Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user

Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
12 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1328437: Memory - corruptions (ARRAY_VS_SINGLETON)
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
________________________________________________________________________________________________________
*** CID 1328437: Memory - corruptions (ARRAY_VS_SINGLETON)
/sbin/newfs_lfs/make_lfs.c: 859 in make_lfs()
853 	if (is64) {
854 		ip64 = &ipall->u_64;
855 		for (i = LFS_IFILE_INUM; i <= HIGHEST_USED_INO; i++) {
856 			ip64->if_version = 1;
857 			ip64->if_daddr = 0x0;
858 			ip64->if_nextfree = 0;
>>> CID 1328437: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "ip64" as an array. This might corrupt or misinterpret adjacent memory locations.
859 			++ip64;
860 		}
861 	} else if (version > 1) {
862 		ip32 = &ipall->u_32;
863 		for (i = LFS_IFILE_INUM; i <= HIGHEST_USED_INO; i++) {
864 			ip32->if_version = 1;
** CID 1328438: Integer handling issues (BAD_SHIFT)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 220 in nouveau_client_new()
________________________________________________________________________________________________________
*** CID 1328438: Integer handling issues (BAD_SHIFT)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 220 in nouveau_client_new()
214 	nvdev->client[i] = 0;
215 	nvdev->nr_client++;
216 
217 out:
218 	pcli = calloc(1, sizeof(*pcli));
219 	if (pcli) {
>>> CID 1328438: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << id", shifting by a negative amount has undefined behavior. The shift amount, "id", is no more than -1.
220 		nvdev->client[i] |= (1 << id);
221 		pcli->base.device = dev;
222 		pcli->base.id = (i * 32) + id;
223 		ret = 0;
224 	}
225 
** CID 1328439: (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 365 in nouveau_bo_del()
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 369 in nouveau_bo_del()
________________________________________________________________________________________________________
*** CID 1328439: (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 365 in nouveau_bo_del()
359 			 * gem handles are not refcounted. If a shared bo is
360 			 * closed and re-opened in another thread a race
361 			 * against DRM_IOCTL_GEM_OPEN or drmPrimeFDToHandle
362 			 * might cause the bo to be closed accidentally while
363 			 * re-importing.
364 			 */
>>> CID 1328439: (CHECKED_RETURN)
>>> Calling "drmIoctl" without checking return value (as is done elsewhere 201 out of 219 times).
365 			drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
366 		}
367 		pthread_mutex_unlock(&nvdev->lock);
368 	} else {
369 		drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
370 	}
/home/phil/cov/xsrc/external/mit/libdrm/dist/nouveau/nouveau.c: 369 in nouveau_bo_del()
363 			 * re-importing.
364 			 */
365 			drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
366 		}
367 		pthread_mutex_unlock(&nvdev->lock);
368 	} else {
>>> CID 1328439: (CHECKED_RETURN)
>>> Calling "drmIoctl" without checking return value (as is done elsewhere 201 out of 219 times).
369 		drmIoctl(bo->device->fd, DRM_IOCTL_GEM_CLOSE, &req);
370 	}
371 	if (bo->map)
372 		drm_munmap(bo->map, bo->size);
373 	free(nvbo);
374 }
** CID 1328440: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 900 in drmmode_output_dpms()
________________________________________________________________________________________________________
*** CID 1328440: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 900 in drmmode_output_dpms()
894 	drmModePropertyPtr props;
895 	drmmode_ptr drmmode = drmmode_output->drmmode;
896 	int mode_id = -1, i;
897 
898 	for (i = 0; i < koutput->count_props; i++) {
899 		props = drmModeGetProperty(drmmode->fd, koutput->props[i]);
>>> CID 1328440: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> The expression "props->flags && 1 /* 1 << 3 */" is suspicious because it performs a Boolean operation on a constant other than 0 or 1.
900 		if (props && (props->flags && DRM_MODE_PROP_ENUM)) {
901 			if (!strcmp(props->name, "DPMS")) {
902 				mode_id = koutput->props[i];
903 				drmModeFreeProperty(props);
904 				break;
905 			}
** CID 1328441: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_accel_common.c: 49 in nouveau_allocate_surface()
________________________________________________________________________________________________________
*** CID 1328441: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_accel_common.c: 49 in nouveau_allocate_surface()
43 #ifdef NOUVEAU_PIXMAP_SHARING
44 	shared = ((usage_hint & 0xffff) == CREATE_PIXMAP_USAGE_SHARED);
45 #endif
46 
47 	flags = NOUVEAU_BO_MAP;
48 	if (bpp >= 8)
>>> CID 1328441: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "2" inside this statement: "flags |= (shared ? 2 : 1);".
49 		flags |= shared ? NOUVEAU_BO_GART : NOUVEAU_BO_VRAM;
50 
51 	if (pNv->Architecture >= NV_TESLA) {
52 		if (scanout) {
53 			if (pNv->tiled_scanout) {
54 				tiled = TRUE;
** CID 1328442: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_xv.c: 1312 in NVPutImage()
________________________________________________________________________________________________________
*** CID 1328442: Possible Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_xv.c: 1312 in NVPutImage()
1306 				buf += srcPitch - (npixels << 1);
1307 			}
1308 		}
1309 	}
1310 
1311 	if (skip)
>>> CID 1328442: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 0;".
1312 		return Success;
1313 
1314 	if (pPriv->currentHostBuffer != NO_PRIV_HOST_BUFFER_AVAILABLE)
1315 		pPriv->currentHostBuffer ^= 1;
1316 
1317 	/* If we're not using the hw overlay, we're rendering into a pixmap
** CID 1328443: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_driver.c: 325 in NVOpenNouveauDevice()
________________________________________________________________________________________________________
*** CID 1328443: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nv_driver.c: 325 in NVOpenNouveauDevice()
319 #if defined(ODEV_ATTRIB_FD)
320 	if (platform_dev)
321 		fd = xf86_get_platform_device_int_attrib(platform_dev,
322 							 ODEV_ATTRIB_FD, -1);
323 #endif
324 	if (fd != -1)
>>> CID 1328443: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "ret = nouveau_device_wrap(f...".
325 		ret = nouveau_device_wrap(fd, 0, &dev);
326 	else
327 		ret = nouveau_device_open(busid, &dev);
328 	if (ret)
329 		xf86DrvMsg(scrnIndex, X_ERROR,
330 			 "[drm] Failed to open DRM device for %s: %d\n",
** CID 1328444: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_dri2.c: 511 in dri2_page_flip()
________________________________________________________________________________________________________
*** CID 1328444: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_dri2.c: 511 in dri2_page_flip()
505 
506 		emitted++;
507 	}
508 
509 	/* Will release old fb after all crtc's completed flip. */
510 	drmmode_swap(scrn, next_fb, &flipdata->old_fb_id);
>>> CID 1328444: Resource leaks (RESOURCE_LEAK)
>>> Variable "flipdata" going out of scope leaks the storage it points to.
511 	return TRUE;
512 
513 error_undo:
514 	drmModeRmFB(pNv->dev->fd, next_fb);
515 	return FALSE;
516 }
** CID 1328445: (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 899 in drmmode_output_dpms()
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 911 in drmmode_output_dpms()
________________________________________________________________________________________________________
*** CID 1328445: (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 899 in drmmode_output_dpms()
893 	drmModeConnectorPtr koutput = drmmode_output->mode_output;
894 	drmModePropertyPtr props;
895 	drmmode_ptr drmmode = drmmode_output->drmmode;
896 	int mode_id = -1, i;
897 
898 	for (i = 0; i < koutput->count_props; i++) {
>>> CID 1328445: (RESOURCE_LEAK)
>>> Overwriting "props" in "props = drmModeGetProperty(drmmode->fd, koutput->props[i])" leaks the storage that "props" points to.
899 		props = drmModeGetProperty(drmmode->fd, koutput->props[i]);
900 		if (props && (props->flags && DRM_MODE_PROP_ENUM)) {
901 			if (!strcmp(props->name, "DPMS")) {
902 				mode_id = koutput->props[i];
903 				drmModeFreeProperty(props);
904 				break;
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 911 in drmmode_output_dpms()
905 			}
906 			drmModeFreeProperty(props);
907 		}
908 	}
909 
910 	if (mode_id < 0)
>>> CID 1328445: (RESOURCE_LEAK)
>>> Variable "props" going out of scope leaks the storage it points to.
911 		return;
912 
913 	drmModeConnectorSetProperty(drmmode->fd, koutput->connector_id,
914 				 mode_id, mode);
915 }
916 
** CID 1328446: (RETURN_LOCAL)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
________________________________________________________________________________________________________
*** CID 1328446: (RETURN_LOCAL)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
79 		size = sizeof(struct nvc0_fifo);
80 		break;
81 	default:
82 		return FALSE;
83 	}
84 
>>> CID 1328446: (RETURN_LOCAL)
>>> Using "data", which points to an out-of-scope temporary variable of type "struct nv04_fifo".
85 	ret = nouveau_object_new(&pNv->dev->object, 0,
86 				 NOUVEAU_FIFO_CHANNEL_CLASS, data, size,
87 				 &pNv->ce_channel);
88 	if (ret) {
89 		xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
90 			 "[COPY} error allocating channel: %d\n", ret);
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
79 		size = sizeof(struct nvc0_fifo);
80 		break;
81 	default:
82 		return FALSE;
83 	}
84 
>>> CID 1328446: (RETURN_LOCAL)
>>> Using "data", which points to an out-of-scope temporary variable of type "struct nvc0_fifo".
85 	ret = nouveau_object_new(&pNv->dev->object, 0,
86 				 NOUVEAU_FIFO_CHANNEL_CLASS, data, size,
87 				 &pNv->ce_channel);
88 	if (ret) {
89 		xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
90 			 "[COPY} error allocating channel: %d\n", ret);
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/nouveau_copy.c: 85 in nouveau_copy_init()
79 		size = sizeof(struct nvc0_fifo);
80 		break;
81 	default:
82 		return FALSE;
83 	}
84 
>>> CID 1328446: (RETURN_LOCAL)
>>> Using "data", which points to an out-of-scope temporary variable of type "struct nve0_fifo".
85 	ret = nouveau_object_new(&pNv->dev->object, 0,
86 				 NOUVEAU_FIFO_CHANNEL_CLASS, data, size,
87 				 &pNv->ce_channel);
88 	if (ret) {
89 		xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
90 			 "[COPY} error allocating channel: %d\n", ret);
** CID 1328447: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 181 in drmmode_event_abort()
________________________________________________________________________________________________________
*** CID 1328447: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 181 in drmmode_event_abort()
175 void
176 drmmode_event_abort(ScrnInfoPtr scrn, uint64_t name, bool pending)
177 {
178 	drmmode_ptr drmmode = drmmode_from_scrn(scrn);
179 	struct drmmode_event *e, *t;
180 
>>> CID 1328447: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "e".
181 	xorg_list_for_each_entry_safe(e, t, &drmmode_events, head) {
182 		if (e->drmmode == drmmode && e->name == name) {
183 			xorg_list_del(&e->head);
184 			if (!pending)
185 				free(e);
186 			break;
** CID 1328448: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 224 in drmmode_event_fini()
________________________________________________________________________________________________________
*** CID 1328448: Memory - illegal accesses (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-nouveau/dist/src/drmmode_display.c: 224 in drmmode_event_fini()
218 void
219 drmmode_event_fini(ScrnInfoPtr scrn)
220 {
221 	drmmode_ptr drmmode = drmmode_from_scrn(scrn);
222 	struct drmmode_event *e, *t;
223 
>>> CID 1328448: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "e".
224 	xorg_list_for_each_entry_safe(e, t, &drmmode_events, head) {
225 		if (e->drmmode == drmmode) {
226 			xorg_list_del(&e->head);
227 			free(e);
228 		}
229 	}
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /