Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
3 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1261465: Dereference after null check (FORWARD_NULL)
/sys/dev/usb/umidi.c: 505 in umidi_open()
** CID 1261466: Out-of-bounds access (OVERRUN)
/sys/fs/smbfs/smbfs_node.c: 150 in smbfs_nget()
** CID 1261467: Structurally dead code (UNREACHABLE)
/sys/dev/usb/umidi.c: 390 in umidi_attach()
________________________________________________________________________________________________________
*** CID 1261465: Dereference after null check (FORWARD_NULL)
/sys/dev/usb/umidi.c: 505 in umidi_open()
499 return EBUSY;
500 if (sc->sc_dying)
501 return EIO;
502
503 mididev->opened = 1;
504 mididev->flags = flags;
>>> CID 1261465: Dereference after null check (FORWARD_NULL)
>>> Comparing "mididev->out_jack" to null implies that "mididev->out_jack" might be null.
505 if ((mididev->flags & FWRITE) && mididev->out_jack) {
506 err = open_out_jack(mididev->out_jack, arg, ointr);
507 if (err != USBD_NORMAL_COMPLETION)
508 goto bad;
509 }
510 if ((mididev->flags & FREAD) && mididev->in_jack) {
________________________________________________________________________________________________________
*** CID 1261466: Out-of-bounds access (OVERRUN)
/sys/fs/smbfs/smbfs_node.c: 150 in smbfs_nget()
144 if (key_len > sizeof(small_key))
145 key = kmem_alloc(key_len, KM_SLEEP);
146 else
147 key = &small_key.u_key;
148 key->k_parent = dvp;
149 key->k_nmlen = nmlen;
>>> CID 1261466: Out-of-bounds access (OVERRUN)
>>> Overrunning struct type smbkey of 0 bytes by passing it to a function which accesses it at byte offset 1 using argument "nmlen" (which evaluates to 2).
150 memcpy(key->k_name, name, nmlen);
151
152 retry:
153 error = vcache_get(mp, key, key_len, &vp);
154 if (error)
155 goto out;
________________________________________________________________________________________________________
*** CID 1261467: Structurally dead code (UNREACHABLE)
/sys/dev/usb/umidi.c: 390 in umidi_attach()
384 "assign_all_jacks_automatically failed. (err=%d)\n", err);
385 goto out_free_jacks;
386 }
387 err = attach_all_mididevs(sc);
388 if (err != USBD_NORMAL_COMPLETION) {
389 goto out_free_jacks;
>>> CID 1261467: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "aprint_error_dev(self, "att...".
390 aprint_error_dev(self,
391 "attach_all_mididevs failed. (err=%d)\n", err);
392 }
393
394 #ifdef UMIDI_DEBUG
395 dump_sc(sc);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1447?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click http://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .
Home |
Main Index |
Thread Index |
Old Index