New Defects reported by Coverity Scan for NetBSD-i386-kernel

[scan-admin%coverity.com@localhost]

Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.

13 new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)


** CID 1292486:  Insecure data handling  (INTEGER_OVERFLOW)
/common/lib/libc/string/consttime_memequal.c: 36 in consttime_memequal()


________________________________________________________________________________________________________
*** CID 1292486:  Insecure data handling  (INTEGER_OVERFLOW)
/common/lib/libc/string/consttime_memequal.c: 36 in consttime_memequal()
30     	 *
31     	 * This is not simply `!res' because although many CPUs support
32     	 * branchless conditional moves and many compilers will take
33     	 * advantage of them, certain compilers generate branches on
34     	 * certain CPUs for `!res'.
35     	 */
>>>     CID 1292486:  Insecure data handling  (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "1U & (res - 1U >> 8)" used as return value.
36     	return (1 & ((res - 1) >> 8));


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1450?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .