Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
- To: undisclosed-recipients:;
- Subject: New Defects reported by Coverity Scan for NetBSD-i386-user
- From: scan-admin%coverity.com@localhost
- Date: Wed, 28 May 2014 07:11:33 -0700
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user
found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 20 of 56 defect(s)
** CID 94027: Resource leak (RESOURCE_LEAK)
/external/gpl2/lvm2/dist/lib/commands/toolcontext.c: 683 in _init_filters()
** CID 272959: Dereference after null check (FORWARD_NULL)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 856 in bsd_init()
** CID 975111: Unchecked return value (CHECKED_RETURN)
/lib/libc/net/rcmd.c: 701 in iruserok_sa()
** CID 975112: Unchecked return value from library (CHECKED_RETURN)
/lib/libc/rpc/clnt_generic.c: 324 in _clnt_tli_create()
** CID 975113: Unchecked return value from library (CHECKED_RETURN)
/lib/libc/rpc/clnt_generic.c: 346 in _clnt_tli_create()
** CID 975114: Unchecked return value from library (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 159 in clnt_com_create()
** CID 975115: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 258 in svc_com_create()
** CID 975117: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/svc_generic.c: 254 in _svc_tli_create()
/lib/libc/rpc/svc_generic.c: 263 in _svc_tli_create()
** CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 855 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 859 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 863 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 867 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 871 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 875 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 879 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 883 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 887 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 891 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 895 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 900 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 904 in zfs_xvattr_set()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 910 in zfs_xvattr_set()
** CID 975741: Logically dead code (DEADCODE)
/external/cddl/osnet/dist/uts/common/fs/zfs/spa.c: 1820 in spa_load_impl()
** CID 976138: Explicit null dereferenced (FORWARD_NULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/arc.c: 4605 in l2arc_remove_vdev()
** CID 976141: Explicit null dereferenced (FORWARD_NULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_dir.c: 71 in zfs_match_find()
** CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
/lib/libc/rpc/svc_vc.c: 515 in read_vc()
/lib/libc/rpc/svc_vc.c: 519 in read_vc()
** CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
/lib/libc/rpc/svc_vc.c: 287 in makefd_xprt()
** CID 976950: Dereference null return value (NULL_RETURNS)
/external/cddl/osnet/dist/uts/common/fs/zfs/spa_misc.c: 668 in spa_aux_remove()
** CID 976951: Dereference null return value (NULL_RETURNS)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_fuid.c: 597 in zfs_fuid_create()
** CID 977002: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/external/cddl/osnet/dist/uts/common/fs/zfs/txg.c: 365 in txg_sync_thread()
** CID 977175: Out-of-bounds write (OVERRUN)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_fm.c: 479 in add_range()
** CID 977184: Out-of-bounds read (OVERRUN)
/external/cddl/osnet/dist/uts/common/fs/zfs/zvol.c: 1101 in zvol_log_write()
** CID 978280: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/check_bound.c: 108 in check_bound()
________________________________________________________________________________________________________
*** CID 94027: Resource leak (RESOURCE_LEAK)
/external/gpl2/lvm2/dist/lib/commands/toolcontext.c: 683 in _init_filters()
677 "%s%s%s/%s.cache",
678 cache_dir ? "" : cmd->system_dir,
679 cache_dir ? "" : "/",
680 cache_dir ? : DEFAULT_CACHE_SUBDIR,
681 cache_file_prefix ? : DEFAULT_CACHE_FILE_PREFIX) <
0) {
682 log_error("Persistent cache filename too
long.");
>>> CID 94027: Resource leak (RESOURCE_LEAK)
>>> Variable "f3" going out of scope leaks the storage it points to.
683 return 0;
684 }
685 } else if (!(dev_cache = find_config_tree_str(cmd,
"devices/cache", NULL)) &&
686 (dm_snprintf(cache_file, sizeof(cache_file),
687 "%s/%s/%s.cache",
688 cmd->system_dir, DEFAULT_CACHE_SUBDIR,
________________________________________________________________________________________________________
*** CID 272959: Dereference after null check (FORWARD_NULL)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 856 in bsd_init()
850 __func__);
851 goto bad;
852 }
853
854 return drv;
855 bad:
>>> CID 272959: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "drv".
856 if (drv->sock_xmit != NULL)
857 l2_packet_deinit(drv->sock_xmit);
858 if (drv->sock >= 0)
859 close(drv->sock);
860 if (drv != NULL)
861 os_free(drv);
________________________________________________________________________________________________________
*** CID 975111: Unchecked return value (CHECKED_RETURN)
/lib/libc/net/rcmd.c: 701 in iruserok_sa()
695 * If root and reading an NFS mounted file system, can't
696 * read files that are protected read/write owner only.
697 */
698 uid = geteuid();
699 gid = getegid();
700 (void)setegid(pwd->pw_gid);
>>> CID 975111: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "initgroups(pwd->pw_name, pwd->pw_gid)".
701 initgroups(pwd->pw_name, pwd->pw_gid);
702 (void)seteuid(pwd->pw_uid);
703 hostf = fopen(pbuf, "r");
704
705 if (hostf != NULL) {
706 /*
________________________________________________________________________________________________________
*** CID 975112: Unchecked return value from library (CHECKED_RETURN)
/lib/libc/rpc/clnt_generic.c: 324 in _clnt_tli_create()
318
319 madefd = TRUE;
320 servtype = nconf->nc_semantics;
321 if (!__rpc_fd2sockinfo(fd, &si))
322 goto err;
323
>>> CID 975112: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "_bindresvport(fd, NULL)".
324 bindresvport(fd, NULL);
325 } else {
326 if (!__rpc_fd2sockinfo(fd, &si))
327 goto err;
328 servtype = __rpc_socktype2seman(si.si_socktype);
329 if (servtype == -1) {
________________________________________________________________________________________________________
*** CID 975113: Unchecked return value from library (CHECKED_RETURN)
/lib/libc/rpc/clnt_generic.c: 346 in _clnt_tli_create()
340
341 switch (servtype) {
342 case NC_TPI_COTS_ORD:
343 cl = clnt_vc_create(fd, svcaddr, prog, vers, sendsz,
recvsz);
344 if (!nconf || !cl)
345 break;
>>> CID 975113: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "__rpc_setnodelay(fd, &si)".
346 __rpc_setnodelay(fd, &si);
347 break;
348 case NC_TPI_CLTS:
349 cl = clnt_dg_create(fd, svcaddr, prog, vers, sendsz,
recvsz);
350 break;
351 default:
________________________________________________________________________________________________________
*** CID 975114: Unchecked return value from library (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 159 in clnt_com_create()
153 }
154
155 /* Transform sockaddr_in to netbuf */
156 bindaddr.maxlen = bindaddr.len = sizeof (struct sockaddr_in);
157 bindaddr.buf = raddr;
158
>>> CID 975114: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "_bindresvport(fd, NULL)".
159 bindresvport(fd, NULL);
160 cl = clnt_tli_create(fd, nconf, &bindaddr, prog, vers,
161 sendsz, recvsz);
162 if (cl) {
163 if (madefd == TRUE) {
164 /*
________________________________________________________________________________________________________
*** CID 975115: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 258 in svc_com_create()
252 madefd = TRUE;
253 }
254
255 memset(&sccsin, 0, sizeof sccsin);
256 sccsin.sin_family = AF_INET;
257 bindresvport(fd, &sccsin);
>>> CID 975115: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "listen(fd, 128)".
258 listen(fd, SOMAXCONN);
259 svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize);
260 (void) freenetconfigent(nconf);
261 if (svc == NULL) {
262 if (madefd)
263 (void) close(fd);
________________________________________________________________________________________________________
*** CID 975117: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/svc_generic.c: 254 in _svc_tli_create()
248 (socklen_t)si.si_alen) < 0) {
249 warn( "%s: could not bind to
anonymous "
250 "port", __func__);
251 goto freedata;
252 }
253 }
>>> CID 975117: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "listen(fd, 128)".
254 listen(fd, SOMAXCONN);
255 } else {
256 if (bind(fd,
257 (struct sockaddr *)bindaddr->addr.buf,
258 (socklen_t)si.si_alen) < 0) {
259 warnx("%s: could not bind to requested
address",
/lib/libc/rpc/svc_generic.c: 263 in _svc_tli_create()
257 (struct sockaddr *)bindaddr->addr.buf,
258 (socklen_t)si.si_alen) < 0) {
259 warnx("%s: could not bind to requested
address",
260 __func__);
261 goto freedata;
262 }
>>> CID 975117: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "listen(fd, (int)bindaddr->qlen)".
263 listen(fd, (int)bindaddr->qlen);
264 }
265
266 }
267 /*
268 * call transport specific function.
________________________________________________________________________________________________________
*** CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 855 in zfs_xvattr_set()
849 {
850 xoptattr_t *xoap;
851
852 xoap = xva_getxoptattr(xvap);
853 ASSERT(xoap);
854
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
855 if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
856 ZFS_TIME_ENCODE(&xoap->xoa_createtime,
zp->z_phys->zp_crtime);
857 XVA_SET_RTN(xvap, XAT_CREATETIME);
858 }
859 if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
860 ZFS_ATTR_SET(zp, ZFS_READONLY, xoap->xoa_readonly);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 859 in zfs_xvattr_set()
853 ASSERT(xoap);
854
855 if (XVA_ISSET_REQ(xvap, XAT_CREATETIME)) {
856 ZFS_TIME_ENCODE(&xoap->xoa_createtime,
zp->z_phys->zp_crtime);
857 XVA_SET_RTN(xvap, XAT_CREATETIME);
858 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
859 if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
860 ZFS_ATTR_SET(zp, ZFS_READONLY, xoap->xoa_readonly);
861 XVA_SET_RTN(xvap, XAT_READONLY);
862 }
863 if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
864 ZFS_ATTR_SET(zp, ZFS_HIDDEN, xoap->xoa_hidden);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 863 in zfs_xvattr_set()
857 XVA_SET_RTN(xvap, XAT_CREATETIME);
858 }
859 if (XVA_ISSET_REQ(xvap, XAT_READONLY)) {
860 ZFS_ATTR_SET(zp, ZFS_READONLY, xoap->xoa_readonly);
861 XVA_SET_RTN(xvap, XAT_READONLY);
862 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
863 if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
864 ZFS_ATTR_SET(zp, ZFS_HIDDEN, xoap->xoa_hidden);
865 XVA_SET_RTN(xvap, XAT_HIDDEN);
866 }
867 if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
868 ZFS_ATTR_SET(zp, ZFS_SYSTEM, xoap->xoa_system);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 867 in zfs_xvattr_set()
861 XVA_SET_RTN(xvap, XAT_READONLY);
862 }
863 if (XVA_ISSET_REQ(xvap, XAT_HIDDEN)) {
864 ZFS_ATTR_SET(zp, ZFS_HIDDEN, xoap->xoa_hidden);
865 XVA_SET_RTN(xvap, XAT_HIDDEN);
866 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
867 if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
868 ZFS_ATTR_SET(zp, ZFS_SYSTEM, xoap->xoa_system);
869 XVA_SET_RTN(xvap, XAT_SYSTEM);
870 }
871 if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
872 ZFS_ATTR_SET(zp, ZFS_ARCHIVE, xoap->xoa_archive);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 871 in zfs_xvattr_set()
865 XVA_SET_RTN(xvap, XAT_HIDDEN);
866 }
867 if (XVA_ISSET_REQ(xvap, XAT_SYSTEM)) {
868 ZFS_ATTR_SET(zp, ZFS_SYSTEM, xoap->xoa_system);
869 XVA_SET_RTN(xvap, XAT_SYSTEM);
870 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
871 if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
872 ZFS_ATTR_SET(zp, ZFS_ARCHIVE, xoap->xoa_archive);
873 XVA_SET_RTN(xvap, XAT_ARCHIVE);
874 }
875 if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
876 ZFS_ATTR_SET(zp, ZFS_IMMUTABLE, xoap->xoa_immutable);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 875 in zfs_xvattr_set()
869 XVA_SET_RTN(xvap, XAT_SYSTEM);
870 }
871 if (XVA_ISSET_REQ(xvap, XAT_ARCHIVE)) {
872 ZFS_ATTR_SET(zp, ZFS_ARCHIVE, xoap->xoa_archive);
873 XVA_SET_RTN(xvap, XAT_ARCHIVE);
874 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
875 if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
876 ZFS_ATTR_SET(zp, ZFS_IMMUTABLE, xoap->xoa_immutable);
877 XVA_SET_RTN(xvap, XAT_IMMUTABLE);
878 }
879 if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
880 ZFS_ATTR_SET(zp, ZFS_NOUNLINK, xoap->xoa_nounlink);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 879 in zfs_xvattr_set()
873 XVA_SET_RTN(xvap, XAT_ARCHIVE);
874 }
875 if (XVA_ISSET_REQ(xvap, XAT_IMMUTABLE)) {
876 ZFS_ATTR_SET(zp, ZFS_IMMUTABLE, xoap->xoa_immutable);
877 XVA_SET_RTN(xvap, XAT_IMMUTABLE);
878 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
879 if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
880 ZFS_ATTR_SET(zp, ZFS_NOUNLINK, xoap->xoa_nounlink);
881 XVA_SET_RTN(xvap, XAT_NOUNLINK);
882 }
883 if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
884 ZFS_ATTR_SET(zp, ZFS_APPENDONLY, xoap->xoa_appendonly);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 883 in zfs_xvattr_set()
877 XVA_SET_RTN(xvap, XAT_IMMUTABLE);
878 }
879 if (XVA_ISSET_REQ(xvap, XAT_NOUNLINK)) {
880 ZFS_ATTR_SET(zp, ZFS_NOUNLINK, xoap->xoa_nounlink);
881 XVA_SET_RTN(xvap, XAT_NOUNLINK);
882 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
883 if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
884 ZFS_ATTR_SET(zp, ZFS_APPENDONLY, xoap->xoa_appendonly);
885 XVA_SET_RTN(xvap, XAT_APPENDONLY);
886 }
887 if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
888 ZFS_ATTR_SET(zp, ZFS_NODUMP, xoap->xoa_nodump);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 887 in zfs_xvattr_set()
881 XVA_SET_RTN(xvap, XAT_NOUNLINK);
882 }
883 if (XVA_ISSET_REQ(xvap, XAT_APPENDONLY)) {
884 ZFS_ATTR_SET(zp, ZFS_APPENDONLY, xoap->xoa_appendonly);
885 XVA_SET_RTN(xvap, XAT_APPENDONLY);
886 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
887 if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
888 ZFS_ATTR_SET(zp, ZFS_NODUMP, xoap->xoa_nodump);
889 XVA_SET_RTN(xvap, XAT_NODUMP);
890 }
891 if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
892 ZFS_ATTR_SET(zp, ZFS_OPAQUE, xoap->xoa_opaque);
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 891 in zfs_xvattr_set()
885 XVA_SET_RTN(xvap, XAT_APPENDONLY);
886 }
887 if (XVA_ISSET_REQ(xvap, XAT_NODUMP)) {
888 ZFS_ATTR_SET(zp, ZFS_NODUMP, xoap->xoa_nodump);
889 XVA_SET_RTN(xvap, XAT_NODUMP);
890 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
891 if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
892 ZFS_ATTR_SET(zp, ZFS_OPAQUE, xoap->xoa_opaque);
893 XVA_SET_RTN(xvap, XAT_OPAQUE);
894 }
895 if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
896 ZFS_ATTR_SET(zp, ZFS_AV_QUARANTINED,
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 895 in zfs_xvattr_set()
889 XVA_SET_RTN(xvap, XAT_NODUMP);
890 }
891 if (XVA_ISSET_REQ(xvap, XAT_OPAQUE)) {
892 ZFS_ATTR_SET(zp, ZFS_OPAQUE, xoap->xoa_opaque);
893 XVA_SET_RTN(xvap, XAT_OPAQUE);
894 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
895 if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
896 ZFS_ATTR_SET(zp, ZFS_AV_QUARANTINED,
897 xoap->xoa_av_quarantined);
898 XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
899 }
900 if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 900 in zfs_xvattr_set()
894 }
895 if (XVA_ISSET_REQ(xvap, XAT_AV_QUARANTINED)) {
896 ZFS_ATTR_SET(zp, ZFS_AV_QUARANTINED,
897 xoap->xoa_av_quarantined);
898 XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
899 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
900 if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
901 ZFS_ATTR_SET(zp, ZFS_AV_MODIFIED,
xoap->xoa_av_modified);
902 XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
903 }
904 if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP)) {
905 (void) memcpy(zp->z_phys + 1, xoap->xoa_av_scanstamp,
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 904 in zfs_xvattr_set()
898 XVA_SET_RTN(xvap, XAT_AV_QUARANTINED);
899 }
900 if (XVA_ISSET_REQ(xvap, XAT_AV_MODIFIED)) {
901 ZFS_ATTR_SET(zp, ZFS_AV_MODIFIED,
xoap->xoa_av_modified);
902 XVA_SET_RTN(xvap, XAT_AV_MODIFIED);
903 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
904 if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP)) {
905 (void) memcpy(zp->z_phys + 1, xoap->xoa_av_scanstamp,
906 sizeof (xoap->xoa_av_scanstamp));
907 zp->z_phys->zp_flags |= ZFS_BONUS_SCANSTAMP;
908 XVA_SET_RTN(xvap, XAT_AV_SCANSTAMP);
909 }
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_znode.c: 910 in zfs_xvattr_set()
904 if (XVA_ISSET_REQ(xvap, XAT_AV_SCANSTAMP)) {
905 (void) memcpy(zp->z_phys + 1, xoap->xoa_av_scanstamp,
906 sizeof (xoap->xoa_av_scanstamp));
907 zp->z_phys->zp_flags |= ZFS_BONUS_SCANSTAMP;
908 XVA_SET_RTN(xvap, XAT_AV_SCANSTAMP);
909 }
>>> CID 975410: Wrong operator used (CONSTANT_EXPRESSION_RESULT)
>>> "xvap->xva_vattr.va_spare | 65536" is always 1/true regardless of the
>>> values of its operand. This occurs as the logical first operand of '&&'.
>>> Did you intend to use '&' rather than '|'?
910 if (XVA_ISSET_REQ(xvap, XAT_REPARSE)) {
911 ZFS_ATTR_SET(zp, ZFS_REPARSE, xoap->xoa_reparse);
912 XVA_SET_RTN(xvap, XAT_REPARSE);
913 }
914 }
915
________________________________________________________________________________________________________
*** CID 975741: Logically dead code (DEADCODE)
/external/cddl/osnet/dist/uts/common/fs/zfs/spa.c: 1820 in spa_load_impl()
1814 /*
1815 * We're emulating the system's hostid in
userland, so
1816 * we can't use zone_get_hostid().
1817 */
1818 (void) ddi_strtoul(hw_serial, NULL, 10,
&myhostid);
1819 #endif /* _KERNEL */
>>> CID 975741: Logically dead code (DEADCODE)
>>> Execution cannot reach this expression "hostid != myhostid" inside
>>> statement "if (hostid != 0ULL && myhos...".
1820 if (hostid != 0 && myhostid != 0 &&
1821 hostid != myhostid) {
1822 cmn_err(CE_WARN, "pool '%s' could not
be "
1823 "loaded as it was last accessed by "
1824 "another system (host: %s hostid:
0x%lx). "
1825 "See:
http://www.sun.com/msg/ZFS-8000-EY";,
________________________________________________________________________________________________________
*** CID 976138: Explicit null dereferenced (FORWARD_NULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/arc.c: 4605 in l2arc_remove_vdev()
4599 /*
4600 * Remove a vdev from the L2ARC.
4601 */
4602 void
4603 l2arc_remove_vdev(vdev_t *vd)
4604 {
>>> CID 976138: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "remdev" = "NULL".
4605 l2arc_dev_t *dev, *nextdev, *remdev = NULL;
4606
4607 /*
4608 * Find the device by vdev
4609 */
4610 mutex_enter(&l2arc_dev_mtx);
________________________________________________________________________________________________________
*** CID 976141: Explicit null dereferenced (FORWARD_NULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_dir.c: 71 in zfs_match_find()
65 int error;
66
67 if (zfsvfs->z_norm) {
68 matchtype_t mt = MT_FIRST;
69 boolean_t conflict = B_FALSE;
70 size_t bufsz = 0;
>>> CID 976141: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "buf" = "NULL".
71 char *buf = NULL;
72
73 if (rpnp) {
74 buf = rpnp->pn_buf;
75 bufsz = rpnp->pn_bufsize;
76 }
________________________________________________________________________________________________________
*** CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
/lib/libc/rpc/svc_vc.c: 515 in read_vc()
509 if (cmp->cmsg_level != SOL_SOCKET ||
510 cmp->cmsg_type != SCM_CREDS)
511 goto fatal_err;
512
513 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
514
>>> CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed
>>> or truncated value) "24U + 4U * (sc->sc_ngroups - 1)" used as critical
>>> argument to function.
515 xprt->xp_p2 = mem_alloc(SOCKCREDSIZE(sc->sc_ngroups));
516 if (xprt->xp_p2 == NULL)
517 goto fatal_err;
518
519 memcpy(xprt->xp_p2, sc, SOCKCREDSIZE(sc->sc_ngroups));
520 free(crmsg);
/lib/libc/rpc/svc_vc.c: 519 in read_vc()
513 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
514
515 xprt->xp_p2 = mem_alloc(SOCKCREDSIZE(sc->sc_ngroups));
516 if (xprt->xp_p2 == NULL)
517 goto fatal_err;
518
>>> CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed
>>> or truncated value) "24U + 4U * (sc->sc_ngroups - 1)" used as critical
>>> argument to function.
519 memcpy(xprt->xp_p2, sc, SOCKCREDSIZE(sc->sc_ngroups));
520 free(crmsg);
521 crmsg = NULL;
522 }
523
524 cfp = (struct cf_conn *)xprt->xp_p1;
________________________________________________________________________________________________________
*** CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
/lib/libc/rpc/svc_vc.c: 287 in makefd_xprt()
281 xdrrec_create(&(cd->xdrs), sendsize, recvsize,
282 (caddr_t)(void *)xprt, read_vc, write_vc);
283 xprt->xp_p1 = (caddr_t)(void *)cd;
284 xprt->xp_verf.oa_base = cd->verf_body;
285 svc_vc_ops(xprt); /* truely deals with calls */
286 xprt->xp_port = 0; /* this is a connection, not a rendezvouser
*/
>>> CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "xprt->xp_fd" = "fd".
287 xprt->xp_fd = fd;
288 if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si,
&netid))
289 if ((xprt->xp_netid = strdup(netid)) == NULL)
290 goto outofmem;
291
292 if (!xprt_register(xprt))
________________________________________________________________________________________________________
*** CID 976950: Dereference null return value (NULL_RETURNS)
/external/cddl/osnet/dist/uts/common/fs/zfs/spa_misc.c: 668 in spa_aux_remove()
662
663 search.aux_guid = vd->vdev_guid;
664 aux = avl_find(avl, &search, &where);
665
666 ASSERT(aux != NULL);
667
>>> CID 976950: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "aux".
668 if (--aux->aux_count == 0) {
669 avl_remove(avl, aux);
670 kmem_free(aux, sizeof (spa_aux_t));
671 } else if (aux->aux_pool == spa_guid(vd->vdev_spa)) {
672 aux->aux_pool = 0ULL;
673 }
________________________________________________________________________________________________________
*** CID 976951: Dereference null return value (NULL_RETURNS)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_fuid.c: 597 in zfs_fuid_create()
591 return (crgetuid(cr));
592
593 switch (type) {
594 case ZFS_ACE_USER:
595 case ZFS_ACE_GROUP:
596 zfuid = list_head(&fuidp->z_fuids);
>>> CID 976951: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "zfuid".
597 rid = FUID_RID(zfuid->z_logfuid);
598 idx = FUID_INDEX(zfuid->z_logfuid);
599 break;
600 case ZFS_OWNER:
601 rid = FUID_RID(fuidp->z_fuid_owner);
602 idx = FUID_INDEX(fuidp->z_fuid_owner);
________________________________________________________________________________________________________
*** CID 977002: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/external/cddl/osnet/dist/uts/common/fs/zfs/txg.c: 365 in txg_sync_thread()
359 uint64_t start, delta;
360
361 txg_thread_enter(tx, &cpr);
362 dprintf("txg_sync_thread called\n");
363 start = delta = 0;
364 for (;;) {
>>> CID 977002: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "zfs_txg_timeout * hz" with type
>>> "int" (32 bits, signed) is evaluated using 32-bit arithmetic before being
>>> used in a context which expects an expression of type "__uint64_t" (64
>>> bits, unsigned). To avoid overflow, cast either operand to "__uint64_t"
>>> before performing the multiplication.
365 uint64_t timer, timeout = zfs_txg_timeout * hz;
366 uint64_t txg;
367 dprintf("txg_sync_thread thread for\n");
368 /*
369 * We sync when we're scrubbing, there's someone waiting
370 * on us, or the quiesce thread has handed off a txg to
________________________________________________________________________________________________________
*** CID 977175: Out-of-bounds write (OVERRUN)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_fm.c: 479 in add_range()
473 r[count - 1].zr_end = end;
474 return;
475 }
476 if (gap < eip->zei_mingap)
477 eip->zei_mingap = gap;
478 }
>>> CID 977175: Out-of-bounds write (OVERRUN)
>>> Overrunning array of 16 8-byte elements at element index 16 (byte
>>> offset 128) by dereferencing pointer "r + count".
479 r[count].zr_start = start;
480 r[count].zr_end = end;
481 eip->zei_range_count++;
482 }
483
484 static size_t
________________________________________________________________________________________________________
*** CID 977184: Out-of-bounds read (OVERRUN)
/external/cddl/osnet/dist/uts/common/fs/zfs/zvol.c: 1101 in zvol_log_write()
1095 write_state = WR_NEED_COPY;
1096 len = MIN(ZIL_MAX_LOG_DATA, resid);
1097 }
1098
1099 itx = zil_itx_create(TX_WRITE, sizeof (*lr) +
1100 (write_state == WR_COPIED ? len : 0));
>>> CID 977184: Out-of-bounds read (OVERRUN)
>>> Assigning: "lr" = "&itx->itx_lr". "lr" now points to byte 0 of
>>> "itx->itx_lr" (which consists of 32 bytes).
1101 lr = (lr_write_t *)&itx->itx_lr;
1102 if (write_state == WR_COPIED && dmu_read(zv->zv_objset,
1103 ZVOL_OBJ, off, len, lr + 1, DMU_READ_NO_PREFETCH)
!= 0) {
1104 zil_itx_destroy(itx);
1105 itx = zil_itx_create(TX_WRITE, sizeof (*lr));
1106 lr = (lr_write_t *)&itx->itx_lr;
________________________________________________________________________________________________________
*** CID 978280: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/check_bound.c: 108 in check_bound()
102
103 ans = bind(fd, (struct sockaddr *)na->buf, na->len);
104
105 rump_sys_close(fd);
106 free(na);
107
>>> CID 978280: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
108 return (ans == 0 ? FALSE : TRUE);
109 }
110
111 int
112 add_bndlist(struct netconfig *nconf, struct netbuf *baddr)
113 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1448?tab=overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index