Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-kernel
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
2 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1292486: Insecure data handling (INTEGER_OVERFLOW)
/common/lib/libc/string/consttime_memequal.c: 36 in consttime_memequal()
________________________________________________________________________________________________________
*** CID 1292486: Insecure data handling (INTEGER_OVERFLOW)
/common/lib/libc/string/consttime_memequal.c: 36 in consttime_memequal()
30 *
31 * This is not simply `!res' because although many CPUs support
32 * branchless conditional moves and many compilers will take
33 * advantage of them, certain compilers generate branches on
34 * certain CPUs for `!res'.
35 */
>>> CID 1292486: Insecure data handling (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "1U & (res - 1U >> 8)" used as return value.
36 return (1 & ((res - 1) >> 8));
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1447?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .
Home |
Main Index |
Thread Index |
Old Index