL)
320 		if (rump_sys_chmod(sun.sun_path, S_IRWXU|S_IRWXG|S_IRWXO) == -1)
321 			warn("Cannot chmod `%s'", sun.sun_path);
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 332 in init_transport()
326 	taddr.addr.buf = malloc(addrlen);
327 	if (taddr.addr.buf == NULL) {
328 		warn("Cannot allocate memory for `%s' address",
329 		 nconf->nc_netid);
330 		if (res != NULL)
331 			freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
332 		return 1;
333 	}
334 	(void)memcpy(taddr.addr.buf, sa, addrlen);
335 #ifdef RPCBIND_DEBUG
336 	if (debugging) {
337 		/* for debugging print out our universal address */
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 506 in init_transport()
500 		}
501 #endif
502 	}
503 	return (0);
504 error:
505 	(void)rump_sys_close(fd);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
506 	return (1);
507 }
508 
509 static void
510 rbllist_add(rpcprog_t prog, rpcvers_t vers, struct netconfig *nconf,
511 	 struct netbuf *addr)
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 503 in init_transport()
497 				fprintf(stderr, "rmtcall fd for %s is %d\n",
498 					nconf->nc_netid, status);
499 			}
500 		}
501 #endif
502 	}
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
503 	return (0);
504 error:
505 	(void)rump_sys_close(fd);
506 	return (1);
507 }
508 
/usr.sbin/rpcbind/rpcbind.c: 253 in init_transport()
247 		warn("Cannot create socket for `%s'", nconf->nc_netid);
248 		return 1;
249 	}
250 
251 	if (!__rpc_nconf2sockinfo(nconf, &si)) {
252 		warnx("Cannot get information for `%s'", nconf->nc_netid);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
253 		return 1;
254 	}
255 
256 	if (si.si_af == AF_INET6) {
257 		/*
258 		 * We're doing host-based access checks here, so don't allow
/usr.sbin/rpcbind/rpcbind.c: 264 in init_transport()
258 		 * We're doing host-based access checks here, so don't allow
259 		 * v4-in-v6 to confuse things.
260 		 */
261 		if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
262 		 sizeof one) < 0) {
263 			warn("Can't make socket ipv6 only");
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
264 			return 1;
265 		}
266 	}
267 
268 
269 	if (!strcmp(nconf->nc_netid, "local")) {
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
283 		hints.ai_family = si.si_af;
284 		hints.ai_socktype = si.si_socktype;
285 		hints.ai_protocol = si.si_proto;
286 		if ((aicode = getaddrinfo(NULL, servname, &hints, &res)) != 0) {
287 			warnx("Cannot get local address for `%s' (%s)",
288 			 nconf->nc_netid, gai_strerror(aicode));
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
289 			return 1;
290 		}
291 		addrlen = res->ai_addrlen;
292 		sa = (struct sockaddr *)res->ai_addr;
293 	}
294 
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
283 		hints.ai_family = si.si_af;
284 		hints.ai_socktype = si.si_socktype;
285 		hints.ai_protocol = si.si_proto;
286 		if ((aicode = getaddrinfo(NULL, servname, &hints, &res)) != 0) {
287 			warnx("Cannot get local address for `%s' (%s)",
288 			 nconf->nc_netid, gai_strerror(aicode));
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
289 			return 1;
290 		}
291 		addrlen = res->ai_addrlen;
292 		sa = (struct sockaddr *)res->ai_addr;
293 	}
294 
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
293 	}
294 
295 	if (bind(fd, sa, addrlen) < 0) {
296 		warn("Cannot bind `%s'", nconf->nc_netid);
297 		if (res != NULL)
298 			freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
299 		return 1;
300 	}
301 	if (sa->sa_family == AF_LOCAL)
302 		if (chmod(sun.sun_path, S_IRWXU|S_IRWXG|S_IRWXO) == -1)
303 			warn("Cannot chmod `%s'", sun.sun_path);
304 
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
293 	}
294 
295 	if (bind(fd, sa, addrlen) < 0) {
296 		warn("Cannot bind `%s'", nconf->nc_netid);
297 		if (res != NULL)
298 			freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
299 		return 1;
300 	}
301 	if (sa->sa_family == AF_LOCAL)
302 		if (chmod(sun.sun_path, S_IRWXU|S_IRWXG|S_IRWXO) == -1)
303 			warn("Cannot chmod `%s'", sun.sun_path);
304 
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
307 	taddr.addr.buf = malloc(addrlen);
308 	if (taddr.addr.buf == NULL) {
309 		warn("Cannot allocate memory for `%s' address",
310 		 nconf->nc_netid);
311 		if (res != NULL)
312 			freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
313 		return 1;
314 	}
315 	(void)memcpy(taddr.addr.buf, sa, addrlen);
316 #ifdef RPCBIND_DEBUG
317 	if (debugging) {
318 		/* for debugging print out our universal address */
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
307 	taddr.addr.buf = malloc(addrlen);
308 	if (taddr.addr.buf == NULL) {
309 		warn("Cannot allocate memory for `%s' address",
310 		 nconf->nc_netid);
311 		if (res != NULL)
312 			freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
313 		return 1;
314 	}
315 	(void)memcpy(taddr.addr.buf, sa, addrlen);
316 #ifdef RPCBIND_DEBUG
317 	if (debugging) {
318 		/* for debugging print out our universal address */
/usr.sbin/rpcbind/rpcbind.c: 484 in init_transport()
478 				fprintf(stderr, "rmtcall fd for %s is %d\n",
479 					nconf->nc_netid, status);
480 			}
481 		}
482 #endif
483 	}
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
484 	return (0);
485 error:
486 	(void)close(fd);
487 	return (1);
488 }
489 
________________________________________________________________________________________________________
*** CID 978502: Dereference before null check (REVERSE_INULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_ioctl.c: 3091 in zfs_ioc_rollback()
3085 	 * Destroy clone (which also closes it).
3086 	 */
3087 	(void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3088 
3089 out:
3090 	strfree(clone_name);
>>> CID 978502: Dereference before null check (REVERSE_INULL)
>>> Null-checking "ds" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3091 	if (ds)
3092 		dsl_dataset_rele(ds, FTAG);
3093 	return (error);
3094 }
3095 
3096 /*
________________________________________________________________________________________________________
*** CID 979065: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 	while (off != head) {
2695 		struct wapbl_wc_null *wcn;
2696 		off_t saveoff = off;
2697 		error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 		if (error)
2699 			goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 		wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 		switch (wcn->wc_type) {
2702 		case WAPBL_WC_BLOCKS:
2703 			wapbl_replay_process_blocks(wr, &off);
2704 			break;
2705 
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 	while (off != head) {
2695 		struct wapbl_wc_null *wcn;
2696 		off_t saveoff = off;
2697 		error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 		if (error)
2699 			goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 		wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 		switch (wcn->wc_type) {
2702 		case WAPBL_WC_BLOCKS:
2703 			wapbl_replay_process_blocks(wr, &off);
2704 			break;
2705 
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 	while (off != head) {
2695 		struct wapbl_wc_null *wcn;
2696 		off_t saveoff = off;
2697 		error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 		if (error)
2699 			goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 		wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 		switch (wcn->wc_type) {
2702 		case WAPBL_WC_BLOCKS:
2703 			wapbl_replay_process_blocks(wr, &off);
2704 			break;
2705 
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 	while (off != head) {
2695 		struct wapbl_wc_null *wcn;
2696 		off_t saveoff = off;
2697 		error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 		if (error)
2699 			goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 		wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 		switch (wcn->wc_type) {
2702 		case WAPBL_WC_BLOCKS:
2703 			wapbl_replay_process_blocks(wr, &off);
2704 			break;
2705 
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 	while (off != head) {
2695 		struct wapbl_wc_null *wcn;
2696 		off_t saveoff = off;
2697 		error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 		if (error)
2699 			goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 		wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 		switch (wcn->wc_type) {
2702 		case WAPBL_WC_BLOCKS:
2703 			wapbl_replay_process_blocks(wr, &off);
2704 			break;
2705 
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 	while (off != head) {
2695 		struct wapbl_wc_null *wcn;
2696 		off_t saveoff = off;
2697 		error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 		if (error)
2699 			goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 		wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 		switch (wcn->wc_type) {
2702 		case WAPBL_WC_BLOCKS:
2703 			wapbl_replay_process_blocks(wr, &off);
2704 			break;
2705 
________________________________________________________________________________________________________
*** CID 979066: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
2528 	wr = wapbl_calloc(1, sizeof(*wr));
2529 
2530 	wr->wr_logvp = vp;
2531 	wr->wr_devvp = devvp;
2532 	wr->wr_logpbn = logpbn;
2533 
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wr->wr_scratch" = "scratch". Both are now tainted.
2534 	wr->wr_scratch = scratch;
2535 
2536 	wr->wr_log_dev_bshift = wch->wc_log_dev_bshift;
2537 	wr->wr_fs_dev_bshift = wch->wc_fs_dev_bshift;
2538 	wr->wr_circ_off = wch->wc_circ_off;
2539 	wr->wr_circ_size = wch->wc_circ_size;
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
2528 	wr = wapbl_calloc(1, sizeof(*wr));
2529 
2530 	wr->wr_logvp = vp;
2531 	wr->wr_devvp = devvp;
2532 	wr->wr_logpbn = logpbn;
2533 
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wr->wr_scratch" = "scratch". Both are now tainted.
2534 	wr->wr_scratch = scratch;
2535 
2536 	wr->wr_log_dev_bshift = wch->wc_log_dev_bshift;
2537 	wr->wr_fs_dev_bshift = wch->wc_fs_dev_bshift;
2538 	wr->wr_circ_off = wch->wc_circ_off;
2539 	wr->wr_circ_size = wch->wc_circ_size;
/sys/kern/vfs_wapbl.c: 2526 in wapbl_replay_start()
2520 		printf("Unrecognized wapbl magic: 0x%08x\n", wch->wc_type);
2521 		error = EFTYPE;
2522 		goto errout;
2523 	}
2524 
2525 	if (wch2->wc_generation > wch->wc_generation)
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wch" = "wch2". Both are now tainted.
2526 		wch = wch2;
2527 
2528 	wr = wapbl_calloc(1, sizeof(*wr));
2529 
2530 	wr->wr_logvp = vp;
2531 	wr->wr_devvp = devvp;
________________________________________________________________________________________________________
*** CID 987315: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 474 in viaOverlayGetSrcStartAddress()
468 int n = 1;
469 
470 if ((pUpdate->SrcLeft != 0) || (pUpdate->SrcTop != 0)) {
471 switch (pVia->swov.SrcFourCC) {
472 case FOURCC_RV32:
473 n = 2;
>>> CID 987315: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
474 case FOURCC_YUY2:
475 case FOURCC_UYVY:
476 case FOURCC_RV15:
477 case FOURCC_RV16:
478 
479 if (videoFlag & VIDEO_HQV_INUSE) {
________________________________________________________________________________________________________
*** CID 987434: Unsigned compared against 0 (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 1762 in SetVideoWindow()
1756 / pScrn->currentMode->VDisplay);
1757 bottom = (pUpdate->DstBottom * pBIOSInfo->Panel->NativeMode->Height
1758 / pScrn->currentMode->VDisplay);
1759 }
1760 }*/
1761 
>>> CID 987434: Unsigned compared against 0 (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "top < 0U".
1762 if (top < 0)
1763 top = 0;
1764 else if (top > 2047)
1765 top = 2047;
1766 
1767 if (bottom < 0)
________________________________________________________________________________________________________
*** CID 987784: Resource leak (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
668 viaSetColorSpace(pVia, 0, 0, 0, 0, TRUE);
669 pVia->swov.panning_x = 0;
670 pVia->swov.panning_y = 0;
671 pVia->swov.oldPanningX = 0;
672 pVia->swov.oldPanningY = 0;
673 }
>>> CID 987784: Resource leak (RESOURCE_LEAK)
>>> Variable "adaptors" going out of scope leaks the storage it points to.
674 }
675 
676 static unsigned
677 viaSetupAdaptors(ScreenPtr pScreen, XF86VideoAdaptorPtr ** adaptors)
678 {
679 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
668 viaSetColorSpace(pVia, 0, 0, 0, 0, TRUE);
669 pVia->swov.panning_x = 0;
670 pVia->swov.panning_y = 0;
671 pVia->swov.oldPanningX = 0;
672 pVia->swov.oldPanningY = 0;
673 }
>>> CID 987784: Resource leak (RESOURCE_LEAK)
>>> Variable "adaptors" going out of scope leaks the storage it points to.
674 }
675 
676 static unsigned
677 viaSetupAdaptors(ScreenPtr pScreen, XF86VideoAdaptorPtr ** adaptors)
678 {
679 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
________________________________________________________________________________________________________
*** CID 988186: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/MesaGLUT/dist/src/glut/glx/glut_cursor.c: 93 in makeBlankCursor()
87 makeBlankCursor(void)
88 {
89 static char data[1] =
90 {0};
91 Cursor cursor;
92 Pixmap blank;
>>> CID 988186: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "dummy" without initializer.
93 XColor dummy;
94 
95 blank = XCreateBitmapFromData(__glutDisplay, __glutRoot,
96 data, 1, 1);
97 if (blank == None)
98 __glutFatalError("out of memory.");
________________________________________________________________________________________________________
*** CID 988193: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/beforelight/dist/b4light.c: 294 in main()
288 XEvent event;
289 XScreenSaverNotifyEvent *sevent;
290 XSetWindowAttributes attr;
291 XScreenSaverInfo	 *info;
292 unsigned long	 mask;
293 Pixmap		 blank_pix;
>>> CID 988193: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "dummyColor" without initializer.
294 XColor		 dummyColor;
295 XID			 kill_id;
296 Atom		 kill_type;
297 int			 i;
298 int			 (*oldHandler)(Display*, XErrorEvent*);
299 Window 		 r;
________________________________________________________________________________________________________
*** CID 988252: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_exa.c: 569 in viaAccelDMADownload()
563 
564 if (err)
565 return err;
566 
567 doSync[curBuf] = FALSE;
568 if (useBounceBuffer) {
>>> CID 988252: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "numLines[curBuf]".
569 for (i = 0; i < numLines[curBuf]; ++i) {
570 memcpy(dst, curBlit->mem_addr, w);
571 dst += dstPitch;
572 curBlit->mem_addr += pitch;
573 }
574 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1449?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /