Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-kernel

Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
127 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
41 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 127 defect(s)
** CID 1428660: Error handling issues (CHECKED_RETURN)
/sys/dev/pci/agp_sis.c: 90 in agp_sis_attach()
________________________________________________________________________________________________________
*** CID 1428660: Error handling issues (CHECKED_RETURN)
/sys/dev/pci/agp_sis.c: 90 in agp_sis_attach()
84 	if (ssc == NULL) {
85 		aprint_error(": can't allocate chipset-specific softc\n");
86 		return ENOMEM;
87 	}
88 	sc->as_methods = &agp_sis_methods;
89 	sc->as_chipc = ssc;
>>> CID 1428660: Error handling issues (CHECKED_RETURN)
>>> Calling "pci_get_capability" without checking return value (as is done elsewhere 45 out of 53 times).
90 	pci_get_capability(pa->pa_pc, pa->pa_tag, PCI_CAP_AGP, &sc->as_capoff,
91 	 NULL);
92 
93 	if (agp_map_aperture(pa, sc, AGP_APBASE) != 0) {
94 		aprint_error(": can't map aperture\n");
95 		free(ssc, M_AGP);
** CID 1428659: Null pointer dereferences (FORWARD_NULL)
/sys/netipsec/ipsec.c: 498 in ipsec_getpolicybysock()
________________________________________________________________________________________________________
*** CID 1428659: Null pointer dereferences (FORWARD_NULL)
/sys/netipsec/ipsec.c: 498 in ipsec_getpolicybysock()
492 		currsp = pcbsp->sp_out;
493 		break;
494 	}
495 	KASSERT(currsp != NULL);
496 
497 	if (pcbsp->priv) {			/* when privilieged socket */
>>> CID 1428659: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "currsp".
498 		switch (currsp->policy) {
499 		case IPSEC_POLICY_BYPASS:
500 		case IPSEC_POLICY_IPSEC:
501 			KEY_SP_REF(currsp);
502 			sp = currsp;
503 			break;
** CID 1428658: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1428658: Insecure data handling (TAINTED_SCALAR)
/sys/kern/core_elf32.c: 419 in coredump_note_auxv()
413 	if ((error = proc_getauxv(l->l_proc, &kauxv, &len)) != 0)
414 		return error;
415 
416 	ELFNAMEEND(coredump_savenote)(ns, ELF_NOTE_NETBSD_CORE_AUXV,
417 	 ELF_NOTE_NETBSD_CORE_NAME, kauxv, len);
418 	
>>> CID 1428658: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "kauxv" to a tainted sink.
419 	kmem_free(kauxv, len);
420 	return 0;
421 }
422 
423 static int
424 ELFNAMEEND(coredump_notes)(struct lwp *l, struct note_state *ns)
** CID 1428657: Uninitialized variables (UNINIT)
/sys/dev/pad/pad.c: 390 in pad_open()
________________________________________________________________________________________________________
*** CID 1428657: Uninitialized variables (UNINIT)
/sys/dev/pad/pad.c: 390 in pad_open()
384 		error = fd_clone(fp, fd, flags, &pad_fileops, sc);
385 		KASSERT(error == EMOVEFD);
386 	}	
387 	sc->sc_open = 1;
388 	mutex_exit(&padconfig);
389 
>>> CID 1428657: Uninitialized variables (UNINIT)
>>> Using uninitialized value "error".
390 	return error;
391 bad:
392 	mutex_exit(&padconfig);
393 	return ENXIO;
394 }
395 
** CID 1428656: Null pointer dereferences (FORWARD_NULL)
/sys/dev/usb/ohci.c: 1792 in ohci_rem_ed()
________________________________________________________________________________________________________
*** CID 1428656: Null pointer dereferences (FORWARD_NULL)
/sys/dev/usb/ohci.c: 1792 in ohci_rem_ed()
1786 		;
1787 	KASSERT(p != NULL);
1788 
1789 	usb_syncmem(&sed->dma, sed->offs + offsetof(ohci_ed_t, ed_nexted),
1790 	 sizeof(sed->ed.ed_nexted),
1791 	 BUS_DMASYNC_POSTWRITE | BUS_DMASYNC_POSTREAD);
>>> CID 1428656: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "p".
1792 	p->next = sed->next;
1793 	p->ed.ed_nexted = sed->ed.ed_nexted;
1794 	usb_syncmem(&p->dma, p->offs + offsetof(ohci_ed_t, ed_nexted),
1795 	 sizeof(p->ed.ed_nexted),
1796 	 BUS_DMASYNC_PREWRITE | BUS_DMASYNC_PREREAD);
1797 }
** CID 1428655: Error handling issues (CHECKED_RETURN)
/sys/dev/pci/agp_intel.c: 131 in agp_intel_attach()
________________________________________________________________________________________________________
*** CID 1428655: Error handling issues (CHECKED_RETURN)
/sys/dev/pci/agp_intel.c: 131 in agp_intel_attach()
125 	if (pci_find_device(&isc->vga_pa, agp_intel_vgamatch) == 0) {
126 		aprint_normal(": using generic initialization for Intel AGP\n");
127 		aprint_normal_dev(sc->as_dev, "");
128 		isc->chiptype = CHIP_INTEL;
129 	}
130 
>>> CID 1428655: Error handling issues (CHECKED_RETURN)
>>> Calling "pci_get_capability" without checking return value (as is done elsewhere 45 out of 53 times).
131 	pci_get_capability(pa->pa_pc, pa->pa_tag, PCI_CAP_AGP, &sc->as_capoff,
132 	 NULL);
133 
134 	if (agp_map_aperture(pa, sc, AGP_APBASE) != 0) {
135 		aprint_error(": can't map aperture\n");
136 		free(isc, M_AGP);
** CID 1428654: Null pointer dereferences (FORWARD_NULL)
/sys/netinet6/ip6_forward.c: 271 in ip6_forward()
________________________________________________________________________________________________________
*** CID 1428654: Null pointer dereferences (FORWARD_NULL)
/sys/netinet6/ip6_forward.c: 271 in ip6_forward()
265 	 * ipsec6_proces_packet will send the packet using ip6_output 
266 	 */
267 	if (needipsec) {
268 		int s = splsoftnet();
269 		error = ipsec6_process_packet(m, sp->req);
270 		splx(s);
>>> CID 1428654: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "mcopy" to null implies that "mcopy" might be null.
271 		if (mcopy)
272 			goto freecopy;
273 	}
274 #endif 
275 
276 	/*
** CID 1428653: Insecure data handling (TAINTED_SCALAR)
/sys/netsmb/smb_subr.c: 393 in dup_sockaddr_copyin()
________________________________________________________________________________________________________
*** CID 1428653: Insecure data handling (TAINTED_SCALAR)
/sys/netsmb/smb_subr.c: 393 in dup_sockaddr_copyin()
387 		return EINVAL;
388 
389 	/* Don't let the user overfeed us. */
390 	usalen = MIN(usalen, sizeof(struct sockaddr_storage));
391 
392 	/* Copy the buffer in from userland. */
>>> CID 1428653: Insecure data handling (TAINTED_SCALAR)
>>> Assigning: "ksa" = "smb_memdupin", which taints "ksa".
393 	ksa = smb_memdupin(usa, usalen);
394 	if (ksa == NULL)
395 		return ENOMEM;
396 
397 	/* Make sure the user's idea of sa_len is reasonable. */
398 	if (ksa->sa_len > usalen) {
** CID 1428652: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1428652: Insecure data handling (TAINTED_SCALAR)
/sys/miscfs/procfs/procfs_auxv.c: 61 in procfs_doauxv()
55 	if (uio->uio_offset < bufsize)
56 		error = uiomove((char *)buffer + uio->uio_offset,
57 		 bufsize - uio->uio_offset, uio);
58 	else
59 		error = 0;
60 
>>> CID 1428652: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "buffer" to a tainted sink.
61 	kmem_free(buffer, bufsize);
62 	return error;
63 }
64 
65 int
66 procfs_validauxv(struct lwp *l, struct mount *mp)
67 {
68 	return l != NULL && l->l_proc != NULL && l->l_proc->p_execsw != NULL;
** CID 1428651: Integer handling issues (BAD_SHIFT)
/sys/kern/subr_vmem.c: 409 in bt_freehead_toalloc()
________________________________________________________________________________________________________
*** CID 1428651: Integer handling issues (BAD_SHIFT)
/sys/kern/subr_vmem.c: 409 in bt_freehead_toalloc()
403 	const vmem_size_t qsize = size >> vm->vm_quantum_shift;
404 	int idx = SIZE2ORDER(qsize);
405 
406 	KASSERT(size != 0 && qsize != 0);
407 	KASSERT((size & vm->vm_quantum_mask) == 0);
408 
>>> CID 1428651: Integer handling issues (BAD_SHIFT)
>>> In expression "1UL << idx", shifting by a negative amount has undefined behavior. The shift amount, "idx", is -1.
409 	if (strat == VM_INSTANTFIT && ORDER2SIZE(idx) != qsize) {
410 		idx++;
411 		/* check too large request? */
412 	}
413 	KASSERT(idx >= 0);
414 	KASSERT(idx < VMEM_MAXORDER);
** CID 1428650: Memory - illegal accesses (OVERRUN)
/sys/kern/kern_sysctl.c: 2480 in sysctl_log_add()
________________________________________________________________________________________________________
*** CID 1428650: Memory - illegal accesses (OVERRUN)
/sys/kern/kern_sysctl.c: 2480 in sysctl_log_add()
2474 
2475 	/*
2476 	 * stuff name in, then namelen, then node type, and finally,
2477 	 * the version for non-node nodes.
2478 	 */
2479 	for (i = 0; i < namelen; i++)
>>> CID 1428650: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "name" of 12 4-byte elements at element index 12 (byte offset 48) using index "i" (which evaluates to 12).
2480 		log->log_num[--log->log_left] = name[i];
2481 	log->log_num[--log->log_left] = namelen;
2482 	log->log_num[--log->log_left] = SYSCTL_TYPE(node->sysctl_flags);
2483 	if (log->log_num[log->log_left] != CTLTYPE_NODE)
2484 		log->log_num[--log->log_left] = node->sysctl_ver;
2485 	else
** CID 1428649: Null pointer dereferences (FORWARD_NULL)
/sys/kern/subr_autoconf.c: 1402 in config_devalloc()
________________________________________________________________________________________________________
*** CID 1428649: Null pointer dereferences (FORWARD_NULL)
/sys/kern/subr_autoconf.c: 1402 in config_devalloc()
1396 	} else {
1397 		dev = dev_private;
1398 #ifdef DIAGNOSTIC
1399 		printf("%s has not been converted to device_t\n", cd->cd_name);
1400 #endif
1401 	}
>>> CID 1428649: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "dev".
1402 	dev->dv_class = cd->cd_class;
1403 	dev->dv_cfdata = cf;
1404 	dev->dv_cfdriver = cd;
1405 	dev->dv_cfattach = ca;
1406 	dev->dv_activity_count = 0;
1407 	dev->dv_activity_handlers = NULL;
** CID 1428648: Null pointer dereferences (FORWARD_NULL)
/sys/kern/exec_elf.c: 245 in elf64_copyargs()
________________________________________________________________________________________________________
*** CID 1428648: Null pointer dereferences (FORWARD_NULL)
/sys/kern/exec_elf.c: 245 in elf64_copyargs()
239 
240 	vlen = (a - ai) * sizeof(ai[0]);
241 
242 	KASSERT(vlen <= sizeof(ai));
243 
244 	char *path = l->l_proc->p_path;
>>> CID 1428648: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "execname".
245 	execname->a_v = (uintptr_t)(*stackp + vlen);
246 	len = strlen(path) + 1;
247 	if ((error = copyout(path, (*stackp + vlen), len)) != 0)
248 		return error;
249 	len = ALIGN(len);
250 
** CID 1428647: (TAINTED_SCALAR)
/sys/dev/i2c/ihidev.c: 421 in ihidev_hid_command()
/sys/dev/i2c/ihidev.c: 421 in ihidev_hid_command()
/sys/dev/i2c/ihidev.c: 428 in ihidev_hid_command()
/sys/dev/i2c/ihidev.c: 428 in ihidev_hid_command()
________________________________________________________________________________________________________
*** CID 1428647: (TAINTED_SCALAR)
/sys/dev/i2c/ihidev.c: 421 in ihidev_hid_command()
415 		tmprep = kmem_zalloc(report_len, KM_NOSLEEP);
416 
417 		/* type 3 id 8: 22 00 38 02 23 00 */
418 		res = iic_exec(sc->sc_tag, I2C_OP_READ_WITH_STOP, sc->sc_addr,
419 		 &cmd, cmdlen, tmprep, report_len, flags);
420 
>>> CID 1428647: (TAINTED_SCALAR)
>>> Performing a byte swapping operation on "tmprep" implies that it came from an external source, and is therefore tainted.
421 		d = tmprep[0] | tmprep[1] << 8;
422 		if (d != report_len) {
423 			DPRINTF(("%s: response size %d != expected length %d\n",
424 			 sc->sc_dev.dv_xname, d, report_len));
425 		}
426 
/sys/dev/i2c/ihidev.c: 421 in ihidev_hid_command()
415 		tmprep = kmem_zalloc(report_len, KM_NOSLEEP);
416 
417 		/* type 3 id 8: 22 00 38 02 23 00 */
418 		res = iic_exec(sc->sc_tag, I2C_OP_READ_WITH_STOP, sc->sc_addr,
419 		 &cmd, cmdlen, tmprep, report_len, flags);
420 
>>> CID 1428647: (TAINTED_SCALAR)
>>> Performing a byte swapping operation on "tmprep" implies that it came from an external source, and is therefore tainted.
421 		d = tmprep[0] | tmprep[1] << 8;
422 		if (d != report_len) {
423 			DPRINTF(("%s: response size %d != expected length %d\n",
424 			 sc->sc_dev.dv_xname, d, report_len));
425 		}
426 
/sys/dev/i2c/ihidev.c: 428 in ihidev_hid_command()
422 		if (d != report_len) {
423 			DPRINTF(("%s: response size %d != expected length %d\n",
424 			 sc->sc_dev.dv_xname, d, report_len));
425 		}
426 
427 		if (report_id_len == 2)
>>> CID 1428647: (TAINTED_SCALAR)
>>> Performing a byte swapping operation on "tmprep" implies that it came from an external source, and is therefore tainted.
428 			d = tmprep[2] | tmprep[3] << 8;
429 		else
430 			d = tmprep[2];
431 
432 		if (d != rreq->id) {
433 			DPRINTF(("%s: response report id %d != %d\n",
/sys/dev/i2c/ihidev.c: 428 in ihidev_hid_command()
422 		if (d != report_len) {
423 			DPRINTF(("%s: response size %d != expected length %d\n",
424 			 sc->sc_dev.dv_xname, d, report_len));
425 		}
426 
427 		if (report_id_len == 2)
>>> CID 1428647: (TAINTED_SCALAR)
>>> Performing a byte swapping operation on "tmprep" implies that it came from an external source, and is therefore tainted.
428 			d = tmprep[2] | tmprep[3] << 8;
429 		else
430 			d = tmprep[2];
431 
432 		if (d != rreq->id) {
433 			DPRINTF(("%s: response report id %d != %d\n",
** CID 1428646: Null pointer dereferences (FORWARD_NULL)
/sys/kern/kern_exec.c: 883 in execve_dovmcmds()
________________________________________________________________________________________________________
*** CID 1428646: Null pointer dereferences (FORWARD_NULL)
/sys/kern/kern_exec.c: 883 in execve_dovmcmds()
877 		vcp = &epp->ep_vmcmds.evs_cmds[i];
878 		if (vcp->ev_flags & VMCMD_RELATIVE) {
879 			KASSERTMSG(base_vcp != NULL,
880 			 "%s: relative vmcmd with no base", __func__);
881 			KASSERTMSG((vcp->ev_flags & VMCMD_BASE) == 0,
882 			 "%s: illegal base & relative vmcmd", __func__);
>>> CID 1428646: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "base_vcp".
883 			vcp->ev_addr += base_vcp->ev_addr;
884 		}
885 		error = (*vcp->ev_proc)(l, vcp);
886 		if (error)
887 			DUMPVMCMDS(epp, i, error);
888 		if (vcp->ev_flags & VMCMD_BASE)
** CID 1428645: Memory - corruptions (NEGATIVE_RETURNS)
/sys/dev/pci/if_wm.c: 7365 in wm_send_common_locked()
________________________________________________________________________________________________________
*** CID 1428645: Memory - corruptions (NEGATIVE_RETURNS)
/sys/dev/pci/if_wm.c: 7365 in wm_send_common_locked()
7359 
7360 		/*
7361 		 * Set up the command byte on the last descriptor of
7362 		 * the packet. If we're in the interrupt delay window,
7363 		 * delay the interrupt.
7364 		 */
>>> CID 1428645: Memory - corruptions (NEGATIVE_RETURNS)
>>> Using variable "lasttx" as an index to array "txq->txq_descs_u->sctxu_txdescs".
7365 		txq->txq_descs[lasttx].wtx_cmdlen |=
7366 		 htole32(WTX_CMD_EOP | WTX_CMD_RS);
7367 
7368 		/*
7369 		 * If VLANs are enabled and the packet has a VLAN tag, set
7370 		 * up the descriptor to encapsulate the packet for us.
** CID 1428644: Null pointer dereferences (REVERSE_INULL)
/sys/arch/x86/pci/amdzentemp.c: 170 in amdzentemp_attach()
________________________________________________________________________________________________________
*** CID 1428644: Null pointer dereferences (REVERSE_INULL)
/sys/arch/x86/pci/amdzentemp.c: 170 in amdzentemp_attach()
164 bad:
165 	if (sc->sc_sme != NULL) {
166 		sysmon_envsys_destroy(sc->sc_sme);
167 		sc->sc_sme = NULL;
168 	}
169 
>>> CID 1428644: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "sc->sc_sensor" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
170 	if (sc->sc_sensor != NULL) {
171 		kmem_free(sc->sc_sensor, sc->sc_sensor_len);
172 		sc->sc_sensor = NULL;
173 	}
174 }
175 
** CID 1428643: Error handling issues (CHECKED_RETURN)
/sys/dev/pckbport/pms.c: 240 in pmsattach()
________________________________________________________________________________________________________
*** CID 1428643: Error handling issues (CHECKED_RETURN)
/sys/dev/pckbport/pms.c: 240 in pmsattach()
234 	cmd[0] = PMS_DEV_DISABLE;
235 	res = pckbport_poll_cmd(pa->pa_tag, pa->pa_slot, cmd, 1, 0, NULL, 0);
236 	if (res)
237 		aprint_error("pmsattach: disable error\n");
238 	pckbport_slot_enable(sc->sc_kbctag, sc->sc_kbcslot, 0);
239 
>>> CID 1428643: Error handling issues (CHECKED_RETURN)
>>> Calling "kthread_create" without checking return value (as is done elsewhere 57 out of 66 times).
240 	kthread_create(PRI_NONE, 0, NULL, pms_reset_thread, sc,
241 	 &sc->sc_event_thread, "%s", device_xname(sc->sc_dev));
242 
243 	if (!pmf_device_register(self, pms_suspend, pms_resume))
244 		aprint_error_dev(self, "couldn't establish power handler\n");
245 }
** CID 1428642: Integer handling issues (BAD_SHIFT)
/sys/kern/subr_vmem.c: 934 in vmem_init()
________________________________________________________________________________________________________
*** CID 1428642: Integer handling issues (BAD_SHIFT)
/sys/kern/subr_vmem.c: 934 in vmem_init()
928 	vm->vm_flags = flags;
929 	vm->vm_nfreetags = 0;
930 	LIST_INIT(&vm->vm_freetags);
931 	strlcpy(vm->vm_name, name, sizeof(vm->vm_name));
932 	vm->vm_quantum_mask = quantum - 1;
933 	vm->vm_quantum_shift = SIZE2ORDER(quantum);
>>> CID 1428642: Integer handling issues (BAD_SHIFT)
>>> In expression "1UL << vm->vm_quantum_shift", shifting by a negative amount has undefined behavior. The shift amount, "vm->vm_quantum_shift", is -1.
934 	KASSERT(ORDER2SIZE(vm->vm_quantum_shift) == quantum);
935 	vm->vm_importfn = importfn;
936 	vm->vm_releasefn = releasefn;
937 	vm->vm_arg = arg;
938 	vm->vm_nbusytag = 0;
939 	vm->vm_size = 0;
** CID 1428641: Memory - illegal accesses (NEGATIVE_RETURNS)
/sys/uvm/uvm_physseg.c: 1167 in uvm_physseg_seg_alloc_from_slab()
________________________________________________________________________________________________________
*** CID 1428641: Memory - illegal accesses (NEGATIVE_RETURNS)
/sys/uvm/uvm_physseg.c: 1167 in uvm_physseg_seg_alloc_from_slab()
1161 		 */
1162 		KASSERT(uvm.page_init_done != true);
1163 
1164 		uvm_physseg_t upmp = uvm_physseg_get_prev(upm);
1165 		KASSERT(upmp != UVM_PHYSSEG_TYPE_INVALID);
1166 
>>> CID 1428641: Memory - illegal accesses (NEGATIVE_RETURNS)
>>> Using variable "upmp" as an index to array "vm_physmem".
1167 		seg->ext = HANDLE_TO_PHYSSEG_NODE(upmp)->ext;
1168 
1169 		KASSERT(seg->ext != NULL);
1170 	}
1171 
1172 	/* We allocate enough for this segment */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBj0qtSICo2DZNjmmsVjYof54PahgUQ7xLRwU5wjlAON3Q-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05Ud8CmvNgYmlqRwvlj8Q-2BaL9gKYL-2B-2BrFAZE2-2BtpxO9BN-2FhtsrfUXkeFblqeyC6frF6ugAD7AplhFat4Lx0uFOFelDLO3rvmIfZbj1eT-2FUgZQz6-2Fvt9ZmNwYKqBiwc8dmTEO5oQB9kspRgtRON91ez-2F2ab7zf1VarJGT-2BEm05EftXt50bbpr4y304XpAhhnLjzE-3D
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05Ud8CmvNgYmlqRwvlj8Q-2BaL9gKYL-2B-2BrFAZE2-2BtpxO9BNxlnMnUM7kZiNDi4sLHw9L-2FafuPS9STy9y8-2B5ndkWCCqfhin4SaiG32Nlj6ltZODmf-2FUcbDT6JSuN9Y1YajqwErUkk0SuiubYg6fM6Hi9xoSIOUmw2L0tEmmDU7UImJ8y-2BfCa1PTzyv6BhAo6tTwhsM-3D
Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /