Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-amd64-user



Hi,


Please find the latest report on new defect(s) introduced to NetBSD-amd64-user 
found with Coverity Scan.

Defect(s) Reported-by: Coverity Scan
Showing 20 of 182 defect(s)


** CID 20290:  Missing break in switch  (MISSING_BREAK)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.c: 1300 in yytnamerr()

** CID 272942:  Logically dead code  (DEADCODE)
/usr.sbin/sysinst/mbr.c: 1152 in set_mbr_label()

** CID 272971:  Negative array index read  (NEGATIVE_RETURNS)
/usr.sbin/sysinst/bsddisklabel.c: 679 in make_bsd_partitions()

** CID 273020:  Use after free  (USE_AFTER_FREE)
/usr.sbin/sysinst/net.c: 1227 in mnt_net_config()

** CID 401310:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7220 in 
save_SamplerParameterf()

** CID 401311:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7189 in 
save_SamplerParameteri()

** CID 401312:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/querymatrix.c: 125 
in _es_QueryMatrixxOES()

** CID 401353:  Logically dead code  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/indirect_glx.c: 434 in 
indirect_create_context()

** CID 401357:  Logically dead code  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2215 in 
_mesa_texstore_unorm88()
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2226 in 
_mesa_texstore_unorm88()

** CID 401359:  Logically dead code  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_drawpix.c: 549 
in draw_rgba_pixels()

** CID 401376:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1874 in 
glcpp__switch_to_buffer()

** CID 401377:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 2027 in 
glcpp_push_buffer_state()

** CID 401378:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1841 in glcpp_restart()

** CID 401390:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.y: 1695 in 
_define_object_macro()

** CID 401396:  Dereference after null check  (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/glxext.c: 257 in 
__glXCloseDisplay()

** CID 401397:  Dereference after null check  (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/context.c: 1821 in 
_mesa_valid_to_render()

** CID 401401:  Dereference after null check  (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_texrender.c: 
637 in _swrast_render_texture()

** CID 401409:  Missing break in switch  (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1939 in 
_mesa_GetBooleanv()

** CID 401412:  Missing break in switch  (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1961 in 
_mesa_GetBooleanv()

** CID 401413:  Missing break in switch  (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 2301 in 
_mesa_GetDoublev()


________________________________________________________________________________________________________
*** CID 20290:  Missing break in switch  (MISSING_BREAK)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.c: 1300 in yytnamerr()
1294     
1295     
1296     
1297     
1298     
1299     
>>>     CID 20290:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.

________________________________________________________________________________________________________
*** CID 272942:  Logically dead code  (DEADCODE)
/usr.sbin/sysinst/mbr.c: 1152 in set_mbr_label()
1146            } else
1147                    wprintw(m->mw, " %.*s", len, name);
1148     #ifdef BOOTSEL
1149            if (mbri->mbrb.mbrbs_nametab[opt][0] != 0) {
1150                    int x, y;
1151                    if (opt >= MBR_PART_COUNT)
>>>     CID 272942:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "opt = 0;".
1152                            opt = 0;
1153                    getyx(m->mw, y, x);
1154                    if (x > 52) {
1155                            x = 52;
1156                            wmove(m->mw, y, x);
1157                    }

________________________________________________________________________________________________________
*** CID 272971:  Negative array index read  (NEGATIVE_RETURNS)
/usr.sbin/sysinst/bsddisklabel.c: 679 in make_bsd_partitions()
673              * Save any partitions that are outside the area we are
674              * going to use.
675              * In particular this saves details of the other MBR
676              * partitions on a multiboot i386 system.
677              */
678              for (i = maxpart; i--;) {
>>>     CID 272971:  Negative array index read  (NEGATIVE_RETURNS)
>>>     Using variable "i" as an index to array "bsdlabel".
679                     if (bsdlabel[i].pi_size != 0)
680                             /* Don't overwrite special partitions */
681                             continue;
682                     p = &oldlabel[i];
683                     if (p->pi_fstype == FS_UNUSED || p->pi_size == 0)
684                             continue;

________________________________________________________________________________________________________
*** CID 273020:  Use after free  (USE_AFTER_FREE)
/usr.sbin/sysinst/net.c: 1227 in mnt_net_config()
1221                            scripting_fprintf(NULL, "cat <<EOF 
>>%s/etc/hosts\n",
1222                                target_prefix());
1223                            write_etc_hosts(hosts);
1224                            (void)fclose(hosts);
1225                            scripting_fprintf(NULL, "EOF\n");
1226     
>>>     CID 273020:  Use after free  (USE_AFTER_FREE)
>>>     Calling "fclose(FILE *)" dereferences freed pointer "hosts".
1227                            fclose(hosts);
1228                    }
1229     
1230                    if (del_rc_conf("defaultroute") == 0)
1231                            add_rc_conf("defaultroute=\"%s\"\n", 
net_defroute);
1232            } else {

________________________________________________________________________________________________________
*** CID 401310:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7220 in 
save_SamplerParameterf()
7214        }
7215     }
7216     
7217     static void GLAPIENTRY
7218     save_SamplerParameterf(GLuint sampler, GLenum pname, GLfloat param)
7219     {
>>>     CID 401310:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
>>>     Taking address with "&param" yields a singleton pointer.
7220        save_SamplerParameterfv(sampler, pname, &param);
7221     }
7222     
7223     static void GLAPIENTRY
7224     save_SamplerParameterIiv(GLuint sampler, GLenum pname, const GLint 
*params)
7225     {

________________________________________________________________________________________________________
*** CID 401311:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/dlist.c: 7189 in 
save_SamplerParameteri()
7183        }
7184     }
7185     
7186     static void GLAPIENTRY
7187     save_SamplerParameteri(GLuint sampler, GLenum pname, GLint param)
7188     {
>>>     CID 401311:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
>>>     Taking address with "&param" yields a singleton pointer.
7189        save_SamplerParameteriv(sampler, pname, &param);
7190     }
7191     
7192     static void GLAPIENTRY
7193     save_SamplerParameterfv(GLuint sampler, GLenum pname, const GLfloat 
*params)
7194     {

________________________________________________________________________________________________________
*** CID 401312:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/querymatrix.c: 125 
in _es_QueryMatrixxOES()
119             {GL_TEXTURE, GL_TEXTURE_MATRIX},
120         };
121     
122         /* Call Mesa to get the current matrix in floating-point form.  
First,
123          * we have to figure out what the current matrix mode is.
124          */
>>>     CID 401312:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
>>>     Taking address with "&tmp" yields a singleton pointer.
125         _mesa_GetIntegerv(GL_MATRIX_MODE, &tmp);
126         currentMode = (GLenum) tmp;
127     
128         /* The mode is either GL_FALSE, if for some reason we failed to 
query
129          * the mode, or a given mode from the above table.  Search for the
130          * returned mode to get the desired matrix; if we don't find it,

________________________________________________________________________________________________________
*** CID 401353:  Logically dead code  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/indirect_glx.c: 434 in 
indirect_create_context()
428         ** limit.
429         */
430        if (bufSize > __GLX_RENDER_CMD_SIZE_LIMIT) {
431           bufSize = __GLX_RENDER_CMD_SIZE_LIMIT;
432        }
433        if (bufSize > __GLX_MAX_RENDER_CMD_SIZE) {
>>>     CID 401353:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "bufSize = 64000;".
434           bufSize = __GLX_MAX_RENDER_CMD_SIZE;
435        }
436        gc->maxSmallRenderCommandSize = bufSize;
437        
438     
439        return gc;

________________________________________________________________________________________________________
*** CID 401357:  Logically dead code  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2215 in 
_mesa_texstore_unorm88()
2209                can_swizzle(srcFormat)) {
2210           GLubyte dstmap[4];
2211     
2212           /* dstmap - how to swizzle from RGBA to dst format:
2213            */
2214           if (dstFormat == MESA_FORMAT_AL88 || dstFormat == 
MESA_FORMAT_AL88_REV) {
>>>     CID 401357:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this expression "dstFormat == 18U" inside 
>>> statement "if ((littleEndian && dstFor...".
2215             if ((littleEndian && dstFormat == MESA_FORMAT_AL88) ||
2216                 (!littleEndian && dstFormat == MESA_FORMAT_AL88_REV)) {
2217                dstmap[0] = 0;
2218                dstmap[1] = 3;
2219             }
2220             else {
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/texstore.c: 2226 in 
_mesa_texstore_unorm88()
2220             else {
2221                dstmap[0] = 3;
2222                dstmap[1] = 0;
2223             }
2224           }
2225           else {
>>>     CID 401357:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this expression "dstFormat == 33U" inside 
>>> statement "if ((littleEndian && dstFor...".
2226             if ((littleEndian && dstFormat == MESA_FORMAT_RG88) ||
2227                 (!littleEndian && dstFormat == MESA_FORMAT_RG88_REV)) {
2228                dstmap[0] = 0;
2229                dstmap[1] = 1;
2230             }
2231             else {

________________________________________________________________________________________________________
*** CID 401359:  Logically dead code  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_drawpix.c: 549 
in draw_rgba_pixels()
543     
544           /* XXX this is ugly/temporary, to undo above change */
545           span.array->ChanType = CHAN_TYPE;
546        }
547     
548        if (convImage) {
>>>     CID 401359:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "free(convImage);".
549           free(convImage);
550        }
551     }
552     
553     
554     /**

________________________________________________________________________________________________________
*** CID 401376:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1874 in 
glcpp__switch_to_buffer()
1868     
1869     
1870     
1871     
1872     
1873     
>>>     CID 401376:  Dereference after null check  (FORWARD_NULL)
>>>     Dereferencing null pointer "yyg->yy_buffer_stack".

________________________________________________________________________________________________________
*** CID 401377:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 2027 in 
glcpp_push_buffer_state()
2021     
2022     
2023     
2024     
2025     
2026     
>>>     CID 401377:  Dereference after null check  (FORWARD_NULL)
>>>     Dereferencing null pointer "yyg->yy_buffer_stack".

________________________________________________________________________________________________________
*** CID 401378:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-lex.c: 1841 in glcpp_restart()
1835     
1836     
1837     
1838     
1839     
1840     
>>>     CID 401378:  Dereference after null check  (FORWARD_NULL)
>>>     Dereferencing null pointer "yyg->yy_buffer_stack".

________________________________________________________________________________________________________
*** CID 401390:  Dereference after null check  (FORWARD_NULL)
/external/mit/xorg/lib/libGL/obj/glcpp/glcpp-parse.y: 1695 in 
_define_object_macro()
1689     
1690     
1691     
1692     
1693     
1694     
>>>     CID 401390:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "loc" to null implies that "loc" might be null.

________________________________________________________________________________________________________
*** CID 401396:  Dereference after null check  (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/glx/glxext.c: 257 in 
__glXCloseDisplay()
251     __glXCloseDisplay(Display * dpy, XExtCodes * codes)
252     {
253        struct glx_display *priv, **prev;
254     
255        _XLockMutex(_Xglobal_lock);
256        prev = &glx_displays;
>>>     CID 401396:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "priv" to null implies that "priv" might be null.
257        for (priv = glx_displays; priv; prev = &priv->next, priv = 
priv->next) {
258           if (priv->dpy == dpy) {
259              *prev = priv->next;
260              break;
261           }
262        }

________________________________________________________________________________________________________
*** CID 401397:  Dereference after null check  (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/context.c: 1821 in 
_mesa_valid_to_render()
1815              _mesa_error(ctx, GL_INVALID_OPERATION,
1816                          "%s(integer format but no fragment shader)", 
where);
1817              return GL_FALSE;
1818           }
1819        }
1820     
>>>     CID 401397:  Dereference after null check  (FORWARD_NULL)
>>>     Dereferencing null pointer "ctx->DrawBuffer".
1821        if (ctx->DrawBuffer->_Status != GL_FRAMEBUFFER_COMPLETE_EXT) {
1822           _mesa_error(ctx, GL_INVALID_FRAMEBUFFER_OPERATION_EXT,
1823                       "%s(incomplete framebuffer)", where);
1824           return GL_FALSE;
1825        }
1826     

________________________________________________________________________________________________________
*** CID 401401:  Dereference after null check  (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/swrast/s_texrender.c: 
637 in _swrast_render_texture()
631     _swrast_render_texture(struct gl_context *ctx,
632                            struct gl_framebuffer *fb,
633                            struct gl_renderbuffer_attachment *att)
634     {
635        (void) fb;
636     
>>>     CID 401401:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "att->Renderbuffer" to null implies that "att->Renderbuffer" 
>>> might be null.
637        if (!att->Renderbuffer) {
638           wrap_texture(ctx, att);
639        }
640        update_wrapper(ctx, att);
641     }
642     

________________________________________________________________________________________________________
*** CID 401409:  Missing break in switch  (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1939 in 
_mesa_GetBooleanv()
1933           params[0] = INT_TO_BOOLEAN(d->offset);
1934           break;
1935     
1936        case TYPE_FLOAT_4:
1937        case TYPE_FLOATN_4:
1938           params[3] = FLOAT_TO_BOOLEAN(((GLfloat *) p)[3]);
>>>     CID 401409:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
1939        case TYPE_FLOAT_3:
1940        case TYPE_FLOATN_3:
1941           params[2] = FLOAT_TO_BOOLEAN(((GLfloat *) p)[2]);
1942        case TYPE_FLOAT_2:
1943        case TYPE_FLOATN_2:
1944           params[1] = FLOAT_TO_BOOLEAN(((GLfloat *) p)[1]);

________________________________________________________________________________________________________
*** CID 401412:  Missing break in switch  (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 1961 in 
_mesa_GetBooleanv()
1955           params[3] = INT_TO_BOOLEAN(((GLint *) p)[3]);
1956        case TYPE_INT_3:
1957           params[2] = INT_TO_BOOLEAN(((GLint *) p)[2]);
1958        case TYPE_INT_2:
1959        case TYPE_ENUM_2:
1960           params[1] = INT_TO_BOOLEAN(((GLint *) p)[1]);
>>>     CID 401412:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
1961        case TYPE_INT:
1962        case TYPE_ENUM:
1963           params[0] = INT_TO_BOOLEAN(((GLint *) p)[0]);
1964           break;
1965     
1966        case TYPE_INT_N:

________________________________________________________________________________________________________
*** CID 401413:  Missing break in switch  (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/get.c: 2301 in 
_mesa_GetDoublev()
2295           params[0] = d->offset;
2296           break;
2297     
2298        case TYPE_FLOAT_4:
2299        case TYPE_FLOATN_4:
2300           params[3] = ((GLfloat *) p)[3];
>>>     CID 401413:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
2301        case TYPE_FLOAT_3:
2302        case TYPE_FLOATN_3:
2303           params[2] = ((GLfloat *) p)[2];
2304        case TYPE_FLOAT_2:
2305        case TYPE_FLOATN_2:
2306           params[1] = ((GLfloat *) p)[1];


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
http://scan.coverity.com/projects/1449?tab=overview

To unsubscribe from the email notification for new defects, 
http://scan5.coverity.com/cgi-bin/unsubscribe.py




Home | Main Index | Thread Index | Old Index