Coverity-updates archive
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index][
Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
5 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 978595: (REVERSE_NEGATIVE)
/sbin/fsck_lfs/segwrite.c: 521 in lfs_update_single()
/sbin/fsck_lfs/segwrite.c: 536 in lfs_update_single()
________________________________________________________________________________________________________
*** CID 978595: (REVERSE_NEGATIVE)
/sbin/fsck_lfs/segwrite.c: 521 in lfs_update_single()
515 /*
516 * Update segment usage information, based on old size
517 * and location.
518 */
519 if (daddr > 0) {
520 u_int32_t oldsn = lfs_dtosn(fs, daddr);
>>> CID 978595: (REVERSE_NEGATIVE)
>>> You might be using variable "lbn" before verifying that it is >= 0.
521 if (lbn >= 0 && lbn < ULFS_NDADDR)
522 osize = ip->i_lfs_fragsize[lbn];
523 else
524 osize = lfs_sb_getbsize(fs);
525 LFS_SEGENTRY(sup, fs, oldsn, bp);
526 sup->su_nbytes -= osize;
/sbin/fsck_lfs/segwrite.c: 536 in lfs_update_single()
530 }
531 /*
532 * Now that this block has a new address, and its old
533 * segment no longer owns it, we can forget about its
534 * old size.
535 */
>>> CID 978595: (REVERSE_NEGATIVE)
>>> You might be using variable "lbn" before verifying that it is >= 0.
536 if (lbn >= 0 && lbn < ULFS_NDADDR)
537 ip->i_lfs_fragsize[lbn] = size;
538 }
539
540 /*
541 * Update the metadata that points to the blocks listed in the FINFO
** CID 1327233: Error handling issues (CHECKED_RETURN)
/sys/rump/librump/rumpkern/rump_syscalls.c: 6420 in rump___sysimpl_clock_nanosleep()
________________________________________________________________________________________________________
*** CID 1327233: Error handling issues (CHECKED_RETURN)
/sys/rump/librump/rumpkern/rump_syscalls.c: 6420 in rump___sysimpl_clock_nanosleep()
6414 memset(&callarg, 0, sizeof(callarg));
6415 SPARG(&callarg, clock_id) = clock_id;
6416 SPARG(&callarg, flags) = flags;
6417 SPARG(&callarg, rqtp) = rqtp;
6418 SPARG(&callarg, rmtp) = rmtp;
6419
>>> CID 1327233: Error handling issues (CHECKED_RETURN)
>>> Calling "rumpclient_syscall" without checking return value (as is done elsewhere 25 out of 27 times).
6420 rsys_syscall(SYS_clock_nanosleep, &callarg, sizeof(callarg), retval);
6421 if (sizeof(int) > sizeof(register_t))
6422 rv = *(int *)retval;
6423 else
6424 rv = *retval;
6425 return rv;
** CID 1327234: Memory - illegal accesses (OVERRUN)
________________________________________________________________________________________________________
*** CID 1327234: Memory - illegal accesses (OVERRUN)
/external/mit/lua/dist/src/lvm.c: 121 in luaV_tointeger()
115 if (ttisinteger(obj)) {
116 UNUSED(mode);
117 #endif
118 *p = ivalue(obj);
119 return 1;
120 }
>>> CID 1327234: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 24 bytes at byte offset 24 by dereferencing pointer "(char const *)((char *)&((union GCUnion *)obj->value_.gc)->ts + 24UL)".
121 else if (cvt2num(obj) &&
122 luaO_str2num(svalue(obj), &v) == vslen(obj) + 1) {
123 obj = &v;
124 goto again; /* convert result from 'luaO_str2num' to an integer */
125 }
126 return 0; /* conversion failed */
** CID 1327235: (RESOURCE_LEAK)
/usr.bin/make/var.c: 4087 in Var_Subst()
/usr.bin/make/var.c: 4096 in Var_Subst()
________________________________________________________________________________________________________
*** CID 1327235: (RESOURCE_LEAK)
/usr.bin/make/var.c: 4087 in Var_Subst()
4081 str += length;
4082
4083 /*
4084 * Copy all the characters from the variable value straight
4085 * into the new string.
4086 */
>>> CID 1327235: (RESOURCE_LEAK)
>>> Overwriting "length" in "length = strlen(val)" leaks the storage that "length" points to.
4087 length = strlen(val);
4088 Buf_AddBytes(&buf, length, val);
4089 trailingBslash = length > 0 && val[length - 1] == '\\';
4090 }
4091 free(freeIt);
4092 freeIt = NULL;
/usr.bin/make/var.c: 4096 in Var_Subst()
4090 }
4091 free(freeIt);
4092 freeIt = NULL;
4093 }
4094 }
4095
>>> CID 1327235: (RESOURCE_LEAK)
>>> Variable "length" going out of scope leaks the storage it points to.
4096 return Buf_DestroyCompact(&buf);
4097 }
4098
4099 /*-
4100 *-----------------------------------------------------------------------
4101 * Var_GetTail --
** CID 1327236: (RESOURCE_LEAK)
/usr.bin/make/cond.c: 846 in get_mpt_arg()
/usr.bin/make/cond.c: 835 in get_mpt_arg()
________________________________________________________________________________________________________
*** CID 1327236: (RESOURCE_LEAK)
/usr.bin/make/cond.c: 846 in get_mpt_arg()
840 val++;
841
842 /*
843 * For consistency with the other functions we can't generate the
844 * true/false here.
845 */
>>> CID 1327236: (RESOURCE_LEAK)
>>> Overwriting "length" in "length = (*val ? 2 : 1)" leaks the storage that "length" points to.
846 length = *val ? 2 : 1;
847 if (freeIt)
848 free(freeIt);
849 return length;
850 }
851
/usr.bin/make/cond.c: 835 in get_mpt_arg()
829 * we subtract one because 'length' is calculated from 'cp - 1'.
830 */
831 *linePtr = cp - 1 + length;
832
833 if (val == var_Error) {
834 free(freeIt);
>>> CID 1327236: (RESOURCE_LEAK)
>>> Variable "length" going out of scope leaks the storage it points to.
835 return -1;
836 }
837
838 /* A variable is empty when it just contains spaces... 4/15/92, christos */
839 while (isspace(*(unsigned char *)val))
840 val++;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index