Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user
found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 20 of 182 defect(s)
** CID 20290: Missing break in switch (MISSING_BREAK)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.c: 1300 in yytnamerr()
** CID 272942: Logically dead code (DEADCODE)
/usr.sbin/sysinst/mbr.c: 1152 in set_mbr_label()
** CID 272971: Negative array index read (NEGATIVE_RETURNS)
/usr.sbin/sysinst/bsddisklabel.c: 679 in make_bsd_partitions()
** CID 273020: Use after free (USE_AFTER_FREE)
/usr.sbin/sysinst/net.c: 1227 in mnt_net_config()
** CID 401310: Out-of-bounds access (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7220 in
save_SamplerParameterf()
** CID 401311: Out-of-bounds access (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7189 in
save_SamplerParameteri()
** CID 401312: Out-of-bounds access (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/querymatrix.c: 125
in _es_QueryMatrixxOES()
** CID 401353: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/indirect_glx.c: 434 in
indirect_create_context()
** CID 401357: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2215 in
_mesa_texstore_unorm88()
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2226 in
_mesa_texstore_unorm88()
** CID 401359: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_drawpix.c: 549
in draw_rgba_pixels()
** CID 401376: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1874 in
glcpp__switch_to_buffer()
** CID 401377: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 2027 in
glcpp_push_buffer_state()
** CID 401378: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1841 in glcpp_restart()
** CID 401390: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.y: 1695 in
_define_object_macro()
** CID 401396: Dereference after null check (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/glxext.c: 257 in
__glXCloseDisplay()
** CID 401397: Dereference after null check (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/context.c: 1821 in
_mesa_valid_to_render()
** CID 401401: Dereference after null check (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_texrender.c:
637 in _swrast_render_texture()
** CID 401409: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1939 in
_mesa_GetBooleanv()
** CID 401412: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1961 in
_mesa_GetBooleanv()
** CID 401413: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 2301 in
_mesa_GetDoublev()
________________________________________________________________________________________________________
*** CID 20290: Missing break in switch (MISSING_BREAK)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.c: 1300 in yytnamerr()
1294
1295
1296
1297
1298
1299
>>> CID 20290: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
________________________________________________________________________________________________________
*** CID 272942: Logically dead code (DEADCODE)
/usr.sbin/sysinst/mbr.c: 1152 in set_mbr_label()
1146 } else
1147 wprintw(m->mw, " %.*s", len, name);
1148 #ifdef BOOTSEL
1149 if (mbri->mbrb.mbrbs_nametab[opt][0] != 0) {
1150 int x, y;
1151 if (opt >= MBR_PART_COUNT)
>>> CID 272942: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "opt = 0;".
1152 opt = 0;
1153 getyx(m->mw, y, x);
1154 if (x > 52) {
1155 x = 52;
1156 wmove(m->mw, y, x);
1157 }
________________________________________________________________________________________________________
*** CID 272971: Negative array index read (NEGATIVE_RETURNS)
/usr.sbin/sysinst/bsddisklabel.c: 679 in make_bsd_partitions()
673 * Save any partitions that are outside the area we are
674 * going to use.
675 * In particular this saves details of the other MBR
676 * partitions on a multiboot i386 system.
677 */
678 for (i = maxpart; i--;) {
>>> CID 272971: Negative array index read (NEGATIVE_RETURNS)
>>> Using variable "i" as an index to array "bsdlabel".
679 if (bsdlabel[i].pi_size != 0)
680 /* Don't overwrite special partitions */
681 continue;
682 p = &oldlabel[i];
683 if (p->pi_fstype == FS_UNUSED || p->pi_size == 0)
684 continue;
________________________________________________________________________________________________________
*** CID 273020: Use after free (USE_AFTER_FREE)
/usr.sbin/sysinst/net.c: 1227 in mnt_net_config()
1221 scripting_fprintf(NULL, "cat <<EOF
>>%s/etc/hosts\n",
1222 target_prefix());
1223 write_etc_hosts(hosts);
1224 (void)fclose(hosts);
1225 scripting_fprintf(NULL, "EOF\n");
1226
>>> CID 273020: Use after free (USE_AFTER_FREE)
>>> Calling "fclose(FILE *)" dereferences freed pointer "hosts".
1227 fclose(hosts);
1228 }
1229
1230 if (del_rc_conf("defaultroute") == 0)
1231 add_rc_conf("defaultroute=\"%s\"\n",
net_defroute);
1232 } else {
________________________________________________________________________________________________________
*** CID 401310: Out-of-bounds access (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7220 in
save_SamplerParameterf()
7214 }
7215 }
7216
7217 static void GLAPIENTRY
7218 save_SamplerParameterf(GLuint sampler, GLenum pname, GLfloat param)
7219 {
>>> CID 401310: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Taking address with "¶m" yields a singleton pointer.
7220 save_SamplerParameterfv(sampler, pname, ¶m);
7221 }
7222
7223 static void GLAPIENTRY
7224 save_SamplerParameterIiv(GLuint sampler, GLenum pname, const GLint
*params)
7225 {
________________________________________________________________________________________________________
*** CID 401311: Out-of-bounds access (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7189 in
save_SamplerParameteri()
7183 }
7184 }
7185
7186 static void GLAPIENTRY
7187 save_SamplerParameteri(GLuint sampler, GLenum pname, GLint param)
7188 {
>>> CID 401311: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Taking address with "¶m" yields a singleton pointer.
7189 save_SamplerParameteriv(sampler, pname, ¶m);
7190 }
7191
7192 static void GLAPIENTRY
7193 save_SamplerParameterfv(GLuint sampler, GLenum pname, const GLfloat
*params)
7194 {
________________________________________________________________________________________________________
*** CID 401312: Out-of-bounds access (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/querymatrix.c: 125
in _es_QueryMatrixxOES()
119 {GL_TEXTURE, GL_TEXTURE_MATRIX},
120 };
121
122 /* Call Mesa to get the current matrix in floating-point form.
First,
123 * we have to figure out what the current matrix mode is.
124 */
>>> CID 401312: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Taking address with "&tmp" yields a singleton pointer.
125 _mesa_GetIntegerv(GL_MATRIX_MODE, &tmp);
126 currentMode = (GLenum) tmp;
127
128 /* The mode is either GL_FALSE, if for some reason we failed to
query
129 * the mode, or a given mode from the above table. Search for the
130 * returned mode to get the desired matrix; if we don't find it,
________________________________________________________________________________________________________
*** CID 401353: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/indirect_glx.c: 434 in
indirect_create_context()
428 ** limit.
429 */
430 if (bufSize > __GLX_RENDER_CMD_SIZE_LIMIT) {
431 bufSize = __GLX_RENDER_CMD_SIZE_LIMIT;
432 }
433 if (bufSize > __GLX_MAX_RENDER_CMD_SIZE) {
>>> CID 401353: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "bufSize = 64000;".
434 bufSize = __GLX_MAX_RENDER_CMD_SIZE;
435 }
436 gc->maxSmallRenderCommandSize = bufSize;
437
438
439 return gc;
________________________________________________________________________________________________________
*** CID 401357: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2215 in
_mesa_texstore_unorm88()
2209 can_swizzle(srcFormat)) {
2210 GLubyte dstmap[4];
2211
2212 /* dstmap - how to swizzle from RGBA to dst format:
2213 */
2214 if (dstFormat == MESA_FORMAT_AL88 || dstFormat ==
MESA_FORMAT_AL88_REV) {
>>> CID 401357: Logically dead code (DEADCODE)
>>> Execution cannot reach this expression "dstFormat == 18U" inside
>>> statement "if ((littleEndian && dstFor...".
2215 if ((littleEndian && dstFormat == MESA_FORMAT_AL88) ||
2216 (!littleEndian && dstFormat == MESA_FORMAT_AL88_REV)) {
2217 dstmap[0] = 0;
2218 dstmap[1] = 3;
2219 }
2220 else {
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2226 in
_mesa_texstore_unorm88()
2220 else {
2221 dstmap[0] = 3;
2222 dstmap[1] = 0;
2223 }
2224 }
2225 else {
>>> CID 401357: Logically dead code (DEADCODE)
>>> Execution cannot reach this expression "dstFormat == 33U" inside
>>> statement "if ((littleEndian && dstFor...".
2226 if ((littleEndian && dstFormat == MESA_FORMAT_RG88) ||
2227 (!littleEndian && dstFormat == MESA_FORMAT_RG88_REV)) {
2228 dstmap[0] = 0;
2229 dstmap[1] = 1;
2230 }
2231 else {
________________________________________________________________________________________________________
*** CID 401359: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_drawpix.c: 549
in draw_rgba_pixels()
543
544 /* XXX this is ugly/temporary, to undo above change */
545 span.array->ChanType = CHAN_TYPE;
546 }
547
548 if (convImage) {
>>> CID 401359: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "free(convImage);".
549 free(convImage);
550 }
551 }
552
553
554 /**
________________________________________________________________________________________________________
*** CID 401376: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1874 in
glcpp__switch_to_buffer()
1868
1869
1870
1871
1872
1873
>>> CID 401376: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "yyg->yy_buffer_stack".
________________________________________________________________________________________________________
*** CID 401377: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 2027 in
glcpp_push_buffer_state()
2021
2022
2023
2024
2025
2026
>>> CID 401377: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "yyg->yy_buffer_stack".
________________________________________________________________________________________________________
*** CID 401378: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1841 in glcpp_restart()
1835
1836
1837
1838
1839
1840
>>> CID 401378: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "yyg->yy_buffer_stack".
________________________________________________________________________________________________________
*** CID 401390: Dereference after null check (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.y: 1695 in
_define_object_macro()
1689
1690
1691
1692
1693
1694
>>> CID 401390: Dereference after null check (FORWARD_NULL)
>>> Comparing "loc" to null implies that "loc" might be null.
________________________________________________________________________________________________________
*** CID 401396: Dereference after null check (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/glxext.c: 257 in
__glXCloseDisplay()
251 __glXCloseDisplay(Display * dpy, XExtCodes * codes)
252 {
253 struct glx_display *priv, **prev;
254
255 _XLockMutex(_Xglobal_lock);
256 prev = &glx_displays;
>>> CID 401396: Dereference after null check (FORWARD_NULL)
>>> Comparing "priv" to null implies that "priv" might be null.
257 for (priv = glx_displays; priv; prev = &priv->next, priv =
priv->next) {
258 if (priv->dpy == dpy) {
259 *prev = priv->next;
260 break;
261 }
262 }
________________________________________________________________________________________________________
*** CID 401397: Dereference after null check (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/context.c: 1821 in
_mesa_valid_to_render()
1815 _mesa_error(ctx, GL_INVALID_OPERATION,
1816 "%s(integer format but no fragment shader)",
where);
1817 return GL_FALSE;
1818 }
1819 }
1820
>>> CID 401397: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "ctx->DrawBuffer".
1821 if (ctx->DrawBuffer->_Status != GL_FRAMEBUFFER_COMPLETE_EXT) {
1822 _mesa_error(ctx, GL_INVALID_FRAMEBUFFER_OPERATION_EXT,
1823 "%s(incomplete framebuffer)", where);
1824 return GL_FALSE;
1825 }
1826
________________________________________________________________________________________________________
*** CID 401401: Dereference after null check (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_texrender.c:
637 in _swrast_render_texture()
631 _swrast_render_texture(struct gl_context *ctx,
632 struct gl_framebuffer *fb,
633 struct gl_renderbuffer_attachment *att)
634 {
635 (void) fb;
636
>>> CID 401401: Dereference after null check (FORWARD_NULL)
>>> Comparing "att->Renderbuffer" to null implies that "att->Renderbuffer"
>>> might be null.
637 if (!att->Renderbuffer) {
638 wrap_texture(ctx, att);
639 }
640 update_wrapper(ctx, att);
641 }
642
________________________________________________________________________________________________________
*** CID 401409: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1939 in
_mesa_GetBooleanv()
1933 params[0] = INT_TO_BOOLEAN(d->offset);
1934 break;
1935
1936 case TYPE_FLOAT_4:
1937 case TYPE_FLOATN_4:
1938 params[3] = FLOAT_TO_BOOLEAN(((GLfloat *) p)[3]);
>>> CID 401409: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
1939 case TYPE_FLOAT_3:
1940 case TYPE_FLOATN_3:
1941 params[2] = FLOAT_TO_BOOLEAN(((GLfloat *) p)[2]);
1942 case TYPE_FLOAT_2:
1943 case TYPE_FLOATN_2:
1944 params[1] = FLOAT_TO_BOOLEAN(((GLfloat *) p)[1]);
________________________________________________________________________________________________________
*** CID 401412: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1961 in
_mesa_GetBooleanv()
1955 params[3] = INT_TO_BOOLEAN(((GLint *) p)[3]);
1956 case TYPE_INT_3:
1957 params[2] = INT_TO_BOOLEAN(((GLint *) p)[2]);
1958 case TYPE_INT_2:
1959 case TYPE_ENUM_2:
1960 params[1] = INT_TO_BOOLEAN(((GLint *) p)[1]);
>>> CID 401412: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
1961 case TYPE_INT:
1962 case TYPE_ENUM:
1963 params[0] = INT_TO_BOOLEAN(((GLint *) p)[0]);
1964 break;
1965
1966 case TYPE_INT_N:
________________________________________________________________________________________________________
*** CID 401413: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 2301 in
_mesa_GetDoublev()
2295 params[0] = d->offset;
2296 break;
2297
2298 case TYPE_FLOAT_4:
2299 case TYPE_FLOATN_4:
2300 params[3] = ((GLfloat *) p)[3];
>>> CID 401413: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
2301 case TYPE_FLOAT_3:
2302 case TYPE_FLOATN_3:
2303 params[2] = ((GLfloat *) p)[2];
2304 case TYPE_FLOAT_2:
2305 case TYPE_FLOATN_2:
2306 params[1] = ((GLfloat *) p)[1];
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1449?tab=overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index