Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-i386-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
6 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
20 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1255585: Logically dead code (DEADCODE)
/usr.bin/xlint/lint1/tree.c: 3013 in tsize()
** CID 1255586: Division or modulo by zero (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
** CID 1255587: Division or modulo by zero (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
** CID 1255588: Resource leak (RESOURCE_LEAK)
/sys/rump/dev/lib/libnetsmb/netsmb_user.c: 54 in rumpcomp_netsmb_iconv_open()
** CID 1255590: Sizeof not portable (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 374 in emitallkobjs()
** CID 1255589: Sizeof not portable (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 401 in emitallkobjscb()
________________________________________________________________________________________________________
*** CID 1255585: Logically dead code (DEADCODE)
/usr.bin/xlint/lint1/tree.c: 3013 in tsize()
3007 elem *= tp->t_dim;
3008 tp = tp->t_subt;
3009 }
3010 if (elem == 0) {
3011 if (!flex) {
3012 /* cannot take size of incomplete type */
>>> CID 1255585: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "error(143);".
3013 error(143);
3014 elem = 1;
3015 }
3016 }
3017 switch (tp->t_tspec) {
3018 case FUNC:
________________________________________________________________________________________________________
*** CID 1255586: Division or modulo by zero (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
439
440 #ifdef _REENTRANT
441 static struct arc4random_prng *
442 arc4random_prng_create(void)
443 {
444 struct arc4random_prng *prng;
>>> CID 1255586: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
445 const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
446
447 prng = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0);
448 if (prng == MAP_FAILED)
449 goto fail0;
450 #ifdef MAP_INHERIT_ZERO
/lib/libc/gen/arc4random.c: 445 in arc4random_prng_create()
439
440 #ifdef _REENTRANT
441 static struct arc4random_prng *
442 arc4random_prng_create(void)
443 {
444 struct arc4random_prng *prng;
>>> CID 1255586: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
445 const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
446
447 prng = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0);
448 if (prng == MAP_FAILED)
449 goto fail0;
450 #ifdef MAP_INHERIT_ZERO
________________________________________________________________________________________________________
*** CID 1255587: Division or modulo by zero (DIVIDE_BY_ZERO)
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
464 #endif
465
466 #ifdef _REENTRANT
467 static void
468 arc4random_prng_destroy(struct arc4random_prng *prng)
469 {
>>> CID 1255587: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
470 const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
471
472 (void)explicit_memset(prng, 0, sizeof(*prng));
473 (void)munmap(prng, size);
474 }
475 #endif
/lib/libc/gen/arc4random.c: 470 in arc4random_prng_destroy()
464 #endif
465
466 #ifdef _REENTRANT
467 static void
468 arc4random_prng_destroy(struct arc4random_prng *prng)
469 {
>>> CID 1255587: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "(33UL + (__sysconf(28) - 1L)) / __sysconf(28)", division by expression "__sysconf(28)" which may be zero has undefined behavior.
470 const size_t size = roundup(sizeof(*prng), sysconf(_SC_PAGESIZE));
471
472 (void)explicit_memset(prng, 0, sizeof(*prng));
473 (void)munmap(prng, size);
474 }
475 #endif
________________________________________________________________________________________________________
*** CID 1255588: Resource leak (RESOURCE_LEAK)
/sys/rump/dev/lib/libnetsmb/netsmb_user.c: 54 in rumpcomp_netsmb_iconv_open()
48 else {
49 if (handle != NULL)
50 *handle = (void *)cd;
51 rv = 0;
52 }
53
>>> CID 1255588: Resource leak (RESOURCE_LEAK)
>>> Variable "cd" going out of scope leaks the storage it points to.
54 return rumpuser_component_errtrans(rv);
55 #else
56 /* fallback to use dumb copy function */
57 return 0;
58 #endif
59 }
________________________________________________________________________________________________________
*** CID 1255590: Sizeof not portable (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 374 in emitallkobjs()
368
369 static void
370 emitallkobjs(FILE *fp)
371 {
372 int i;
373
>>> CID 1255590: Sizeof not portable (SIZEOF_MISMATCH)
>>> Passing argument "(size_t)nattrs * 4U /* sizeof (attrbuf) */" to function "emalloc(size_t)" and then casting the return value to "struct attr **" is suspicious. Did you intend to use "sizeof(*attrbuf)" instead of "sizeof (attrbuf)" ? In this particular case sizeof(struct attr **) happens to be equal to sizeof(struct attr *), but this is not a portable assumption.
374 attrbuf = emalloc((size_t)nattrs * sizeof(attrbuf));
375
376 ht_enumerate(attrtab, emitallkobjsweighcb, NULL);
377 ht_enumerate(attrtab, emitallkobjscb, NULL);
378 qsort(attrbuf, (size_t)attridx, sizeof(struct attr *), attrcmp);
379
________________________________________________________________________________________________________
*** CID 1255589: Sizeof not portable (SIZEOF_MISMATCH)
/usr.bin/config/mkmakefile.c: 401 in emitallkobjscb()
395 if (TAILQ_EMPTY(&a->a_files))
396 return 0;
397 attrbuf[attridx++] = a;
398 /* XXX nattrs tracking is not exact yet */
399 if (attridx == nattrs) {
400 nattrs *= 2;
>>> CID 1255589: Sizeof not portable (SIZEOF_MISMATCH)
>>> Passing argument "attrbuf" of type "struct attr **" and argument "(size_t)nattrs * 4U /* sizeof (attrbuf) */" to function "erealloc(void *, size_t)" is suspicious. Did you intend to use "sizeof(*attrbuf)" instead of "sizeof (attrbuf)" ? In this particular case sizeof(struct attr **) happens to be equal to sizeof(struct attr *), but this is not a portable assumption.
401 attrbuf = erealloc(attrbuf, (size_t)nattrs * sizeof(attrbuf));
402 }
403 return 0;
404 }
405
406 static int
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1448?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index