Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.

6 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
20 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1255585:  Logically dead code  (DEADCODE)
/usr.bin/xlint/lint1/tree.c: 3013 in tsize()

** CID 1255586:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()

** CID 1255587:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()

** CID 1255588:  Resource leak  (RESOURCE_LEAK)
/sys/rump/dev/lib/libnetsmb/netsmb_user.c: 54 in rumpcomp_netsmb_iconv_open()

** CID 1255590:  Sizeof not portable  (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 374 in emitallkobjs()

** CID 1255589:  Sizeof not portable  (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 401 in emitallkobjscb()


________________________________________________________________________________________________________
*** CID 1255585:  Logically dead code  (DEADCODE)
/usr.bin/xlint/lint1/tree.c: 3013 in tsize()
3007     		elem *= tp->t_dim;
3008     		tp = tp->t_subt;
3009     	}
3010     	if (elem == 0) {
3011     		if (!flex) {
3012     			/* cannot take size of incomplete type */
>>>     CID 1255585:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "error(143);".
3013     			error(143);
3014     			elem = 1;
3015     		}
3016     	}
3017     	switch (tp->t_tspec) {
3018     	case FUNC:

________________________________________________________________________________________________________
*** CID 1255586:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
439     
440     #ifdef _REENTRANT
441     static struct arc4random_prng *
442     arc4random_prng_create(void)
443     {
444     	struct arc4random_prng *prng;
>>>     CID 1255586:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
445     	const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
446     
447     	prng = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0);
448     	if (prng == MAP_FAILED)
449     		goto fail0;
450     #ifdef MAP_INHERIT_ZERO
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
439     
440     #ifdef _REENTRANT
441     static struct arc4random_prng *
442     arc4random_prng_create(void)
443     {
444     	struct arc4random_prng *prng;
>>>     CID 1255586:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
445     	const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
446     
447     	prng = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0);
448     	if (prng == MAP_FAILED)
449     		goto fail0;
450     #ifdef MAP_INHERIT_ZERO

________________________________________________________________________________________________________
*** CID 1255587:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
464     #endif
465     
466     #ifdef _REENTRANT
467     static void
468     arc4random_prng_destroy(struct arc4random_prng *prng)
469     {
>>>     CID 1255587:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
470     	const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
471     
472     	(void)explicit_memset(prng, 0, sizeof(*prng));
473     	(void)munmap(prng, size);
474     }
475     #endif
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
464     #endif
465     
466     #ifdef _REENTRANT
467     static void
468     arc4random_prng_destroy(struct arc4random_prng *prng)
469     {
>>>     CID 1255587:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
470     	const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
471     
472     	(void)explicit_memset(prng, 0, sizeof(*prng));
473     	(void)munmap(prng, size);
474     }
475     #endif

________________________________________________________________________________________________________
*** CID 1255588:  Resource leak  (RESOURCE_LEAK)
/sys/rump/dev/lib/libnetsmb/netsmb_user.c: 54 in rumpcomp_netsmb_iconv_open()
48     	else {
49     		if (handle != NULL)
50     			*handle = (void *)cd;
51     		rv = 0;
52     	}
53     
>>>     CID 1255588:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "cd" going out of scope leaks the storage it points to.
54     	return rumpuser_component_errtrans(rv);
55     #else
56     	/* fallback to use dumb copy function */
57     	return 0;
58     #endif
59     }

________________________________________________________________________________________________________
*** CID 1255590:  Sizeof not portable  (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 374 in emitallkobjs()
368     
369     static void
370     emitallkobjs(FILE *fp)
371     {
372     	int i;
373     
>>>     CID 1255590:  Sizeof not portable  (SIZEOF_MISMATCH)
>>>     Passing argument "(size_t)nattrs * 4U /* sizeof (attrbuf) */" to function "emalloc(size_t)" and then casting the return value to "struct attr **" is suspicious.  Did you intend to use "sizeof(*attrbuf)" instead of "sizeof (attrbuf)" ?  In this particular case sizeof(struct attr **) happens to be equal to sizeof(struct attr *), but this is not a portable assumption.
374     	attrbuf = emalloc((size_t)nattrs * sizeof(attrbuf));
375     
376     	ht_enumerate(attrtab, emitallkobjsweighcb, NULL);
377     	ht_enumerate(attrtab, emitallkobjscb, NULL);
378     	qsort(attrbuf, (size_t)attridx, sizeof(struct attr *), attrcmp);
379     

________________________________________________________________________________________________________
*** CID 1255589:  Sizeof not portable  (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 401 in emitallkobjscb()
395     	if (TAILQ_EMPTY(&a->a_files))
396     		return 0;
397     	attrbuf[attridx++] = a;
398     	/* XXX nattrs tracking is not exact yet */
399     	if (attridx == nattrs) {
400     		nattrs *= 2;
>>>     CID 1255589:  Sizeof not portable  (SIZEOF_MISMATCH)
>>>     Passing argument "attrbuf" of type "struct attr **" and argument "(size_t)nattrs * 4U /* sizeof (attrbuf) */" to function "erealloc(void *, size_t)" is suspicious.  Did you intend to use "sizeof(*attrbuf)" instead of "sizeof (attrbuf)" ?  In this particular case sizeof(struct attr **) happens to be equal to sizeof(struct attr *), but this is not a portable assumption.
401     		attrbuf = erealloc(attrbuf, (size_t)nattrs * sizeof(attrbuf));
402     	}
403     	return 0;
404     }
405     
406     static int


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1448?tab=overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py




Home | Main Index | Thread Index | Old Index