Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user

Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
22 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 22 defect(s)
** CID 745503: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/scp.c: 1081 in sink()
________________________________________________________________________________________________________
*** CID 745503: Security best practices violations (TOCTOU)
/crypto/external/bsd/openssh/dist/scp.c: 1081 in sink()
1075 				(void) chmod(vect[0], mode);
1076 			free(vect[0]);
1077 			continue;
1078 		}
1079 		omode = mode;
1080 		mode |= S_IWUSR;
>>> CID 745503: Security best practices violations (TOCTOU)
>>> Calling function "open" that uses "np" after a check function. This can cause a time-of-check, time-of-use race condition.
1081 		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
1082 bad:			run_err("%s: %s", np, strerror(errno));
1083 			continue;
1084 		}
1085 		(void) atomicio(vwrite, remout, empty, 1);
1086 		if ((bp = allocbuf(&buffer, ofd, COPY_BUFLEN)) == NULL) {
** CID 1201655: Null pointer dereferences (NULL_RETURNS)
/crypto/external/bsd/openssl/dist/crypto/mem_dbg.c: 646 in print_leak_doall_arg()
________________________________________________________________________________________________________
*** CID 1201655: Null pointer dereferences (NULL_RETURNS)
/crypto/external/bsd/openssl/dist/crypto/mem_dbg.c: 646 in print_leak_doall_arg()
640 if (m->addr == (char *)l->bio)
641 return;
642 
643 if (options & V_CRYPTO_MDEBUG_TIME) {
644 lcl = localtime(&m->time);
645 
>>> CID 1201655: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "lcl".
646 BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
647 lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
648 bufp += strlen(bufp);
649 }
650 
651 BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
** CID 1341547: Error handling issues (CHECKED_RETURN)
/sys/rump/librump/rumpkern/rump_syscalls.c: 781 in rump___sysimpl_sync()
________________________________________________________________________________________________________
*** CID 1341547: Error handling issues (CHECKED_RETURN)
/sys/rump/librump/rumpkern/rump_syscalls.c: 781 in rump___sysimpl_sync()
775 void rump___sysimpl_sync(void);
776 void
777 rump___sysimpl_sync(void )
778 {
779 	register_t retval[2];
780 
>>> CID 1341547: Error handling issues (CHECKED_RETURN)
>>> Calling "rumpclient_syscall" without checking return value (as is done elsewhere 4 out of 5 times).
781 	rsys_syscall(SYS_sync, NULL, 0, retval);
782 }
783 #ifdef RUMP_KERNEL_IS_LIBC
784 __weak_alias(sync,rump___sysimpl_sync);
785 __weak_alias(_sync,rump___sysimpl_sync);
786 __strong_alias(_sys_sync,rump___sysimpl_sync);
** CID 1341548: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 146 in add()
________________________________________________________________________________________________________
*** CID 1341548: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 146 in add()
140 
141 	ent_set(ent, map, type, name);
142 	gpt_write_primary(gpt);
143 
144 	ent = gpt_ent_backup(gpt, i);
145 	ent_set(ent, map, type, name);
>>> CID 1341548: Error handling issues (CHECKED_RETURN)
>>> Calling "gpt_write_backup" without checking return value (as is done elsewhere 6 out of 7 times).
146 	gpt_write_backup(gpt);
147 
148 	gpt_uuid_snprintf(buf, sizeof(buf), "%d", type);
149 	gpt_msg(gpt, "Partition %d added: %s %" PRIu64 " %" PRIu64, i + 1,
150 	 buf, map->map_start, map->map_size);
151 	return 0;
** CID 1341549: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 142 in add()
________________________________________________________________________________________________________
*** CID 1341549: Error handling issues (CHECKED_RETURN)
/sbin/gpt/add.c: 142 in add()
136 			gpt_warnx(gpt, "Not enough space available on device");
137 			return -1;
138 		}
139 	}
140 
141 	ent_set(ent, map, type, name);
>>> CID 1341549: Error handling issues (CHECKED_RETURN)
>>> Calling "gpt_write_primary" without checking return value (as is done elsewhere 5 out of 6 times).
142 	gpt_write_primary(gpt);
143 
144 	ent = gpt_ent_backup(gpt, i);
145 	ent_set(ent, map, type, name);
146 	gpt_write_backup(gpt);
147 
** CID 1341550: Error handling issues (CHECKED_RETURN)
/sbin/gpt/resizedisk.c: 205 in resizedisk()
________________________________________________________________________________________________________
*** CID 1341550: Error handling issues (CHECKED_RETURN)
/sbin/gpt/resizedisk.c: 205 in resizedisk()
199 	hdr = gpt->gpt->map_data;
200 	hdr->hdr_lba_alt = (uint64_t)gpt->tpg->map_start;
201 	hdr->hdr_crc_self = 0;
202 	hdr->hdr_lba_end = htole64((uint64_t)(gpt->lbt->map_start - 1));
203 	hdr->hdr_crc_self =
204 	 htole32(crc32(gpt->gpt->map_data, GPT_HDR_SIZE));
>>> CID 1341550: Error handling issues (CHECKED_RETURN)
>>> Calling "gpt_write" without checking return value (as is done elsewhere 10 out of 11 times).
205 	gpt_write(gpt, gpt->gpt);
206 
207 	hdr = gpt->tpg->map_data;
208 	hdr->hdr_lba_self = htole64((uint64_t)gpt->tpg->map_start);
209 	hdr->hdr_lba_alt = htole64((uint64_t)gpt->gpt->map_start);
210 	hdr->hdr_lba_end = htole64((uint64_t)(gpt->lbt->map_start - 1));
** CID 1341551: Null pointer dereferences (FORWARD_NULL)
/usr.sbin/makemandb/apropos-utils.c: 931 in term_init()
________________________________________________________________________________________________________
*** CID 1341551: Null pointer dereferences (FORWARD_NULL)
/usr.sbin/makemandb/apropos-utils.c: 931 in term_init()
925 	int error;
926 	const char *bold, *sgr0, *smso, *rmso, *smul, *rmul;
927 
928 	if (ti_setupterm(&ti, NULL, fd, &error) == -1) {
929 		bold = sgr0 = NULL;
930 		smso = rmso = smul = rmul = "";
>>> CID 1341551: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "ti" = "NULL".
931 		ti = NULL;
932 	} else {
933 		bold = ti_getstr(ti, "bold");
934 		sgr0 = ti_getstr(ti, "sgr0");
935 		if (bold == NULL || sgr0 == NULL) {
936 			smso = ti_getstr(ti, "smso");
** CID 1341552: (FORWARD_NULL)
/external/bsd/dhcpcd/dist/common.c: 169 in logger()
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
________________________________________________________________________________________________________
*** CID 1341552: (FORWARD_NULL)
/external/bsd/dhcpcd/dist/common.c: 169 in logger()
163 		}
164 		*fp++ = '0円';
165 		fmt = fmt_cpy;
166 	}
167 #endif
168 
>>> CID 1341552: (FORWARD_NULL)
>>> Dereferencing null pointer "ctx".
169 	if ((ctx == NULL || !(ctx->options & DHCPCD_QUIET)) &&
170 	 (pri < LOG_DEBUG || (ctx->options & DHCPCD_DEBUG)))
171 	{
172 		va_list vac;
173 
174 		va_copy(vac, va);
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
178 		vfprintf(pri <= LOG_ERR ? stderr : stdout, fmt, vac);
179 		fputc('\n', pri <= LOG_ERR ? stderr : stdout);
180 		va_end(vac);
181 	}
182 
183 	/* Don't send to syslog if dumping leases or testing */
>>> CID 1341552: (FORWARD_NULL)
>>> Dereferencing null pointer "ctx".
184 	if (ctx->options & (DHCPCD_DUMPLEASE | DHCPCD_TEST))
185 		goto out;
186 
187 	if (ctx && ctx->log_fd != -1) {
188 		if (pri < LOG_DEBUG || (ctx->options & DHCPCD_DEBUG)) {
189 			struct timeval tv;
** CID 1341553: Null pointer dereferences (FORWARD_NULL)
/lib/libterminfo/term.c: 194 in _ti_readterm()
________________________________________________________________________________________________________
*** CID 1341553: Null pointer dereferences (FORWARD_NULL)
/lib/libterminfo/term.c: 194 in _ti_readterm()
188 		 sizeof(*term->_userdefs)) == -1)
189 			return -1;
190 		for (num = 0; num < term->_nuserdefs; num++) {
191 			ud = &term->_userdefs[num];
192 			len = le16dec(cap);
193 			cap += sizeof(uint16_t);
>>> CID 1341553: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "ud".
194 			ud->id = cap;
195 			cap += len;
196 			ud->type = *cap++;
197 			switch (ud->type) {
198 			case 'f':
199 				ud->flag = *cap++;
** CID 1341554: Memory - illegal accesses (OVERRUN)
/external/bsd/dhcpcd/dist/dhcp6.c: 2212 in dhcp6_readlease()
________________________________________________________________________________________________________
*** CID 1341554: Memory - illegal accesses (OVERRUN)
/external/bsd/dhcpcd/dist/dhcp6.c: 2212 in dhcp6_readlease()
2206 	if ((state->new = malloc(BUFSIZ)) == NULL)
2207 		return -1;
2208 	retval = -1;
2209 	/* DHCPv6 messages have no real maximum size.
2210 	 * As we could be reading from stdin, we loop like so. */
2211 	for (;;) {
>>> CID 1341554: Memory - illegal accesses (OVERRUN)
>>> Overrunning dynamic array "state->new" at offset corresponding to index variable "state->new_len" through dereference in call to "read". [Note: The source code implementation of the function has been overridden by a builtin model.]
2212 		bytes = read(fd, state->new + state->new_len, BUFSIZ);
2213 		if (bytes == -1)
2214 			break;
2215 		if (bytes < BUFSIZ) {
2216 			state->new_len += (size_t)bytes;
2217 			retval = 0;
** CID 1341555: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/gpt_uuid.c: 285 in gpt_uuid_generate()
________________________________________________________________________________________________________
*** CID 1341555: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/gpt_uuid.c: 285 in gpt_uuid_generate()
279 	u.clock_seq_hi_and_reserved |= 0x80;
280 
281 	gpt_dce_to_uuid(&u, t);
282 	close(fd);
283 	return 0;
284 out:
>>> CID 1341555: Resource leaks (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
285 	return -1;
** CID 1341556: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/map.c: 182 in map_add()
________________________________________________________________________________________________________
*** CID 1341556: Resource leaks (RESOURCE_LEAK)
/sbin/gpt/map.c: 182 in map_add()
176 			gpt->mediamap = p;
177 	}
178 
179 	return m;
180 oomem:
181 	gpt_warn(gpt, "Can't create map");
>>> CID 1341556: Resource leaks (RESOURCE_LEAK)
>>> Variable "m" going out of scope leaks the storage it points to.
182 	return NULL;
183 }
184 
185 map_t
186 map_alloc(gpt_t gpt, off_t start, off_t size, off_t alignment)
187 {
** CID 1341560: (RESOURCE_LEAK)
/sbin/gpt/add.c: 200 in cmd_add()
/sbin/gpt/add.c: 169 in cmd_add()
/sbin/gpt/add.c: 173 in cmd_add()
/sbin/gpt/add.c: 177 in cmd_add()
/sbin/gpt/add.c: 182 in cmd_add()
/sbin/gpt/add.c: 188 in cmd_add()
/sbin/gpt/add.c: 198 in cmd_add()
________________________________________________________________________________________________________
*** CID 1341560: (RESOURCE_LEAK)
/sbin/gpt/add.c: 200 in cmd_add()
194 	if (optind != argc)
195 		return usage();
196 
197 	if ((sectors = gpt_check_ais(gpt, alignment, ~0U, size)) == -1)
198 		return -1;
199 
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
200 	return add(gpt, alignment, block, sectors, size, entry, name, type);
/sbin/gpt/add.c: 169 in cmd_add()
163 	gpt_uuid_copy(type, gpt_uuid_nil);
164 
165 	while ((ch = getopt(argc, argv, GPT_AIS "b:l:t:")) != -1) {
166 		switch(ch) {
167 		case 'b':
168 			if (gpt_human_get(&block) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
169 				return usage();
170 			break;
171 		case 'l':
172 			if (gpt_name_get(gpt, &name) == -1)
173 				return usage();
174 			break;
/sbin/gpt/add.c: 173 in cmd_add()
167 		case 'b':
168 			if (gpt_human_get(&block) == -1)
169 				return usage();
170 			break;
171 		case 'l':
172 			if (gpt_name_get(gpt, &name) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
173 				return usage();
174 			break;
175 		case 't':
176 			if (gpt_uuid_get(gpt, &type) == -1)
177 				return usage();
178 			break;
/sbin/gpt/add.c: 177 in cmd_add()
171 		case 'l':
172 			if (gpt_name_get(gpt, &name) == -1)
173 				return usage();
174 			break;
175 		case 't':
176 			if (gpt_uuid_get(gpt, &type) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
177 				return usage();
178 			break;
179 		default:
180 			if (gpt_add_ais(gpt, &alignment, &entry, &size, ch)
181 			 == -1)
182 				return usage();
/sbin/gpt/add.c: 182 in cmd_add()
176 			if (gpt_uuid_get(gpt, &type) == -1)
177 				return usage();
178 			break;
179 		default:
180 			if (gpt_add_ais(gpt, &alignment, &entry, &size, ch)
181 			 == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
182 				return usage();
183 			break;
184 		}
185 	}
186 
187 	if (argc != optind)
/sbin/gpt/add.c: 188 in cmd_add()
182 				return usage();
183 			break;
184 		}
185 	}
186 
187 	if (argc != optind)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
188 		return usage();
189 
190 	/* Create NetBSD FFS partitions by default. */
191 	if (gpt_uuid_is_nil(type))
192 		gpt_uuid_create(GPT_TYPE_NETBSD_FFS, type, NULL, 0);
193 
/sbin/gpt/add.c: 198 in cmd_add()
192 		gpt_uuid_create(GPT_TYPE_NETBSD_FFS, type, NULL, 0);
193 
194 	if (optind != argc)
195 		return usage();
196 
197 	if ((sectors = gpt_check_ais(gpt, alignment, ~0U, size)) == -1)
>>> CID 1341560: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
198 		return -1;
199 
200 	return add(gpt, alignment, block, sectors, size, entry, name, type);
** CID 1341561: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
________________________________________________________________________________________________________
*** CID 1341561: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
260 	const char *bootpath = NULL;
261 
262 	while ((ch = getopt(argc, argv, "c:i:L:")) != -1) {
263 		switch(ch) {
264 		case 'c':
265 			if (gpt_name_get(gpt, &bootpath) == -1)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
266 				return usage();
267 			break;
268 		case 'i':
269 			if (gpt_uint_get(&entry) == -1)
270 				return usage();
271 			break;
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
264 		case 'c':
265 			if (gpt_name_get(gpt, &bootpath) == -1)
266 				return usage();
267 			break;
268 		case 'i':
269 			if (gpt_uint_get(&entry) == -1)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
270 				return usage();
271 			break;
272 		case 'L':
273 			if (gpt_name_get(gpt, &label) == -1)
274 				return usage();
275 			break;
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
268 		case 'i':
269 			if (gpt_uint_get(&entry) == -1)
270 				return usage();
271 			break;
272 		case 'L':
273 			if (gpt_name_get(gpt, &label) == -1)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
274 				return usage();
275 			break;
276 		default:
277 			return usage();
278 		}
279 	}
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
271 			break;
272 		case 'L':
273 			if (gpt_name_get(gpt, &label) == -1)
274 				return usage();
275 			break;
276 		default:
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
277 			return usage();
278 		}
279 	}
280 
281 	if (argc != optind)
282 		return usage();
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
276 		default:
277 			return usage();
278 		}
279 	}
280 
281 	if (argc != optind)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
282 		return usage();
283 
284 #ifdef DIOCGWEDGEINFO
285 	if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 	 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 		if (entry > 0)
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
283 
284 #ifdef DIOCGWEDGEINFO
285 	if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 	 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 		if (entry > 0)
288 			/* wedges and indexes are mutually exclusive */
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
289 			return usage();
290 		start = dkw.dkw_offset;
291 		size = dkw.dkw_size;
292 		ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 		 gpt->mediasz, gpt->secsz);
294 		if (ngpt == NULL)
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
289 			return usage();
290 		start = dkw.dkw_offset;
291 		size = dkw.dkw_size;
292 		ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 		 gpt->mediasz, gpt->secsz);
294 		if (ngpt == NULL)
>>> CID 1341561: (RESOURCE_LEAK)
>>> Variable "bootpath" going out of scope leaks the storage it points to.
295 			return -1;
296 	}
297 #endif
298 	biosboot(ngpt, start, size, entry, label, bootpath);
299 	if (ngpt != gpt)
300 		gpt_close(ngpt);
301 
302 	return 0;
** CID 1341562: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 302 in cmd_biosboot()
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
________________________________________________________________________________________________________
*** CID 1341562: (RESOURCE_LEAK)
/sbin/gpt/biosboot.c: 302 in cmd_biosboot()
296 	}
297 #endif
298 	biosboot(ngpt, start, size, entry, label, bootpath);
299 	if (ngpt != gpt)
300 		gpt_close(ngpt);
301 
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
302 	return 0;
/sbin/gpt/biosboot.c: 266 in cmd_biosboot()
260 	const char *bootpath = NULL;
261 
262 	while ((ch = getopt(argc, argv, "c:i:L:")) != -1) {
263 		switch(ch) {
264 		case 'c':
265 			if (gpt_name_get(gpt, &bootpath) == -1)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
266 				return usage();
267 			break;
268 		case 'i':
269 			if (gpt_uint_get(&entry) == -1)
270 				return usage();
271 			break;
/sbin/gpt/biosboot.c: 270 in cmd_biosboot()
264 		case 'c':
265 			if (gpt_name_get(gpt, &bootpath) == -1)
266 				return usage();
267 			break;
268 		case 'i':
269 			if (gpt_uint_get(&entry) == -1)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
270 				return usage();
271 			break;
272 		case 'L':
273 			if (gpt_name_get(gpt, &label) == -1)
274 				return usage();
275 			break;
/sbin/gpt/biosboot.c: 274 in cmd_biosboot()
268 		case 'i':
269 			if (gpt_uint_get(&entry) == -1)
270 				return usage();
271 			break;
272 		case 'L':
273 			if (gpt_name_get(gpt, &label) == -1)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
274 				return usage();
275 			break;
276 		default:
277 			return usage();
278 		}
279 	}
/sbin/gpt/biosboot.c: 277 in cmd_biosboot()
271 			break;
272 		case 'L':
273 			if (gpt_name_get(gpt, &label) == -1)
274 				return usage();
275 			break;
276 		default:
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
277 			return usage();
278 		}
279 	}
280 
281 	if (argc != optind)
282 		return usage();
/sbin/gpt/biosboot.c: 282 in cmd_biosboot()
276 		default:
277 			return usage();
278 		}
279 	}
280 
281 	if (argc != optind)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
282 		return usage();
283 
284 #ifdef DIOCGWEDGEINFO
285 	if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 	 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 		if (entry > 0)
/sbin/gpt/biosboot.c: 289 in cmd_biosboot()
283 
284 #ifdef DIOCGWEDGEINFO
285 	if ((gpt->sb.st_mode & S_IFMT) != S_IFREG &&
286 	 ioctl(gpt->fd, DIOCGWEDGEINFO, &dkw) != -1) {
287 		if (entry > 0)
288 			/* wedges and indexes are mutually exclusive */
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
289 			return usage();
290 		start = dkw.dkw_offset;
291 		size = dkw.dkw_size;
292 		ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 		 gpt->mediasz, gpt->secsz);
294 		if (ngpt == NULL)
/sbin/gpt/biosboot.c: 295 in cmd_biosboot()
289 			return usage();
290 		start = dkw.dkw_offset;
291 		size = dkw.dkw_size;
292 		ngpt = gpt_open(dkw.dkw_parent, gpt->flags, gpt->verbose,
293 		 gpt->mediasz, gpt->secsz);
294 		if (ngpt == NULL)
>>> CID 1341562: (RESOURCE_LEAK)
>>> Variable "label" going out of scope leaks the storage it points to.
295 			return -1;
296 	}
297 #endif
298 	biosboot(ngpt, start, size, entry, label, bootpath);
299 	if (ngpt != gpt)
300 		gpt_close(ngpt);
301 
302 	return 0;
** CID 1341563: (RESOURCE_LEAK)
/sbin/gpt/label.c: 107 in name_from_file()
/sbin/gpt/label.c: 101 in name_from_file()
________________________________________________________________________________________________________
*** CID 1341563: (RESOURCE_LEAK)
/sbin/gpt/label.c: 107 in name_from_file()
101 		return -1;
102 	}
103 	len = fread(*name, 1, maxlen - 1, f);
104 	if (ferror(f)) {
105 		free(*name);
106 		gpt_warn(gpt, "Can't label from `%s'", fn);
>>> CID 1341563: (RESOURCE_LEAK)
>>> Variable "f" going out of scope leaks the storage it points to.
107 		return -1;
108 	}
109 	if (f != stdin)
110 		fclose(f);
111 	(*name)[len] = '0円';
112 	/* Only keep the first line, excluding the newline character. */
/sbin/gpt/label.c: 101 in name_from_file()
95 		}
96 	} else
97 		f = stdin;
98 
99 	if ((*name = malloc(maxlen)) == NULL) {
100 		gpt_warn(gpt, "Can't copy string");
>>> CID 1341563: (RESOURCE_LEAK)
>>> Variable "f" going out of scope leaks the storage it points to.
101 		return -1;
102 	}
103 	len = fread(*name, 1, maxlen - 1, f);
104 	if (ferror(f)) {
105 		free(*name);
106 		gpt_warn(gpt, "Can't label from `%s'", fn);
** CID 1341564: (RESOURCE_LEAK)
/sbin/gpt/label.c: 134 in cmd_label()
/sbin/gpt/label.c: 138 in cmd_label()
/sbin/gpt/label.c: 142 in cmd_label()
/sbin/gpt/label.c: 148 in cmd_label()
/sbin/gpt/label.c: 134 in cmd_label()
/sbin/gpt/label.c: 138 in cmd_label()
/sbin/gpt/label.c: 142 in cmd_label()
________________________________________________________________________________________________________
*** CID 1341564: (RESOURCE_LEAK)
/sbin/gpt/label.c: 134 in cmd_label()
128 
129 	/* Get the label options */
130 	while ((ch = getopt(argc, argv, GPT_FIND "f:l:")) != -1) {
131 		switch(ch) {
132 		case 'f':
133 			if (name_from_file(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
134 				return usage();
135 			break;
136 		case 'l':
137 			if (gpt_name_get(gpt, &name) == -1)
138 				return usage();
139 			break;
/sbin/gpt/label.c: 138 in cmd_label()
132 		case 'f':
133 			if (name_from_file(gpt, &name) == -1)
134 				return usage();
135 			break;
136 		case 'l':
137 			if (gpt_name_get(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
138 				return usage();
139 			break;
140 		default:
141 			if (gpt_add_find(gpt, &find, ch) == -1)
142 				return usage();
143 			break;
/sbin/gpt/label.c: 142 in cmd_label()
136 		case 'l':
137 			if (gpt_name_get(gpt, &name) == -1)
138 				return usage();
139 			break;
140 		default:
141 			if (gpt_add_find(gpt, &find, ch) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
142 				return usage();
143 			break;
144 		}
145 	}
146 
147 	if (name == NULL || argc != optind)
148 		return usage();
149 
150 	return gpt_change_ent(gpt, &find, change, name);
/sbin/gpt/label.c: 148 in cmd_label()
142 				return usage();
143 			break;
144 		}
145 	}
146 
147 	if (name == NULL || argc != optind)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
148 		return usage();
149 
150 	return gpt_change_ent(gpt, &find, change, name);
/sbin/gpt/label.c: 134 in cmd_label()
128 
129 	/* Get the label options */
130 	while ((ch = getopt(argc, argv, GPT_FIND "f:l:")) != -1) {
131 		switch(ch) {
132 		case 'f':
133 			if (name_from_file(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
134 				return usage();
135 			break;
136 		case 'l':
137 			if (gpt_name_get(gpt, &name) == -1)
138 				return usage();
139 			break;
/sbin/gpt/label.c: 138 in cmd_label()
132 		case 'f':
133 			if (name_from_file(gpt, &name) == -1)
134 				return usage();
135 			break;
136 		case 'l':
137 			if (gpt_name_get(gpt, &name) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
138 				return usage();
139 			break;
140 		default:
141 			if (gpt_add_find(gpt, &find, ch) == -1)
142 				return usage();
143 			break;
/sbin/gpt/label.c: 142 in cmd_label()
136 		case 'l':
137 			if (gpt_name_get(gpt, &name) == -1)
138 				return usage();
139 			break;
140 		default:
141 			if (gpt_add_find(gpt, &find, ch) == -1)
>>> CID 1341564: (RESOURCE_LEAK)
>>> Variable "name" going out of scope leaks the storage it points to.
142 				return usage();
143 			break;
144 		}
145 	}
146 
147 	if (name == NULL || argc != optind)
148 		return usage();
149 
150 	return gpt_change_ent(gpt, &find, change, name);
** CID 1341565: Null pointer dereferences (REVERSE_INULL)
/usr.sbin/makemandb/apropos-utils.c: 956 in term_init()
________________________________________________________________________________________________________
*** CID 1341565: Null pointer dereferences (REVERSE_INULL)
/usr.sbin/makemandb/apropos-utils.c: 956 in term_init()
950 	sa[0] = term_fix_seq(ti, bold ? bold : smso);
951 	sa[1] = term_fix_seq(ti, sgr0 ? sgr0 : rmso);
952 	sa[2] = estrdup("...");
953 	sa[3] = term_fix_seq(ti, smul);
954 	sa[4] = term_fix_seq(ti, rmul);
955 
>>> CID 1341565: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "ti" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
956 	if (ti)
957 		del_curterm(ti);
958 }
959 
960 /*
961 * run_query_term --
** CID 1341566: Null pointer dereferences (REVERSE_INULL)
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
________________________________________________________________________________________________________
*** CID 1341566: Null pointer dereferences (REVERSE_INULL)
/external/bsd/dhcpcd/dist/common.c: 184 in logger()
178 		vfprintf(pri <= LOG_ERR ? stderr : stdout, fmt, vac);
179 		fputc('\n', pri <= LOG_ERR ? stderr : stdout);
180 		va_end(vac);
181 	}
182 
183 	/* Don't send to syslog if dumping leases or testing */
>>> CID 1341566: Null pointer dereferences (REVERSE_INULL)
>>> Directly dereferencing pointer "ctx".
184 	if (ctx->options & (DHCPCD_DUMPLEASE | DHCPCD_TEST))
185 		goto out;
186 
187 	if (ctx && ctx->log_fd != -1) {
188 		if (pri < LOG_DEBUG || (ctx->options & DHCPCD_DEBUG)) {
189 			struct timeval tv;
** CID 1341567: Null pointer dereferences (REVERSE_INULL)
/sbin/gpt/resizedisk.c: 109 in resizedisk()
________________________________________________________________________________________________________
*** CID 1341567: Null pointer dereferences (REVERSE_INULL)
/sbin/gpt/resizedisk.c: 109 in resizedisk()
103 return -1;
104 }
105 mbr = mbrmap->map_data;
106 
107 	gpt->gpt = map_find(gpt, MAP_TYPE_PRI_GPT_HDR);
108 	ent = NULL;
>>> CID 1341567: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "gpt" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
109 	if (gpt == NULL) {
110 		gpt_warnx(gpt, "No primary GPT header; run create or recover");
111 		return -1;
112 	}
113 	hdr = gpt->gpt->map_data;
114 	oldloc = (off_t)le64toh((uint64_t)hdr->hdr_lba_alt);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /