Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
127 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
149 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 127 defect(s)
** CID 270354: Resource leak (RESOURCE_LEAK)
/external/gpl3/binutils/dist/binutils/nm.c: 1187 in display_archive()
** CID 274047: Dereference null return value (NULL_RETURNS)
/external/bsd/am-utils/dist/libamu/wire.c: 326 in is_network_member()
** CID 460444: Dereference null return value (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/dbe/dbe.c: 1653 in DbeExtensionInit()
** CID 975012: Unchecked return value (CHECKED_RETURN)
/external/bsd/wpa/dist/src/crypto/tls_openssl.c: 669 in tls_engine_load_dynamic_generic()
** CID 975115: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 258 in svc_com_create()
** CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
/lib/libc/rpc/svc_vc.c: 515 in read_vc()
/lib/libc/rpc/svc_vc.c: 519 in read_vc()
** CID 976453: Missing break in switch (MISSING_BREAK)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 1219 in wpa_driver_bsd_event_receive()
** CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
/external/bsd/dhcpcd/dist/dhcp.c: 1647 in send_message()
** CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
/lib/libc/rpc/svc_vc.c: 287 in makefd_xprt()
** CID 978280: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/check_bound.c: 108 in check_bound()
** CID 978282: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 270 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 281 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 306 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 316 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 332 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 506 in init_transport()
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 503 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 253 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 264 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
/usr.sbin/rpcbind/rpcbind.c: 484 in init_transport()
** CID 978502: Dereference before null check (REVERSE_INULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_ioctl.c: 3091 in zfs_ioc_rollback()
** CID 979065: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
** CID 979066: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
/sys/kern/vfs_wapbl.c: 2526 in wapbl_replay_start()
** CID 987315: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 474 in viaOverlayGetSrcStartAddress()
** CID 987434: Unsigned compared against 0 (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 1762 in SetVideoWindow()
** CID 987784: Resource leak (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
** CID 988186: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/MesaGLUT/dist/src/glut/glx/glut_cursor.c: 93 in makeBlankCursor()
** CID 988193: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/beforelight/dist/b4light.c: 294 in main()
** CID 988252: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_exa.c: 569 in viaAccelDMADownload()
________________________________________________________________________________________________________
*** CID 270354: Resource leak (RESOURCE_LEAK)
/external/gpl3/binutils/dist/binutils/nm.c: 1187 in display_archive()
1181 if (last_arfile != NULL)
1182 {
1183 bfd_close (last_arfile);
1184 lineno_cache_bfd = NULL;
1185 lineno_cache_rel_bfd = NULL;
1186 }
>>> CID 270354: Resource leak (RESOURCE_LEAK)
>>> Variable "matching" going out of scope leaks the storage it points to.
1187 }
1188
1189 static bfd_boolean
1190 display_file (char *filename)
1191 {
1192 bfd_boolean retval = TRUE;
________________________________________________________________________________________________________
*** CID 274047: Dereference null return value (NULL_RETURNS)
/external/bsd/am-utils/dist/libamu/wire.c: 326 in is_network_member()
320 if (STREQ(net, al->ip_net_name) || STREQ(net, al->ip_net_num))
321 return TRUE;
322 } else {
323 char *netstr = strdup(net), *maskstr;
324 u_long netnum, masknum = 0;
325 maskstr = strchr(netstr, '/');
>>> CID 274047: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "maskstr".
326 maskstr[0] = '\0'; /* null terminate netstr */
327 maskstr++;
328 if (*maskstr == '\0') /* if empty string, make it NULL */
329 maskstr = NULL;
330 /* check if netmask uses a dotted-quad or bit-length, or not defined at all */
331 if (maskstr) {
________________________________________________________________________________________________________
*** CID 460444: Dereference null return value (NULL_RETURNS)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/dbe/dbe.c: 1653 in DbeExtensionInit()
1647
1648 /* Now add the extension. */
1649 extEntry = AddExtension(DBE_PROTOCOL_NAME, DbeNumberEvents,
1650 DbeNumberErrors, ProcDbeDispatch, SProcDbeDispatch,
1651 DbeResetProc, StandardMinorOpcode);
1652
>>> CID 460444: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "extEntry".
1653 dbeErrorBase = extEntry->errorBase;
1654 SetResourceTypeErrorValue(dbeWindowPrivResType, dbeErrorBase + DbeBadBuffer);
1655 SetResourceTypeErrorValue(dbeDrawableResType, dbeErrorBase + DbeBadBuffer);
1656
________________________________________________________________________________________________________
*** CID 975012: Unchecked return value (CHECKED_RETURN)
/external/bsd/wpa/dist/src/crypto/tls_openssl.c: 669 in tls_engine_load_dynamic_generic()
663 while (post && post[0]) {
664 wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
665 if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
666 wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
667 " %s %s [%s]", post[0], post[1],
668 ERR_error_string(ERR_get_error(), NULL));
>>> CID 975012: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "ENGINE_remove(engine)".
669 ENGINE_remove(engine);
670 ENGINE_free(engine);
671 return -1;
672 }
673 post += 2;
674 }
________________________________________________________________________________________________________
*** CID 975115: Unchecked return value (CHECKED_RETURN)
/lib/libc/rpc/rpc_soc.c: 258 in svc_com_create()
252 madefd = TRUE;
253 }
254
255 memset(&sccsin, 0, sizeof sccsin);
256 sccsin.sin_family = AF_INET;
257 (void)bindresvport(fd, &sccsin);
>>> CID 975115: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "listen(fd, 128)".
258 listen(fd, SOMAXCONN);
259 svc = svc_tli_create(fd, nconf, NULL, sendsize, recvsize);
260 (void) freenetconfigent(nconf);
261 if (svc == NULL) {
262 if (madefd)
263 (void) close(fd);
________________________________________________________________________________________________________
*** CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
/lib/libc/rpc/svc_vc.c: 515 in read_vc()
509 if (cmp->cmsg_level != SOL_SOCKET ||
510 cmp->cmsg_type != SCM_CREDS)
511 goto fatal_err;
512
513 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
514
>>> CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "24U + 4U * (sc->sc_ngroups ? sc->sc_ngroups - 1 : 0)" used as critical argument to function.
515 xprt->xp_p2 = mem_alloc(SOCKCREDSIZE(sc->sc_ngroups));
516 if (xprt->xp_p2 == NULL)
517 goto fatal_err;
518
519 memcpy(xprt->xp_p2, sc, SOCKCREDSIZE(sc->sc_ngroups));
520 free(crmsg);
/lib/libc/rpc/svc_vc.c: 519 in read_vc()
513 sc = (struct sockcred *)(void *)CMSG_DATA(cmp);
514
515 xprt->xp_p2 = mem_alloc(SOCKCREDSIZE(sc->sc_ngroups));
516 if (xprt->xp_p2 == NULL)
517 goto fatal_err;
518
>>> CID 976378: Integer overflowed argument (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "24U + 4U * (sc->sc_ngroups ? sc->sc_ngroups - 1 : 0)" used as critical argument to function.
519 memcpy(xprt->xp_p2, sc, SOCKCREDSIZE(sc->sc_ngroups));
520 free(crmsg);
521 crmsg = NULL;
522 }
523
524 cfp = (struct cf_conn *)xprt->xp_p1;
________________________________________________________________________________________________________
*** CID 976453: Missing break in switch (MISSING_BREAK)
/external/bsd/wpa/dist/src/drivers/driver_bsd.c: 1219 in wpa_driver_bsd_event_receive()
1213 break;
1214 os_strlcpy(event.interface_status.ifname, drv->ifname,
1215 sizeof(event.interface_status.ifname));
1216 switch (ifan->ifan_what) {
1217 case IFAN_DEPARTURE:
1218 event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
>>> CID 976453: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
1219 default:
1220 #if 1
1221 event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1222 break;
1223 #else
1224 return;
________________________________________________________________________________________________________
*** CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
/external/bsd/dhcpcd/dist/dhcp.c: 1647 in send_message()
1641 struct sockaddr_in sin;
1642
1643 memset(&sin, 0, sizeof(sin));
1644 sin.sin_family = AF_INET;
1645 sin.sin_addr.s_addr = to.s_addr;
1646 sin.sin_port = htons(DHCP_SERVER_PORT);
>>> CID 976694: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "s" is passed to a parameter that cannot be negative.
1647 r = sendto(s, (uint8_t *)dhcp, len, 0,
1648 (struct sockaddr *)&sin, sizeof(sin));
1649 if (r == -1)
1650 syslog(LOG_ERR, "%s: dhcp_sendpacket: %m", iface->name);
1651 } else {
1652 size_t ulen;
________________________________________________________________________________________________________
*** CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
/lib/libc/rpc/svc_vc.c: 287 in makefd_xprt()
281 xdrrec_create(&(cd->xdrs), sendsize, recvsize,
282 (caddr_t)(void *)xprt, read_vc, write_vc);
283 xprt->xp_p1 = (caddr_t)(void *)cd;
284 xprt->xp_verf.oa_base = cd->verf_body;
285 svc_vc_ops(xprt); /* truely deals with calls */
286 xprt->xp_port = 0; /* this is a connection, not a rendezvouser */
>>> CID 976737: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "xprt->xp_fd" = "fd".
287 xprt->xp_fd = fd;
288 if (__rpc_fd2sockinfo(fd, &si) && __rpc_sockinfo2netid(&si, &netid))
289 if ((xprt->xp_netid = strdup(netid)) == NULL)
290 goto outofmem;
291
292 if (!xprt_register(xprt))
________________________________________________________________________________________________________
*** CID 978280: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/check_bound.c: 108 in check_bound()
102
103 ans = bind(fd, (struct sockaddr *)na->buf, na->len);
104
105 rump_sys_close(fd);
106 free(na);
107
>>> CID 978280: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
108 return (ans == 0 ? FALSE : TRUE);
109 }
110
111 int
112 add_bndlist(struct netconfig *nconf, struct netbuf *baddr)
113 {
________________________________________________________________________________________________________
*** CID 978282: Resource leak (RESOURCE_LEAK)
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 270 in init_transport()
264 warn("Cannot create socket for `%s'", nconf->nc_netid);
265 return 1;
266 }
267
268 if (!__rpc_nconf2sockinfo(nconf, &si)) {
269 warnx("Cannot get information for `%s'", nconf->nc_netid);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
270 return 1;
271 }
272
273 if (si.si_af == AF_INET6) {
274 /*
275 * We're doing host-based access checks here, so don't allow
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 281 in init_transport()
275 * We're doing host-based access checks here, so don't allow
276 * v4-in-v6 to confuse things.
277 */
278 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
279 sizeof one) < 0) {
280 warn("Can't make socket ipv6 only");
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
281 return 1;
282 }
283 }
284
285
286 if (!strcmp(nconf->nc_netid, "local")) {
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 306 in init_transport()
300 hints.ai_family = si.si_af;
301 hints.ai_socktype = si.si_socktype;
302 hints.ai_protocol = si.si_proto;
303 if ((aicode = getaddrinfo(NULL, servname, &hints, &res)) != 0) {
304 warnx("Cannot get local address for `%s' (%s)",
305 nconf->nc_netid, gai_strerror(aicode));
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
306 return 1;
307 }
308 addrlen = res->ai_addrlen;
309 sa = (struct sockaddr *)res->ai_addr;
310 }
311
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 316 in init_transport()
310 }
311
312 if (bind(fd, sa, addrlen) < 0) {
313 warn("Cannot bind `%s'", nconf->nc_netid);
314 if (res != NULL)
315 freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
316 return 1;
317 }
318 #if 0
319 if (sa->sa_family == AF_LOCAL)
320 if (rump_sys_chmod(sun.sun_path, S_IRWXU|S_IRWXG|S_IRWXO) == -1)
321 warn("Cannot chmod `%s'", sun.sun_path);
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 332 in init_transport()
326 taddr.addr.buf = malloc(addrlen);
327 if (taddr.addr.buf == NULL) {
328 warn("Cannot allocate memory for `%s' address",
329 nconf->nc_netid);
330 if (res != NULL)
331 freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
332 return 1;
333 }
334 (void)memcpy(taddr.addr.buf, sa, addrlen);
335 #ifdef RPCBIND_DEBUG
336 if (debugging) {
337 /* for debugging print out our universal address */
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 506 in init_transport()
500 }
501 #endif
502 }
503 return (0);
504 error:
505 (void)rump_sys_close(fd);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
506 return (1);
507 }
508
509 static void
510 rbllist_add(rpcprog_t prog, rpcvers_t vers, struct netconfig *nconf,
511 struct netbuf *addr)
/tests/fs/nfs/nfsservice/rpcbind/rpcbind.c: 503 in init_transport()
497 fprintf(stderr, "rmtcall fd for %s is %d\n",
498 nconf->nc_netid, status);
499 }
500 }
501 #endif
502 }
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
503 return (0);
504 error:
505 (void)rump_sys_close(fd);
506 return (1);
507 }
508
/usr.sbin/rpcbind/rpcbind.c: 253 in init_transport()
247 warn("Cannot create socket for `%s'", nconf->nc_netid);
248 return 1;
249 }
250
251 if (!__rpc_nconf2sockinfo(nconf, &si)) {
252 warnx("Cannot get information for `%s'", nconf->nc_netid);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
253 return 1;
254 }
255
256 if (si.si_af == AF_INET6) {
257 /*
258 * We're doing host-based access checks here, so don't allow
/usr.sbin/rpcbind/rpcbind.c: 264 in init_transport()
258 * We're doing host-based access checks here, so don't allow
259 * v4-in-v6 to confuse things.
260 */
261 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &one,
262 sizeof one) < 0) {
263 warn("Can't make socket ipv6 only");
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
264 return 1;
265 }
266 }
267
268
269 if (!strcmp(nconf->nc_netid, "local")) {
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
283 hints.ai_family = si.si_af;
284 hints.ai_socktype = si.si_socktype;
285 hints.ai_protocol = si.si_proto;
286 if ((aicode = getaddrinfo(NULL, servname, &hints, &res)) != 0) {
287 warnx("Cannot get local address for `%s' (%s)",
288 nconf->nc_netid, gai_strerror(aicode));
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
289 return 1;
290 }
291 addrlen = res->ai_addrlen;
292 sa = (struct sockaddr *)res->ai_addr;
293 }
294
/usr.sbin/rpcbind/rpcbind.c: 289 in init_transport()
283 hints.ai_family = si.si_af;
284 hints.ai_socktype = si.si_socktype;
285 hints.ai_protocol = si.si_proto;
286 if ((aicode = getaddrinfo(NULL, servname, &hints, &res)) != 0) {
287 warnx("Cannot get local address for `%s' (%s)",
288 nconf->nc_netid, gai_strerror(aicode));
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
289 return 1;
290 }
291 addrlen = res->ai_addrlen;
292 sa = (struct sockaddr *)res->ai_addr;
293 }
294
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
293 }
294
295 if (bind(fd, sa, addrlen) < 0) {
296 warn("Cannot bind `%s'", nconf->nc_netid);
297 if (res != NULL)
298 freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
299 return 1;
300 }
301 if (sa->sa_family == AF_LOCAL)
302 if (chmod(sun.sun_path, S_IRWXU|S_IRWXG|S_IRWXO) == -1)
303 warn("Cannot chmod `%s'", sun.sun_path);
304
/usr.sbin/rpcbind/rpcbind.c: 299 in init_transport()
293 }
294
295 if (bind(fd, sa, addrlen) < 0) {
296 warn("Cannot bind `%s'", nconf->nc_netid);
297 if (res != NULL)
298 freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
299 return 1;
300 }
301 if (sa->sa_family == AF_LOCAL)
302 if (chmod(sun.sun_path, S_IRWXU|S_IRWXG|S_IRWXO) == -1)
303 warn("Cannot chmod `%s'", sun.sun_path);
304
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
307 taddr.addr.buf = malloc(addrlen);
308 if (taddr.addr.buf == NULL) {
309 warn("Cannot allocate memory for `%s' address",
310 nconf->nc_netid);
311 if (res != NULL)
312 freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
313 return 1;
314 }
315 (void)memcpy(taddr.addr.buf, sa, addrlen);
316 #ifdef RPCBIND_DEBUG
317 if (debugging) {
318 /* for debugging print out our universal address */
/usr.sbin/rpcbind/rpcbind.c: 313 in init_transport()
307 taddr.addr.buf = malloc(addrlen);
308 if (taddr.addr.buf == NULL) {
309 warn("Cannot allocate memory for `%s' address",
310 nconf->nc_netid);
311 if (res != NULL)
312 freeaddrinfo(res);
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
313 return 1;
314 }
315 (void)memcpy(taddr.addr.buf, sa, addrlen);
316 #ifdef RPCBIND_DEBUG
317 if (debugging) {
318 /* for debugging print out our universal address */
/usr.sbin/rpcbind/rpcbind.c: 484 in init_transport()
478 fprintf(stderr, "rmtcall fd for %s is %d\n",
479 nconf->nc_netid, status);
480 }
481 }
482 #endif
483 }
>>> CID 978282: Resource leak (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
484 return (0);
485 error:
486 (void)close(fd);
487 return (1);
488 }
489
________________________________________________________________________________________________________
*** CID 978502: Dereference before null check (REVERSE_INULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_ioctl.c: 3091 in zfs_ioc_rollback()
3085 * Destroy clone (which also closes it).
3086 */
3087 (void) dsl_dataset_destroy(clone, FTAG, B_FALSE);
3088
3089 out:
3090 strfree(clone_name);
>>> CID 978502: Dereference before null check (REVERSE_INULL)
>>> Null-checking "ds" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3091 if (ds)
3092 dsl_dataset_rele(ds, FTAG);
3093 return (error);
3094 }
3095
3096 /*
________________________________________________________________________________________________________
*** CID 979065: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
/sys/kern/vfs_wapbl.c: 2700 in wapbl_replay_process()
2694 while (off != head) {
2695 struct wapbl_wc_null *wcn;
2696 off_t saveoff = off;
2697 error = wapbl_circ_read(wr, wr->wr_scratch, logblklen, &off);
2698 if (error)
2699 goto errout;
>>> CID 979065: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wcn" = "(struct wapbl_wc_null *)wr->wr_scratch". Both are now tainted.
2700 wcn = (struct wapbl_wc_null *)wr->wr_scratch;
2701 switch (wcn->wc_type) {
2702 case WAPBL_WC_BLOCKS:
2703 wapbl_replay_process_blocks(wr, &off);
2704 break;
2705
________________________________________________________________________________________________________
*** CID 979066: Untrusted value as argument (TAINTED_SCALAR)
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
2528 wr = wapbl_calloc(1, sizeof(*wr));
2529
2530 wr->wr_logvp = vp;
2531 wr->wr_devvp = devvp;
2532 wr->wr_logpbn = logpbn;
2533
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wr->wr_scratch" = "scratch". Both are now tainted.
2534 wr->wr_scratch = scratch;
2535
2536 wr->wr_log_dev_bshift = wch->wc_log_dev_bshift;
2537 wr->wr_fs_dev_bshift = wch->wc_fs_dev_bshift;
2538 wr->wr_circ_off = wch->wc_circ_off;
2539 wr->wr_circ_size = wch->wc_circ_size;
/sys/kern/vfs_wapbl.c: 2534 in wapbl_replay_start()
2528 wr = wapbl_calloc(1, sizeof(*wr));
2529
2530 wr->wr_logvp = vp;
2531 wr->wr_devvp = devvp;
2532 wr->wr_logpbn = logpbn;
2533
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wr->wr_scratch" = "scratch". Both are now tainted.
2534 wr->wr_scratch = scratch;
2535
2536 wr->wr_log_dev_bshift = wch->wc_log_dev_bshift;
2537 wr->wr_fs_dev_bshift = wch->wc_fs_dev_bshift;
2538 wr->wr_circ_off = wch->wc_circ_off;
2539 wr->wr_circ_size = wch->wc_circ_size;
/sys/kern/vfs_wapbl.c: 2526 in wapbl_replay_start()
2520 printf("Unrecognized wapbl magic: 0x%08x\n", wch->wc_type);
2521 error = EFTYPE;
2522 goto errout;
2523 }
2524
2525 if (wch2->wc_generation > wch->wc_generation)
>>> CID 979066: Untrusted value as argument (TAINTED_SCALAR)
>>> Assigning: "wch" = "wch2". Both are now tainted.
2526 wch = wch2;
2527
2528 wr = wapbl_calloc(1, sizeof(*wr));
2529
2530 wr->wr_logvp = vp;
2531 wr->wr_devvp = devvp;
________________________________________________________________________________________________________
*** CID 987315: Missing break in switch (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 474 in viaOverlayGetSrcStartAddress()
468 int n = 1;
469
470 if ((pUpdate->SrcLeft != 0) || (pUpdate->SrcTop != 0)) {
471 switch (pVia->swov.SrcFourCC) {
472 case FOURCC_RV32:
473 n = 2;
>>> CID 987315: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
474 case FOURCC_YUY2:
475 case FOURCC_UYVY:
476 case FOURCC_RV15:
477 case FOURCC_RV16:
478
479 if (videoFlag & VIDEO_HQV_INUSE) {
________________________________________________________________________________________________________
*** CID 987434: Unsigned compared against 0 (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv_overlay.c: 1762 in SetVideoWindow()
1756 / pScrn->currentMode->VDisplay);
1757 bottom = (pUpdate->DstBottom * pBIOSInfo->Panel->NativeMode->Height
1758 / pScrn->currentMode->VDisplay);
1759 }
1760 }*/
1761
>>> CID 987434: Unsigned compared against 0 (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "top < 0U".
1762 if (top < 0)
1763 top = 0;
1764 else if (top > 2047)
1765 top = 2047;
1766
1767 if (bottom < 0)
________________________________________________________________________________________________________
*** CID 987784: Resource leak (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
668 viaSetColorSpace(pVia, 0, 0, 0, 0, TRUE);
669 pVia->swov.panning_x = 0;
670 pVia->swov.panning_y = 0;
671 pVia->swov.oldPanningX = 0;
672 pVia->swov.oldPanningY = 0;
673 }
>>> CID 987784: Resource leak (RESOURCE_LEAK)
>>> Variable "adaptors" going out of scope leaks the storage it points to.
674 }
675
676 static unsigned
677 viaSetupAdaptors(ScreenPtr pScreen, XF86VideoAdaptorPtr ** adaptors)
678 {
679 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_xv.c: 674 in viaInitVideo()
668 viaSetColorSpace(pVia, 0, 0, 0, 0, TRUE);
669 pVia->swov.panning_x = 0;
670 pVia->swov.panning_y = 0;
671 pVia->swov.oldPanningX = 0;
672 pVia->swov.oldPanningY = 0;
673 }
>>> CID 987784: Resource leak (RESOURCE_LEAK)
>>> Variable "adaptors" going out of scope leaks the storage it points to.
674 }
675
676 static unsigned
677 viaSetupAdaptors(ScreenPtr pScreen, XF86VideoAdaptorPtr ** adaptors)
678 {
679 ScrnInfoPtr pScrn = xf86ScreenToScrn(pScreen);
________________________________________________________________________________________________________
*** CID 988186: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/MesaGLUT/dist/src/glut/glx/glut_cursor.c: 93 in makeBlankCursor()
87 makeBlankCursor(void)
88 {
89 static char data[1] =
90 {0};
91 Cursor cursor;
92 Pixmap blank;
>>> CID 988186: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "dummy" without initializer.
93 XColor dummy;
94
95 blank = XCreateBitmapFromData(__glutDisplay, __glutRoot,
96 data, 1, 1);
97 if (blank == None)
98 __glutFatalError("out of memory.");
________________________________________________________________________________________________________
*** CID 988193: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/beforelight/dist/b4light.c: 294 in main()
288 XEvent event;
289 XScreenSaverNotifyEvent *sevent;
290 XSetWindowAttributes attr;
291 XScreenSaverInfo *info;
292 unsigned long mask;
293 Pixmap blank_pix;
>>> CID 988193: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "dummyColor" without initializer.
294 XColor dummyColor;
295 XID kill_id;
296 Atom kill_type;
297 int i;
298 int (*oldHandler)(Display*, XErrorEvent*);
299 Window r;
________________________________________________________________________________________________________
*** CID 988252: Uninitialized scalar variable (UNINIT)
/home/phil/cov/xsrc/external/mit/xf86-video-openchrome/dist/src/via_exa.c: 569 in viaAccelDMADownload()
563
564 if (err)
565 return err;
566
567 doSync[curBuf] = FALSE;
568 if (useBounceBuffer) {
>>> CID 988252: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "numLines[curBuf]".
569 for (i = 0; i < numLines[curBuf]; ++i) {
570 memcpy(dst, curBlit->mem_addr, w);
571 dst += dstPitch;
572 curBlit->mem_addr += pitch;
573 }
574 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1449?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index