Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Hi,
Please find the latest report on new defect(s) introduced to
NetBSD-amd64-kernel found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1223332: Unchecked return value (CHECKED_RETURN)
/sys/dev/sequencer.c: 1376 in midiseq_in()
** CID 1223334: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/sys/fs/tmpfs/tmpfs_vfsops.c: 143 in tmpfs_mount()
** CID 1223335: Logically dead code (DEADCODE)
/sys/fs/tmpfs/tmpfs_vfsops.c: 144 in tmpfs_mount()
** CID 1223336: Logically dead code (DEADCODE)
/sys/net/if_ppp.c: 1696 in ppp_inproc()
** CID 1223337: Logically dead code (DEADCODE)
/sys/net/if_ppp.c: 1679 in ppp_inproc()
** CID 1223338: Explicit null dereferenced (FORWARD_NULL)
/sys/dev/ic/hd64570.c: 1699 in sca_frame_process()
** CID 1223339: Dereference after null check (FORWARD_NULL)
/sys/net/if_fddisubr.c: 634 in fddi_input()
** CID 1223340: Explicit null dereferenced (FORWARD_NULL)
/sys/net/if_gre.c: 867 in gre_input()
** CID 1223341: Explicit null dereferenced (FORWARD_NULL)
/sys/net/if_loop.c: 342 in looutput()
** CID 1223345: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/sys/fs/cd9660/cd9660_vfsops.c: 788 in cd9660_loadvnode()
** CID 1223346: Dereference before null check (REVERSE_INULL)
/sys/fs/cd9660/cd9660_vfsops.c: 749 in cd9660_loadvnode()
/sys/fs/cd9660/cd9660_vfsops.c: 803 in cd9660_loadvnode()
** CID 1223347: Uninitialized pointer read (UNINIT)
/sys/net/if_ieee1394subr.c: 440 in ieee1394_input()
** CID 1223348: Structurally dead code (UNREACHABLE)
/sys/dev/pci/agp_i810.c: 550 in agp_i810_attach()
________________________________________________________________________________________________________
*** CID 1223332: Unchecked return value (CHECKED_RETURN)
/sys/dev/sequencer.c: 1376 in midiseq_in()
1370 sc = md->seq;
1371
1372 qi.qi_msg[0] = msg[0];
1373 qi.qi_msg[1] = msg[1];
1374 qi.qi_msg[2] = msg[2];
1375 qi.qi_msg[3] = md->unit | 0x80; /* ensure non-zero value of
qi_ptr */
>>> CID 1223332: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "pcq_put(sc->pcq, qi.qi_ptr)".
1376 pcq_put(sc->pcq, qi.qi_ptr);
1377 softint_schedule(sc->sih);
1378 }
1379
1380 static struct midi_dev *
1381 midiseq_open(int unit, int flags)
________________________________________________________________________________________________________
*** CID 1223334: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/sys/fs/tmpfs/tmpfs_vfsops.c: 143 in tmpfs_mount()
137
138 /* Check for invalid uid and gid arguments */
139 if (args->ta_root_uid == VNOVAL || args->ta_root_gid == VNOVAL)
140 return EINVAL;
141
142 /* This can never happen? */
>>> CID 1223334: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
>>> "(args->ta_root_mode & (4095U /* ((((0x800 | 0x400) | 0x200) | 0x1c0) |
>>> 0x38) | 7 */)) == -1" is always false regardless of the values of its
>>> operands. This occurs as the logical operand of if.
143 if ((args->ta_root_mode & ALLPERMS) == VNOVAL)
144 return EINVAL;
145
146 /* Get the memory usage limit for this file-system. */
147 if (args->ta_size_max < PAGE_SIZE) {
148 memlimit = UINT64_MAX;
________________________________________________________________________________________________________
*** CID 1223335: Logically dead code (DEADCODE)
/sys/fs/tmpfs/tmpfs_vfsops.c: 144 in tmpfs_mount()
138 /* Check for invalid uid and gid arguments */
139 if (args->ta_root_uid == VNOVAL || args->ta_root_gid == VNOVAL)
140 return EINVAL;
141
142 /* This can never happen? */
143 if ((args->ta_root_mode & ALLPERMS) == VNOVAL)
>>> CID 1223335: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "return 22;".
144 return EINVAL;
145
146 /* Get the memory usage limit for this file-system. */
147 if (args->ta_size_max < PAGE_SIZE) {
148 memlimit = UINT64_MAX;
149 } else {
________________________________________________________________________________________________________
*** CID 1223336: Logically dead code (DEADCODE)
/sys/net/if_ppp.c: 1696 in ppp_inproc()
1690 printf("%s: input queue full\n", ifp->if_xname);
1691 ifp->if_iqdrops++;
1692 goto bad;
1693 }
1694 IF_ENQUEUE(inq, m);
1695 if (__predict_true(isr)) {
>>> CID 1223336: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "schednetisr(isr);".
1696 schednetisr(isr);
1697 }
1698 splx(s);
1699 ifp->if_ipackets++;
1700 ifp->if_ibytes += ilen;
1701
________________________________________________________________________________________________________
*** CID 1223337: Logically dead code (DEADCODE)
/sys/net/if_ppp.c: 1679 in ppp_inproc()
1673 goto bad;
1674 }
1675 ifp->if_ipackets++;
1676 ifp->if_ibytes += ilen;
1677 splx(s);
1678 if (rv)
>>> CID 1223337: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "(*sc->sc_ctlp)(sc);".
1679 (*sc->sc_ctlp)(sc);
1680 return;
1681 }
1682
1683 if (!inq) {
1684 goto bad;
________________________________________________________________________________________________________
*** CID 1223338: Explicit null dereferenced (FORWARD_NULL)
/sys/dev/ic/hd64570.c: 1699 in sca_frame_process()
1693 if (__predict_false(!pktq_enqueue(pktq, m, 0))) {
1694 scp->sp_if.if_iqdrops++;
1695 goto dropit;
1696 }
1697 return;
1698 }
>>> CID 1223338: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "ifq".
1699 if (!IF_QFULL(ifq)) {
1700 IF_ENQUEUE(ifq, m);
1701 schednetisr(isr);
1702 } else {
1703 IF_DROP(ifq);
1704 scp->sp_if.if_iqdrops++;
________________________________________________________________________________________________________
*** CID 1223339: Dereference after null check (FORWARD_NULL)
/sys/net/if_fddisubr.c: 634 in fddi_input()
628 #endif
629 #if defined(NS) || defined(DECNET) || defined(IPX) || defined(NETATALK)
630 if (!inq) {
631 m_freem(m);
632 }
633 s = splnet();
>>> CID 1223339: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "inq".
634 if (IF_QFULL(inq)) {
635 IF_DROP(inq);
636 m_freem(m);
637 } else {
638 IF_ENQUEUE(inq, m);
639 schednetisr(isr);
________________________________________________________________________________________________________
*** CID 1223340: Explicit null dereferenced (FORWARD_NULL)
/sys/net/if_gre.c: 867 in gre_input()
861 m_freem(m);
862 }
863 return 1;
864 }
865
866 s = splnet();
>>> CID 1223340: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "ifq".
867 if (IF_QFULL(ifq)) {
868 IF_DROP(ifq);
869 m_freem(m);
870 } else {
871 IF_ENQUEUE(ifq, m);
872 }
________________________________________________________________________________________________________
*** CID 1223341: Explicit null dereferenced (FORWARD_NULL)
/sys/net/if_loop.c: 342 in looutput()
336 m_freem(m);
337 error = ENOBUFS;
338 }
339 splx(s);
340 return error;
341 }
>>> CID 1223341: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "ifq".
342 if (IF_QFULL(ifq)) {
343 IF_DROP(ifq);
344 m_freem(m);
345 splx(s);
346 return (ENOBUFS);
347 }
________________________________________________________________________________________________________
*** CID 1223345: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/sys/fs/cd9660/cd9660_vfsops.c: 788 in cd9660_loadvnode()
782 switch (imp->iso_ftype) {
783 default: /* ISO_FTYPE_9660 */
784 {
785 struct buf *bp2;
786 if ((imp->im_flags & ISOFSMNT_EXTATT)
787 && (off = isonum_711(isodir->ext_attr_length)))
>>> CID 1223345: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "off << imp->im_bshift" with type
>>> "int" (32 bits, signed) is evaluated using 32-bit arithmetic before being
>>> used in a context which expects an expression of type "__off_t" (64 bits,
>>> signed). To avoid overflow, cast the left operand to "__off_t" before
>>> performing the left shift.
788 cd9660_blkatoff(vp, (off_t)-(off <<
imp->im_bshift),
789 NULL, &bp2);
790 else
791 bp2 = NULL;
792 cd9660_defattr(isodir, ip, bp2);
793 cd9660_deftstamp(isodir, ip, bp2);
________________________________________________________________________________________________________
*** CID 1223346: Dereference before null check (REVERSE_INULL)
/sys/fs/cd9660/cd9660_vfsops.c: 749 in cd9660_loadvnode()
743 return (error);
744 }
745 isodir = (struct iso_directory_record *)((char *)bp->b_data +
off);
746
747 if (off + isonum_711(isodir->length) > imp->logical_block_size)
{
748 pool_put(&cd9660_node_pool, ip);
>>> CID 1223346: Dereference before null check (REVERSE_INULL)
>>> Null-checking "bp" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
749 if (bp != 0)
750 brelse(bp, 0);
751 printf("fhtovp: directory crosses block boundary
%d[off=%d/len=%d]\n",
752 off +isonum_711(isodir->length), off,
753 isonum_711(isodir->length));
754 return (ESTALE);
/sys/fs/cd9660/cd9660_vfsops.c: 803 in cd9660_loadvnode()
797 }
798 case ISO_FTYPE_RRIP:
799 cd9660_rrip_analyze(isodir, ip, imp);
800 break;
801 }
802
>>> CID 1223346: Dereference before null check (REVERSE_INULL)
>>> Null-checking "bp" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
803 if (bp != 0)
804 brelse(bp, 0);
805
806 /*
807 * Initialize the associated vnode
808 */
________________________________________________________________________________________________________
*** CID 1223347: Uninitialized pointer read (UNINIT)
/sys/net/if_ieee1394subr.c: 440 in ieee1394_input()
434 m_freem(m);
435 }
436 return;
437 }
438
439 s = splnet();
>>> CID 1223347: Uninitialized pointer read (UNINIT)
>>> Using uninitialized value "inq".
440 if (IF_QFULL(inq)) {
441 IF_DROP(inq);
442 m_freem(m);
443 } else {
444 IF_ENQUEUE(inq, m);
445 schednetisr(isr);
________________________________________________________________________________________________________
*** CID 1223348: Structurally dead code (UNREACHABLE)
/sys/dev/pci/agp_i810.c: 550 in agp_i810_attach()
544 /* Match the generic AGP code's autoconf output format. */
545 aprint_normal("%s", device_xname(self));
546
547 /* Success! */
548 return 0;
549
>>> CID 1223348: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "fail5:
pmf_device_deregiste...".
550 fail5: __unused
551 pmf_device_deregister(self);
552 if ((gtt_bar != 0) || (isc->size < gtt_off))
553 bus_space_unmap(isc->gtt_bst, isc->gtt_bsh,
isc->gtt_size);
554 isc->gtt_size = 0;
555 fail4:
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1447?tab=overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index