Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user

Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
1235 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
69 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 1235 defect(s)
** CID 1428705: Concurrent data access violations (MISSING_LOCK)
/external/bsd/bind/dist/lib/isc/rwlock.c: 214 in isc_rwlock_init()
________________________________________________________________________________________________________
*** CID 1428705: Concurrent data access violations (MISSING_LOCK)
/external/bsd/bind/dist/lib/isc/rwlock.c: 214 in isc_rwlock_init()
208 		write_quota = RWLOCK_DEFAULT_WRITE_QUOTA;
209 	rwl->write_quota = write_quota;
210 #else
211 	rwl->type = isc_rwlocktype_read;
212 	rwl->original = isc_rwlocktype_none;
213 	rwl->active = 0;
>>> CID 1428705: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "rwl->granted" without holding lock "isc_rwlock.lock". Elsewhere, "isc_rwlock.granted" is accessed with "isc_rwlock.lock" held 6 out of 7 times.
214 	rwl->granted = 0;
215 	rwl->readers_waiting = 0;
216 	rwl->writers_waiting = 0;
217 	if (read_quota == 0)
218 		read_quota = RWLOCK_DEFAULT_READ_QUOTA;
219 	rwl->read_quota = read_quota;
** CID 1428704: (TAINTED_SCALAR)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 1064 in vgname_from_mda()
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 1077 in vgname_from_mda()
________________________________________________________________________________________________________
*** CID 1428704: (TAINTED_SCALAR)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 1064 in vgname_from_mda()
1058 		return_NULL;
1059 
1060 	if (!(mdah = _raw_read_mda_header(fmt, dev_area)))
1061 		goto_out;
1062 
1063 	/* FIXME Cope with returning a list */
>>> CID 1428704: (TAINTED_SCALAR)
>>> Assigning: "rlocn" = "mdah->raw_locns". Both are now tainted.
1064 	rlocn = mdah->raw_locns;
1065 
1066 	/*
1067 	 * If no valid offset, do not try to search for vgname
1068 	 */
1069 	if (!rlocn->offset)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 1077 in vgname_from_mda()
1071 
1072 	/* Do quick check for a vgname */
1073 	if (!dev_read(dev_area->dev, dev_area->start + rlocn->offset,
1074 		 NAME_LEN, buf))
1075 		goto_out;
1076 
>>> CID 1428704: (TAINTED_SCALAR)
>>> Using tainted variable "buf[len]" as an index to pointer "_ctype_tab_ + 1".
1077 	while (buf[len] && !isspace(buf[len]) && buf[len] != '{' &&
1078 	 len < (NAME_LEN - 1))
1079 		len++;
1080 
1081 	buf[len] = '0円';
1082 
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 1084 in vgname_from_mda()
1078 	 len < (NAME_LEN - 1))
1079 		len++;
1080 
1081 	buf[len] = '0円';
1082 
1083 	/* Ignore this entry if the characters aren't permissible */
>>> CID 1428704: (TAINTED_SCALAR)
>>> Passing tainted variable "buf" to a tainted sink.
1084 	if (!validate_name(buf))
1085 		goto_out;
1086 
1087 	/* We found a VG - now check the metadata */
1088 	if (rlocn->offset + rlocn->size > mdah->size)
1089 		wrap = (uint32_t) ((rlocn->offset + rlocn->size) - mdah->size);
** CID 1428703: Error handling issues (CHECKED_RETURN)
/external/gpl3/binutils/dist/bfd/elf-eh-frame.c: 1094 in add_eh_frame_hdr_terminator()
________________________________________________________________________________________________________
*** CID 1428703: Error handling issues (CHECKED_RETURN)
/external/gpl3/binutils/dist/bfd/elf-eh-frame.c: 1094 in add_eh_frame_hdr_terminator()
1088 }
1089 
1090 /* Add space for a CANTUNWIND terminator. */
1091 if (!sec->rawsize)
1092 sec->rawsize = sec->size;
1093 
>>> CID 1428703: Error handling issues (CHECKED_RETURN)
>>> Calling "bfd_set_section_size" without checking return value (as is done elsewhere 12 out of 15 times).
1094 bfd_set_section_size (sec->owner, sec, sec->size + 8);
1095 }
1096 
1097 /* Finish a pass over all .eh_frame_entry sections. */
1098 
1099 bfd_boolean
** CID 1428702: (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 88 in atfu_msgrcv_basic_body()
/tests/lib/libc/sys/t_msgrcv.c: 89 in atfu_msgrcv_basic_body()
________________________________________________________________________________________________________
*** CID 1428702: (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 88 in atfu_msgrcv_basic_body()
82 	struct msg msg2 = { MSG_MTYPE_1, { 'x', 'y', 'z' } };
83 	int id;
84 
85 	id = msgget(MSG_KEY, IPC_CREAT | 0600);
86 	ATF_REQUIRE(id != -1);
87 
>>> CID 1428702: (OVERRUN)
>>> Overrunning struct type msg of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument "3U". [Note: The source code implementation of the function has been overridden by a builtin model.]
88 	(void)msgsnd(id, &msg1, MSG_LEN, IPC_NOWAIT);
89 	(void)msgrcv(id, &msg2, MSG_LEN, MSG_MTYPE_1, IPC_NOWAIT);
90 
91 	ATF_CHECK(msg1.buf[0] == msg2.buf[0]);
92 	ATF_CHECK(msg1.buf[1] == msg2.buf[1]);
93 	ATF_CHECK(msg1.buf[2] == msg2.buf[2]);
/tests/lib/libc/sys/t_msgrcv.c: 89 in atfu_msgrcv_basic_body()
83 	int id;
84 
85 	id = msgget(MSG_KEY, IPC_CREAT | 0600);
86 	ATF_REQUIRE(id != -1);
87 
88 	(void)msgsnd(id, &msg1, MSG_LEN, IPC_NOWAIT);
>>> CID 1428702: (OVERRUN)
>>> Overrunning struct type msg of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument "3U". [Note: The source code implementation of the function has been overridden by a builtin model.]
89 	(void)msgrcv(id, &msg2, MSG_LEN, MSG_MTYPE_1, IPC_NOWAIT);
90 
91 	ATF_CHECK(msg1.buf[0] == msg2.buf[0]);
92 	ATF_CHECK(msg1.buf[1] == msg2.buf[1]);
93 	ATF_CHECK(msg1.buf[2] == msg2.buf[2]);
94 
** CID 1428701: Insecure data handling (INTEGER_OVERFLOW)
/external/bsd/nvi/dist/common/exf.c: 1178 in file_backup()
________________________________________________________________________________________________________
*** CID 1428701: Insecure data handling (INTEGER_OVERFLOW)
/external/bsd/nvi/dist/common/exf.c: 1178 in file_backup()
1172 		goto err;
1173 	}
1174 
1175 	/* Copy the file's current contents to its backup value. */
1176 	while ((nr = read(rfd, buf, sizeof(buf))) > 0)
1177 		for (off = 0; nr != 0; nr -= nw, off += nw)
>>> CID 1428701: Insecure data handling (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "nr" used as critical argument to function. [Note: The source code implementation of the function has been overridden by a builtin model.]
1178 			if ((nw = write(wfd, buf + off, nr)) < 0) {
1179 				estr = wfname;
1180 				goto err;
1181 			}
1182 	if (nr < 0) {
1183 		estr = name;
** CID 1428700: Memory - corruptions (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 123 in atfu_msgrcv_block_body()
________________________________________________________________________________________________________
*** CID 1428700: Memory - corruptions (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 123 in atfu_msgrcv_block_body()
117 
118 	pid = fork();
119 	ATF_REQUIRE(pid >= 0);
120 
121 	if (pid == 0) {
122 
>>> CID 1428700: Memory - corruptions (OVERRUN)
>>> Overrunning struct type msg of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument "3U". [Note: The source code implementation of the function has been overridden by a builtin model.]
123 		if (msgrcv(id, &msg, MSG_LEN, MSG_MTYPE_1, 0) < 0)
124 			_exit(EXIT_FAILURE);
125 
126 		_exit(EXIT_SUCCESS);
127 	}
128 
** CID 1428699: Null pointer dereferences (FORWARD_NULL)
/usr/obj/i386-i386/src/usr.sbin/ndiscvt.i386-i386/inf-token.c: 1414 in ndiscvt_restart()
________________________________________________________________________________________________________
*** CID 1428699: Null pointer dereferences (FORWARD_NULL)
/usr/obj/i386-i386/src/usr.sbin/ndiscvt.i386-i386/inf-token.c: 1414 in ndiscvt_restart()
1408 * @note This function does not reset the start condition to @c INITIAL .
1409 */
1410 void yyrestart (FILE * input_file )
1411 {
1412 
1413 	if ( ! YY_CURRENT_BUFFER ){
>>> CID 1428699: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "yy_buffer_stack".
1414 yyensure_buffer_stack ();
1415 		YY_CURRENT_BUFFER_LVALUE =
1416 yy_create_buffer( yyin, YY_BUF_SIZE );
1417 	}
1418 
1419 	yy_init_buffer( YY_CURRENT_BUFFER, input_file );
** CID 1428698: Error handling issues (CHECKED_RETURN)
/usr/xsrc/external/mit/libdrm/dist/nouveau/abi16.c: 234 in abi16_delete()
________________________________________________________________________________________________________
*** CID 1428698: Error handling issues (CHECKED_RETURN)
/usr/xsrc/external/mit/libdrm/dist/nouveau/abi16.c: 234 in abi16_delete()
228 		drmCommandWrite(drm->fd, DRM_NOUVEAU_CHANNEL_FREE,
229 				&req, sizeof(req));
230 	} else {
231 		struct drm_nouveau_gpuobj_free req;
232 		req.channel = obj->parent->handle;
233 		req.handle = obj->handle;
>>> CID 1428698: Error handling issues (CHECKED_RETURN)
>>> Calling "drmCommandWrite" without checking return value (as is done elsewhere 8 out of 9 times).
234 		drmCommandWrite(drm->fd, DRM_NOUVEAU_GPUOBJ_FREE,
235 				&req, sizeof(req));
236 	}
237 }
238 
239 drm_private bool
** CID 1428697: Program hangs (LOCK)
/external/bsd/bind/dist/lib/dns/rbtdb.c: 8050 in getsigningtime64()
________________________________________________________________________________________________________
*** CID 1428697: Program hangs (LOCK)
/external/bsd/bind/dist/lib/dns/rbtdb.c: 8050 in getsigningtime64()
8044 
8045 	result = ISC_R_SUCCESS;
8046 
8047 unlock:
8048 	RWUNLOCK(&rbtdb->tree_lock, isc_rwlocktype_read);
8049 
>>> CID 1428697: Program hangs (LOCK)
>>> Returning without unlocking "rbtdb->node_locks[i].lock".
8050 	return (result);
8051 }
8052 
8053 static void
8054 resigned(dns_db_t *db, dns_rdataset_t *rdataset, dns_dbversion_t *version)
8055 {
** CID 1428696: Program hangs (ORDER_REVERSAL)
/external/bsd/bind/dist/lib/dns/zone.c: 18084 in setnsec3param()
________________________________________________________________________________________________________
*** CID 1428696: Program hangs (ORDER_REVERSAL)
/external/bsd/bind/dist/lib/dns/zone.c: 18084 in setnsec3param()
18078 	np = &npe->params;
18079 
18080 	dns_rdataset_init(&prdataset);
18081 	dns_rdataset_init(&nrdataset);
18082 	dns_diff_init(zone->mctx, &diff);
18083 
>>> CID 1428696: Program hangs (ORDER_REVERSAL)
>>> Calling "__libc_mutex_lock" acquires lock "dns_zone.dblock".
18084 	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
18085 	if (zone->db != NULL) {
18086 		dns_db_attach(zone->db, &db);
18087 		dns_db_currentversion(db, &oldver);
18088 		result = dns_db_newversion(db, &newver);
18089 		if (result != ISC_R_SUCCESS) {
** CID 1428695: Memory - corruptions (OVERRUN)
/tests/kernel/t_sysv.c: 396 in receiver()
________________________________________________________________________________________________________
*** CID 1428695: Memory - corruptions (OVERRUN)
/tests/kernel/t_sysv.c: 396 in receiver()
390 		err(1, "receiver: msgget");
391 
392 	for (loop = 0; loop < maxloop; loop++) {
393 		/*
394 		 * Receive the first message, print it, and send an ACK.
395 		 */
>>> CID 1428695: Memory - corruptions (OVERRUN)
>>> Overrunning struct type mymsg of 260 bytes by passing it to a function which accesses it at byte offset 263 using argument "256U". [Note: The source code implementation of the function has been overridden by a builtin model.]
396 		if (msgrcv(msqid, &m, MESSAGE_TEXT_LEN, MTYPE_1, 0) != MESSAGE_TEXT_LEN)
397 			err(1, "receiver: msgrcv 1");
398 
399 		printf("%s\n", m.mtext);
400 		if (strcmp(m.mtext, m1_str) != 0)
401 			err(1, "receiver: message 1 data isn't correct");
** CID 1428694: Incorrect expression (SIZEOF_MISMATCH)
/usr.sbin/sysinst/partman.c: 2745 in partman()
________________________________________________________________________________________________________
*** CID 1428694: Incorrect expression (SIZEOF_MISMATCH)
/usr.sbin/sysinst/partman.c: 2745 in partman()
2739 			remove_vnd_options();
2740 		else if (!(vnds = calloc(sizeof(*vnds), MAX_VND)))
2741 			have_vnd = 0;
2742 
2743 		if (!have_cgd)
2744 			remove_cgd_options();
>>> CID 1428694: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "4U" to function "calloc" that returns a pointer of type "cgds_t *" is suspicious because a multiple of "sizeof (cgds_t) /*72*/" is expected.
2745 		else if (!(cgds = calloc(sizeof(*vnds), MAX_CGD)))
2746 			have_cgd = 0;
2747 
2748 		if (!have_lvm)
2749 			remove_lvm_options();
2750 		else if (!(lvms = calloc(sizeof(*lvms), MAX_LVM_VG)))
** CID 1428693: Program hangs (ORDER_REVERSAL)
/external/bsd/bind/dist/lib/dns/zone.c: 17888 in keydone()
________________________________________________________________________________________________________
*** CID 1428693: Program hangs (ORDER_REVERSAL)
/external/bsd/bind/dist/lib/dns/zone.c: 17888 in keydone()
17882 
17883 	ENTER;
17884 
17885 	dns_rdataset_init(&rdataset);
17886 	dns_diff_init(zone->mctx, &diff);
17887 
>>> CID 1428693: Program hangs (ORDER_REVERSAL)
>>> Calling "__libc_mutex_lock" acquires lock "dns_zone.dblock".
17888 	ZONEDB_LOCK(&zone->dblock, isc_rwlocktype_read);
17889 	if (zone->db != NULL) {
17890 		dns_db_attach(zone->db, &db);
17891 		dns_db_currentversion(db, &oldver);
17892 		result = dns_db_newversion(db, &newver);
17893 		if (result != ISC_R_SUCCESS) {
** CID 1428692: Memory - corruptions (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 317 in atfu_msgrcv_truncate_body()
________________________________________________________________________________________________________
*** CID 1428692: Memory - corruptions (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 317 in atfu_msgrcv_truncate_body()
311 	struct msgsmall msg2 = { MSG_MTYPE_1, { 'x', 'y' } };
312 	int id;
313 
314 	id = msgget(MSG_KEY, IPC_CREAT | 0600);
315 	ATF_REQUIRE(id != -1);
316 
>>> CID 1428692: Memory - corruptions (OVERRUN)
>>> Overrunning struct type msg of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument "3U". [Note: The source code implementation of the function has been overridden by a builtin model.]
317 	(void)msgsnd(id, &msg1, MSG_LEN, IPC_NOWAIT);
318 	(void)msgrcv(id, &msg2, MSG_SMALLLEN,
319 	 MSG_MTYPE_1, IPC_NOWAIT | MSG_NOERROR);
320 
321 	ATF_CHECK(msg1.buf[0] == msg2.buf[0]);
322 	ATF_CHECK(msg1.buf[1] == msg2.buf[1]);
** CID 1428691: Insecure data handling (TAINTED_SCALAR)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 391 in _find_vg_rlocn()
________________________________________________________________________________________________________
*** CID 1428691: Insecure data handling (TAINTED_SCALAR)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 391 in _find_vg_rlocn()
385 	/* FIXME Loop through rlocns two-at-a-time. List null-terminated. */
386 	/* FIXME Ignore if checksum incorrect!!! */
387 	if (!dev_read(dev_area->dev, dev_area->start + rlocn->offset,
388 		 sizeof(vgnamebuf), vgnamebuf))
389 		goto_bad;
390 
>>> CID 1428691: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "vgnamebuf[len]" as an index to pointer "_ctype_tab_ + 1".
391 	if (!strncmp(vgnamebuf, vgname, len = strlen(vgname)) &&
392 	 (isspace(vgnamebuf[len]) || vgnamebuf[len] == '{')) {
393 		return rlocn;
394 	}
395 
396 bad:
** CID 1428690: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1428690: Insecure data handling (TAINTED_SCALAR)
/external/gpl2/lvm2/dist/lib/format1/disk-rep.c: 399 in __read_disk()
393 
394 	if (!_read_lvs(dl)) {
395 		log_error("Failed to read LV's from %s", name);
396 		goto bad;
397 	}
398 
>>> CID 1428690: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "dl->pvd" to a tainted sink.
399 	if (!_read_extents(dl)) {
400 		log_error("Failed to read extents from %s", name);
401 		goto bad;
402 	}
403 
404 	log_very_verbose("Found %s in %sVG %s", name,
** CID 1428689: Memory - corruptions (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 169 in atfu_msgrcv_err_body()
________________________________________________________________________________________________________
*** CID 1428689: Memory - corruptions (OVERRUN)
/tests/lib/libc/sys/t_msgrcv.c: 169 in atfu_msgrcv_err_body()
163 
164 	errno = 0;
165 
166 	ATF_REQUIRE_ERRNO(ENOMSG, msgrcv(id, &msg,
167 		MSG_LEN, MSG_MTYPE_1, IPC_NOWAIT) == -1);
168 
>>> CID 1428689: Memory - corruptions (OVERRUN)
>>> Overrunning struct type msg of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument "3U". [Note: The source code implementation of the function has been overridden by a builtin model.]
169 	ATF_REQUIRE(msgsnd(id, &msg, MSG_LEN, IPC_NOWAIT) == 0);
170 
171 	errno = 0;
172 
173 	ATF_REQUIRE_ERRNO(EFAULT, msgrcv(id, (void *)-1,
174 		MSG_LEN, MSG_MTYPE_1, IPC_NOWAIT) == -1);
** CID 1428688: (INTEGER_OVERFLOW)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 581 in _vg_write_raw()
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 599 in _vg_write_raw()
________________________________________________________________________________________________________
*** CID 1428688: (INTEGER_OVERFLOW)
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 581 in _vg_write_raw()
575 
576 	log_debug("Writing %s metadata to %s at %" PRIu64 " len %" PRIu64,
577 		 vg->name, dev_name(mdac->area.dev), mdac->area.start +
578 		 mdac->rlocn.offset, mdac->rlocn.size - new_wrap);
579 
580 	/* Write text out, circularly */
>>> CID 1428688: (INTEGER_OVERFLOW)
>>> Subtract operation overflows on operands "mdac->rlocn.size" and "new_wrap". Example values for operands: "mdac->rlocn.size" = 1194321920, "new_wrap" = 4702867459.
581 	if (!dev_write(mdac->area.dev, mdac->area.start + mdac->rlocn.offset,
582 		 (size_t) (mdac->rlocn.size - new_wrap),
583 		 fidtc->raw_metadata_buf))
584 		goto_out;
585 
586 	if (new_wrap) {
/external/gpl2/lvm2/dist/lib/format_text/format-text.c: 599 in _vg_write_raw()
593 			 (size_t) new_wrap,
594 			 fidtc->raw_metadata_buf +
595 			 mdac->rlocn.size - new_wrap))
596 			goto_out;
597 	}
598 
>>> CID 1428688: (INTEGER_OVERFLOW)
>>> Subtract operation overflows on operands "mdac->rlocn.size" and "new_wrap". Example values for operands: "mdac->rlocn.size" = 2218785304, "new_wrap" = 4294967296.
599 	mdac->rlocn.checksum = calc_crc(INITIAL_CRC, fidtc->raw_metadata_buf,
600 					(uint32_t) (mdac->rlocn.size -
601 						 new_wrap));
602 	if (new_wrap)
603 		mdac->rlocn.checksum = calc_crc(mdac->rlocn.checksum,
604 						fidtc->raw_metadata_buf +
** CID 1428687: Memory - corruptions (OVERRUN)
/tests/kernel/t_sysv.c: 286 in atfu_msg_body()
________________________________________________________________________________________________________
*** CID 1428687: Memory - corruptions (OVERRUN)
/tests/kernel/t_sysv.c: 286 in atfu_msg_body()
280 	for (loop = 0; loop < maxloop; loop++) {
281 		/*
282 		 * Send the first message to the receiver and wait for the ACK.
283 		 */
284 		m.mtype = MTYPE_1;
285 		strcpy(m.mtext, m1_str);
>>> CID 1428687: Memory - corruptions (OVERRUN)
>>> Overrunning struct type mymsg of 260 bytes by passing it to a function which accesses it at byte offset 263 using argument "256U". [Note: The source code implementation of the function has been overridden by a builtin model.]
286 		ATF_REQUIRE_MSG(msgsnd(sender_msqid, &m, MESSAGE_TEXT_LEN,
287 		 0) != -1, "sender: msgsnd 1: %d", errno);
288 
289 		ATF_REQUIRE_MSG(msgrcv(sender_msqid, &m, MESSAGE_TEXT_LEN,
290 				 MTYPE_1_ACK, 0) == MESSAGE_TEXT_LEN,
291 		 "sender: msgrcv 1 ack: %d", errno);
** CID 1428686: Error handling issues (CHECKED_RETURN)
/external/gpl3/binutils/dist/bfd/elflink.c: 11170 in bfd_elf_final_link()
________________________________________________________________________________________________________
*** CID 1428686: Error handling issues (CHECKED_RETURN)
/external/gpl3/binutils/dist/bfd/elflink.c: 11170 in bfd_elf_final_link()
11164 	 input_section->flags &= ~SEC_HAS_CONTENTS;
11165 	 }
11166 
11167 	 attr_size = bfd_elf_obj_attr_size (abfd);
11168 	 if (attr_size)
11169 	 {
>>> CID 1428686: Error handling issues (CHECKED_RETURN)
>>> Calling "bfd_set_section_size" without checking return value (as is done elsewhere 12 out of 15 times).
11170 	 bfd_set_section_size (abfd, o, attr_size);
11171 	 attr_section = o;
11172 	 /* Skip this section later on. */
11173 	 o->map_head.link_order = NULL;
11174 	 }
11175 	 else
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjZiXDg7WCnKqBB1q-2FtZ4dvE2p1AmNMmYII14NbCr9wIc-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UW3gU5dcYqcVMkkkVjQh1NEXz8cEAx6vZ4vs4QeaVG5jR-2B-2FEkkOPPpHcxv8TQRZTOkrcoHxEmJfj8r5Y04nxQcE9XaKJL2XQuB1TOpwy63UBQF3SMyv-2BbvZV1pq7Sc2sKylRyx3Au0zavfidlTKTOATa-2FtkLNoD8lx4CwOPNogiwXqGj8Ziurz-2BKyD0EgtA4A-3D
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UW3gU5dcYqcVMkkkVjQh1NEXz8cEAx6vZ4vs4QeaVG5sRjDhAyiwxEHxqPSW15LtiWtvPy5Yo4BzK6JsVMf-2B4Wkg3V9jh94euZfO7QfwPol34BfX1cYsJayerl32-2FLfavWdNZo1x-2BUNFTK3Kft02OvnvAvf01aojNEZUNvnObNR3nZtj9q8CoT0Ytate6YPVA-3D
Home | Main Index | Thread Index | Old Index

AltStyle によって変換されたページ (->オリジナル) /