Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
115 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
130 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 115 defect(s)
** CID 500066: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/pack.c: 3540 in _mesa_unpack_color_span_chan()
** CID 502366: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/gzip/infcodes.c: 120 in inflate_codes()
** CID 745499: Use of untrusted string value (TAINTED_STRING)
/usr.bin/rsh/rsh.c: 206 in main()
** CID 975012: Unchecked return value (CHECKED_RETURN)
/external/bsd/wpa/dist/src/crypto/tls_openssl.c: 669 in tls_engine_load_dynamic_generic()
** CID 976384: Integer overflowed argument (INTEGER_OVERFLOW)
/sbin/dump/traverse.c: 320 in mapdirs()
** CID 976453: Missing break in switch (MISSING_BREAK)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 1219 in wpa_driver_bsd_event_receive()
** CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
/external/bsd/dhcpcd/dist/dhcp.c: 1647 in send_message()
** CID 979065: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
** CID 979066: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
/sys/kern/vfs_wapbl.c: 2526 in wapbl_replay_start()
** CID 980726: Unchecked return value (CHECKED_RETURN)
/usr.sbin/isibootd/isibootd.c: 187 in main()
** CID 980886: Resource leak (RESOURCE_LEAK)
/usr.sbin/rpc.yppasswdd/yppasswdd_mkpw.c: 138 in make_passwd()
** CID 980933: Unused value (UNUSED_VALUE)
/lib/libc/gen/pw_scan.c: 232 in __pw_scan()
** CID 980935: Use after free (USE_AFTER_FREE)
/libexec/ld.elf_so/map_object.c: 447 in _rtld_obj_free()
** CID 986899: Unchecked return value (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 585 in rhdRROutputCreateResources()
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 592 in rhdRROutputCreateResources()
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 603 in rhdRROutputCreateResources()
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 613 in rhdRROutputCreateResources()
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 619 in rhdRROutputCreateResources()
** CID 987315: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 474 in viaOverlayGetSrcStartAddress()
** CID 987434: Unsigned compared against 0 (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 1762 in SetVideoWindow()
** CID 987784: Resource leak (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
** CID 988186: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/MesaGLUT/dist/src/glut/glx/glut_cursor.c: 93 in makeBlankCursor()
** CID 988193: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/beforelight/dist/b4light.c: 294 in main()
** CID 988252: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_exa.c: 569 in viaAccelDMADownload()
________________________________________________________________________________________________________
*** CID 500066: Logically dead code (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/main/pack.c: 3540 in _mesa_unpack_color_span_chan()
3534 }
3535 /*
3536 * Common situation, loading 8bit RGBA/RGB source images
3537 * into 16/32 bit destination. (OSMesa16/32)
3538 */
3539 else if (srcType == GL_UNSIGNED_BYTE) {
>>> CID 500066: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "if (dstFormat == 6408U){
...".
3540 if (dstFormat == GL_RGBA) {
3541 if (srcFormat == GL_RGB) {
3542 GLuint i;
3543 const GLubyte *src = (const GLubyte *) source;
3544 GLchan *dst = dest;
3545 for (i = 0; i < n; i++) {
________________________________________________________________________________________________________
*** CID 502366: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/gzip/infcodes.c: 120 in inflate_codes()
114 }
115 }
116 #endif /* !SLOW */
117 c->sub.code.need = c->lbits;
118 c->sub.code.tree = c->ltree;
119 c->mode = LEN;
>>> CID 502366: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
120 case LEN: /* i: get length/literal/eob next */
121 j = c->sub.code.need;
122 NEEDBITS(j)
123 t = c->sub.code.tree + ((uInt)b & inflate_mask[j]);
124 DUMPBITS(t->bits)
125 e = (uInt)(t->exop);
________________________________________________________________________________________________________
*** CID 745499: Use of untrusted string value (TAINTED_STRING)
/usr.bin/rsh/rsh.c: 206 in main()
200 if (!argv[optind]) {
201 #ifdef IN_RCMD
202 usage();
203 #else
204 if (asrsh)
205 *argv = __UNCONST("rlogin");
>>> CID 745499: Use of untrusted string value (TAINTED_STRING)
>>> Passing tainted string "*argv" to "execv(char const *, char * const *)", which cannot accept tainted data.
206 execv(_PATH_RLOGIN, argv);
207 err(1, "can't exec %s", _PATH_RLOGIN);
208 #endif
209 }
210
211 argc -= optind;
________________________________________________________________________________________________________
*** CID 975012: Unchecked return value (CHECKED_RETURN)
/external/bsd/wpa/dist/src/crypto/tls_openssl.c: 669 in tls_engine_load_dynamic_generic()
663 while (post && post[0]) {
664 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
665 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
666 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
667 " %s %s [%s]", post[0], post[1],
668 ERR_error_string(ERR_get_error(), NULL));
>>> CID 975012: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "ENGINE_remove(engine)".
669 ENGINE_remove(engine);
670 ENGINE_free(engine);
671 return -1;
672 }
673 post += 2;
674 }
________________________________________________________________________________________________________
*** CID 976384: Integer overflowed argument (INTEGER_OVERFLOW)
/sbin/dump/traverse.c: 320 in mapdirs()
314 ret |= searchdir(ino, blk,
315 (long)ufs_dblksize(ufsib, &di, i),
316 filesize, tape_size, nodump);
317 if (ret & HASDUMPEDFILE)
318 filesize = 0;
319 else
>>> CID 976384: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Assigning overflowed or truncated value (or a value computed from an overflowed or a truncated value) to "filesize".
320 filesize -= ufsib->ufs_bsize;
321 }
322 for (i = 0; filesize > 0 && i < UFS_NIADDR; i++) {
323 if (is_ufs2)
324 blk = iswap64(di.dp2.di_ib[i]);
325 else
________________________________________________________________________________________________________
*** CID 976453: Missing break in switch (MISSING_BREAK)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 1219 in wpa_driver_bsd_event_receive()
1213 break;
1214 os_strlcpy(event.interface_status.ifname, drv->ifname,
1215 sizeof(event.interface_status.ifname));
1216 switch (ifan->ifan_what) {
1217 case IFAN_DEPARTURE:
1218 event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
>>> CID 976453: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
1219 default:
1220 #if 1
1221 event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1222 break;
1223 #else
1224 return;
________________________________________________________________________________________________________
*** CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
/external/bsd/dhcpcd/dist/dhcp.c: 1647 in send_message()
1641 struct sockaddr_in sin;
1642
1643 memset(&sin, 0, sizeof(sin));
1644 sin.sin_family = AF_INET;
1645 sin.sin_addr.s_addr = to.s_addr;
1646 sin.sin_port = htons(DHCP_SERVER_PORT);
>>> CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "s" is passed to a parameter that cannot be negative.
1647 r = sendto(s, (uint8_t *)dhcp, len, 0,
1648 (struct sockaddr *)&sin, sizeof(sin));
1649 if (r == -1)
1650 syslog(LOG_ERR, "%s: dhcp_sendpacket: %m", iface->name);
1651 } else {
1652 size_t ulen;
________________________________________________________________________________________________________
*** CID 979065: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
________________________________________________________________________________________________________
*** CID 979066: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
2528 wr = wapbl_calloc(1, sizeof(*wr));
2529
2530 wr->wr_logvp = vp;
2531 wr->wr_devvp = devvp;
2532 wr->wr_logpbn = logpbn;
2533
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wr->wr_scratch" = "scratch". Both are now tainted.
2534 wr->wr_scratch = scratch;
2535
2536 wr->wr_log_dev_bshift = wch->wc_log_dev_bshift;
2537 wr->wr_fs_dev_bshift = wch->wc_fs_dev_bshift;
2538 wr->wr_circ_off = wch->wc_circ_off;
2539 wr->wr_circ_size = wch->wc_circ_size;
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
2528 wr = wapbl_calloc(1, sizeof(*wr));
2529
2530 wr->wr_logvp = vp;
2531 wr->wr_devvp = devvp;
2532 wr->wr_logpbn = logpbn;
2533
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wr->wr_scratch" = "scratch". Both are now tainted.
2534 wr->wr_scratch = scratch;
2535
2536 wr->wr_log_dev_bshift = wch->wc_log_dev_bshift;
2537 wr->wr_fs_dev_bshift = wch->wc_fs_dev_bshift;
2538 wr->wr_circ_off = wch->wc_circ_off;
2539 wr->wr_circ_size = wch->wc_circ_size;
/sys/kern/vfs_wapbl.c: 2526 in wapbl_replay_start()
2520 printf("Unrecognized wapbl magic: 0x%08x\n", wch->wc_type);
2521 error = EFTYPE;
2522 goto errout;
2523 }
2524
2525 if (wch2->wc_generation > wch->wc_generation)
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wch" = "wch2". Both are now tainted.
2526 wch = wch2;
2527
2528 wr = wapbl_calloc(1, sizeof(*wr));
2529
2530 wr->wr_logvp = vp;
2531 wr->wr_devvp = devvp;
________________________________________________________________________________________________________
*** CID 980726: Unchecked return value (CHECKED_RETURN)
/usr.sbin/isibootd/isibootd.c: 187 in main()
181 err(EXIT_FAILURE, "can not chdir to %s", bootwd);
182
183 pollfd.fd = station.fd;
184 pollfd.events = POLLIN;
185 for (;;) {
186 poll(&pollfd, 1, INFTIM);
>>> CID 980726: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "read(pollfd.fd, iobuf, iolen)".
187 read(pollfd.fd, iobuf, iolen); /* returns 1468 */
188 fp = (struct frame *)ISIBOOT_FRAME(iobuf);
189
190 /* ignore own TX packets */
191 if (memcmp(fp->src, station.addr, ETHER_ADDR_LEN) == 0)
192 continue;
________________________________________________________________________________________________________
*** CID 980886: Resource leak (RESOURCE_LEAK)
/usr.sbin/rpc.yppasswdd/yppasswdd_mkpw.c: 138 in make_passwd()
132 RETURN(1);
133 }
134 pfd = open(mpwd, O_RDONLY, 0);
135 if (pfd < 0) {
136 pw_abort();
137 warnx("%s", mpwd);
>>> CID 980886: Resource leak (RESOURCE_LEAK)
>>> Handle variable "tfd" going out of scope leaks the handle.
138 RETURN(1);
139 }
140
141 /*
142 * Get the new password. Reset passwd change time to zero; when
143 * classes are implemented, go and get the "offset" value for this
________________________________________________________________________________________________________
*** CID 980933: Unused value (UNUSED_VALUE)
/lib/libc/gen/pw_scan.c: 232 in __pw_scan()
226 }
227 if (!strcmp(p, sh))
228 break;
229 }
230 #endif
231
>>> CID 980933: Unused value (UNUSED_VALUE)
>>> Pointer "p" returned by "_strsep(&bp, ":")" is never used.
232 if ((p = strsep(&bp, ":")) != NULL) { /* too many */
233 fmt:
234 if (dowarn)
235 warnx("corrupted entry");
236 return 0;
237 }
238
239 return 1;
________________________________________________________________________________________________________
*** CID 980935: Use after free (USE_AFTER_FREE)
/libexec/ld.elf_so/map_object.c: 447 in _rtld_obj_free()
441 xfree(elm);
442 }
443 if (!obj->phdr_loaded)
444 xfree((void *)(uintptr_t)obj->phdr);
445 xfree(obj);
446 #ifdef COMBRELOC
>>> CID 980935: Use after free (USE_AFTER_FREE)
>>> Passing freed pointer "obj" as an argument to function "_rtld_combreloc_reset(Obj_Entry const *)".
447 _rtld_combreloc_reset(obj);
448 #endif
449 }
450
451 Obj_Entry *
452 _rtld_obj_new(void)
________________________________________________________________________________________________________
*** CID 986899: Unchecked return value (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 585 in rhdRROutputCreateResources()
579 atom_HDMI = MakeAtom("HDMI", 4, TRUE);
580 atom_Panel = MakeAtom("Panel", 5, TRUE);
581
582 /* Set up properties */
583 val = rhdGetSignalFormat(rout);
584 /* TODO: for TV multiple signal formats will be possible */
>>> CID 986899: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "RRConfigureOutputProperty(out->randr_output, atom_SignalFormat, 0, 0, 1, 1, &val)".
585 RRConfigureOutputProperty(out->randr_output, atom_SignalFormat,
586 FALSE, FALSE, TRUE, 1, &val);
587 RRChangeOutputProperty(out->randr_output, atom_SignalFormat,
588 XA_ATOM, 32, PropModeReplace,
589 1, &val, FALSE, FALSE);
590
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 592 in rhdRROutputCreateResources()
586 FALSE, FALSE, TRUE, 1, &val);
587 RRChangeOutputProperty(out->randr_output, atom_SignalFormat,
588 XA_ATOM, 32, PropModeReplace,
589 1, &val, FALSE, FALSE);
590
591 val = rhdGetConnectorType(rout);
>>> CID 986899: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "RRConfigureOutputProperty(out->randr_output, atom_ConnectorType, 0, 0, 1, 0, NULL)".
592 RRConfigureOutputProperty(out->randr_output, atom_ConnectorType,
593 FALSE, FALSE, TRUE, 0, NULL);
594 RRChangeOutputProperty(out->randr_output, atom_ConnectorType,
595 XA_ATOM, 32, PropModeReplace,
596 1, &val, FALSE, FALSE);
597
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 603 in rhdRROutputCreateResources()
597
598 for (num = 0; num < RHD_CONNECTORS_MAX; num++)
599 if (rout->Connector == rhdPtr->Connector[num])
600 break;
601 ASSERT(num < RHD_CONNECTORS_MAX);
602 num++; /* For RANDR_CONNECTOR_NUMBER 0 is unknown */
>>> CID 986899: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "RRConfigureOutputProperty(out->randr_output, atom_ConnectorNumber, 0, 0, 1, 0, NULL)".
603 RRConfigureOutputProperty(out->randr_output, atom_ConnectorNumber,
604 FALSE, FALSE, TRUE, 0, NULL);
605 RRChangeOutputProperty(out->randr_output, atom_ConnectorNumber,
606 XA_INTEGER, 32, PropModeReplace,
607 1, &num, FALSE, FALSE);
608
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 613 in rhdRROutputCreateResources()
607 1, &num, FALSE, FALSE);
608
609 for (num = 1, o = rhdPtr->Outputs; o; num++, o = o->Next)
610 if (rout->Output == o)
611 break;
612 ASSERT(o);
>>> CID 986899: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "RRConfigureOutputProperty(out->randr_output, atom_OutputNumber, 0, 0, 0, 0, NULL)".
613 RRConfigureOutputProperty(out->randr_output, atom_OutputNumber,
614 FALSE, FALSE, FALSE, 0, NULL);
615 RRChangeOutputProperty(out->randr_output, atom_OutputNumber,
616 XA_INTEGER, 32, PropModeReplace,
617 1, &num, FALSE, FALSE);
618
/home/phil/cov/xsrc/external/mit/xf86-video-radeonhd/dist/src/rhd_randr.c: 619 in rhdRROutputCreateResources()
613 RRConfigureOutputProperty(out->randr_output, atom_OutputNumber,
614 FALSE, FALSE, FALSE, 0, NULL);
615 RRChangeOutputProperty(out->randr_output, atom_OutputNumber,
616 XA_INTEGER, 32, PropModeReplace,
617 1, &num, FALSE, FALSE);
618
>>> CID 986899: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "RRConfigureOutputProperty(out->randr_output, atom_PanningArea, 0, 0, 0, 0, NULL)".
619 RRConfigureOutputProperty(out->randr_output, atom_PanningArea,
620 FALSE, FALSE, FALSE, 0, NULL);
621 RRChangeOutputProperty(out->randr_output, atom_PanningArea,
622 XA_STRING, 8, PropModeReplace,
623 0, NULL, FALSE, FALSE);
624
________________________________________________________________________________________________________
*** CID 987315: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 474 in viaOverlayGetSrcStartAddress()
468 int n = 1;
469
470 if ((pUpdate->SrcLeft != 0) || (pUpdate->SrcTop != 0)) {
471 switch (pVia->swov.SrcFourCC) {
472 case FOURCC_RV32:
473 n = 2;
>>> CID 987315: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
474 case FOURCC_YUY2:
475 case FOURCC_UYVY:
476 case FOURCC_RV15:
477 case FOURCC_RV16:
478
479 if (videoFlag & VIDEO_HQV_INUSE) {
________________________________________________________________________________________________________
*** CID 987434: Unsigned compared against 0 (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 1762 in SetVideoWindow()
1756 / pScrn->currentMode->VDisplay);
1757 bottom = (pUpdate->DstBottom * pBIOSInfo->Panel->NativeMode->Height
1758 / pScrn->currentMode->VDisplay);
1759 }
1760 }*/
1761
>>> CID 987434: Unsigned compared against 0 (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "top < 0UL".
1762 if (top < 0)
1763 top = 0;
1764 else if (top > 2047)
1765 top = 2047;
1766
1767 if (bottom < 0)
________________________________________________________________________________________________________
*** CID 987784: Resource leak (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
668 viaSetColorSpace(pVia, 0, 0, 0, 0, TRUE);
669 pVia->swov.panning_x = 0;
670 pVia->swov.panning_y = 0;
671 pVia->swov.oldPanningX = 0;
672 pVia->swov.oldPanningY = 0;
673 }
>>> CID 987784: Resource leak (RESOURCE_LEAK)
>>> Variable "adaptors" going out of scope leaks the storage it points to.
674 }
675
676 static unsigned
677 viaSetupAdaptors(ScreenPtr pScreen, XF86VideoAdaptorPtr ** adaptors)
678 {
679 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
668 viaSetColorSpace(pVia, 0, 0, 0, 0, TRUE);
669 pVia->swov.panning_x = 0;
670 pVia->swov.panning_y = 0;
671 pVia->swov.oldPanningX = 0;
672 pVia->swov.oldPanningY = 0;
673 }
>>> CID 987784: Resource leak (RESOURCE_LEAK)
>>> Variable "adaptors" going out of scope leaks the storage it points to.
674 }
675
676 static unsigned
677 viaSetupAdaptors(ScreenPtr pScreen, XF86VideoAdaptorPtr ** adaptors)
678 {
679 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
________________________________________________________________________________________________________
*** CID 988186: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/MesaGLUT/dist/src/glut/glx/glut_cursor.c: 93 in makeBlankCursor()
87 makeBlankCursor(void)
88 {
89 static char data[1] =
90 {0};
91 Cursor cursor;
92 Pixmap blank;
>>> CID 988186: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "dummy" without initializer.
93 XColor dummy;
94
95 blank = XCreateBitmapFromData(__glutDisplay, __glutRoot,
96 data, 1, 1);
97 if (blank == None)
98 __glutFatalError("out of memory.");
________________________________________________________________________________________________________
*** CID 988193: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/beforelight/dist/b4light.c: 294 in main()
288 XEvent event;
289 XScreenSaverNotifyEvent *sevent;
290 XSetWindowAttributes attr;
291 XScreenSaverInfo *info;
292 unsigned long mask;
293 Pixmap blank_pix;
>>> CID 988193: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "dummyColor" without initializer.
294 XColor dummyColor;
295 XID kill_id;
296 Atom kill_type;
297 int i;
298 int (*oldHandler)(Display*, XErrorEvent*);
299 Window r;
________________________________________________________________________________________________________
*** CID 988252: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_exa.c: 569 in viaAccelDMADownload()
563
564 if (err)
565 return err;
566
567 doSync[curBuf] = FALSE;
568 if (useBounceBuffer) {
>>> CID 988252: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "numLines[curBuf]".
569 for (i = 0; i < numLines[curBuf]; ++i) {
570 memcpy(dst, curBlit->mem_addr, w);
571 dst += dstPitch;
572 curBlit->mem_addr += pitch;
573 }
574 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1448?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index