Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
600 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
1791 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 600 defect(s)
** CID 829: (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/sqlite3.c: 58552 in checkList()
/external/public-domain/sqlite/dist/sqlite3.c: 58570 in checkList()
/external/public-domain/sqlite/dist/sqlite3.c: 58527 in checkList()
________________________________________________________________________________________________________
*** CID 829: (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/sqlite3.c: 58552 in checkList()
58546 if( n>(int)pCheck->pBt->usableSize/4-2 ){
58547 checkAppendMsg(pCheck, zContext,
58548 "freelist leaf count too big on page %d", iPage);
58549 N--;
58550 }else{
58551 for(i=0; i<n; i++){
>>> CID 829: (TAINTED_SCALAR)
>>> Assigning: "iFreePage" = "sqlite3Get4byte", which taints "iFreePage".
58552 Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
58553 #ifndef SQLITE_OMIT_AUTOVACUUM
58554 if( pCheck->pBt->autoVacuum ){
58555 checkPtrmap(pCheck, iFreePage, PTRMAP_FREEPAGE, 0, zContext);
58556 }
58557 #endif
/external/public-domain/sqlite/dist/sqlite3.c: 58570 in checkList()
58564 else{
58565 /* If this database supports auto-vacuum and iPage is not the last
58566 ** page in this overflow list, check that the pointer-map entry for
58567 ** the following page matches iPage.
58568 */
58569 if( pCheck->pBt->autoVacuum && N>0 ){
>>> CID 829: (TAINTED_SCALAR)
>>> Assigning: "i" = "sqlite3Get4byte", which taints "i".
58570 i = get4byte(pOvflData);
58571 checkPtrmap(pCheck, i, PTRMAP_OVERFLOW2, iPage, zContext);
58572 }
58573 }
58574 #endif
58575 iPage = get4byte(pOvflData);
/external/public-domain/sqlite/dist/sqlite3.c: 58527 in checkList()
58521 int i;
58522 int expected = N;
58523 int iFirst = iPage;
58524 while( N-- > 0 && pCheck->mxErr ){
58525 DbPage *pOvflPage;
58526 unsigned char *pOvflData;
>>> CID 829: (TAINTED_SCALAR)
>>> Checking lower bounds of signed scalar "iPage" by "iPage < 1".
58527 if( iPage<1 ){
58528 checkAppendMsg(pCheck, zContext,
58529 "%d of %d pages missing from overflow list starting at %d",
58530 N+1, expected, iFirst);
58531 break;
58532 }
** CID 832: (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/sqlite3.c: 58763 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58778 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58778 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58783 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58783 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58675 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58687 in checkTreePage()
/external/public-domain/sqlite/dist/sqlite3.c: 58702 in checkTreePage()
________________________________________________________________________________________________________
*** CID 832: (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/sqlite3.c: 58763 in checkTreePage()
58757 int contentOffset = get2byteNotZero(&data[hdr+5]);
58758 assert( contentOffset<=usableSize ); /* Enforced by btreeInitPage() */
58759 memset(hit+contentOffset, 0, usableSize-contentOffset);
58760 memset(hit, 1, contentOffset);
58761 nCell = get2byte(&data[hdr+3]);
58762 cellStart = hdr + 12 - 4*pPage->leaf;
>>> CID 832: (TAINTED_SCALAR)
>>> Using tainted variable "nCell" as a loop boundary.
58763 for(i=0; i<nCell; i++){
58764 int pc = get2byte(&data[cellStart+i*2]);
58765 u32 size = 65536;
58766 int j;
58767 if( pc<=usableSize-4 ){
58768 size = cellSizePtr(pPage, &data[pc]);
/external/public-domain/sqlite/dist/sqlite3.c: 58778 in checkTreePage()
58772 "Corruption detected in cell %d on page %d",i,iPage);
58773 }else{
58774 for(j=pc+size-1; j>=pc; j--) hit[j]++;
58775 }
58776 }
58777 i = get2byte(&data[hdr+1]);
>>> CID 832: (TAINTED_SCALAR)
>>> Using tainted variable "i" as a loop boundary.
58778 while( i>0 ){
58779 int size, j;
58780 assert( i<=usableSize-4 ); /* Enforced by btreeInitPage() */
58781 size = get2byte(&data[i+2]);
58782 assert( i+size<=usableSize ); /* Enforced by btreeInitPage() */
58783 for(j=i+size-1; j>=i; j--) hit[j]++;
/external/public-domain/sqlite/dist/sqlite3.c: 58778 in checkTreePage()
58772 "Corruption detected in cell %d on page %d",i,iPage);
58773 }else{
58774 for(j=pc+size-1; j>=pc; j--) hit[j]++;
58775 }
58776 }
58777 i = get2byte(&data[hdr+1]);
>>> CID 832: (TAINTED_SCALAR)
>>> Using tainted variable "i" as a loop boundary.
58778 while( i>0 ){
58779 int size, j;
58780 assert( i<=usableSize-4 ); /* Enforced by btreeInitPage() */
58781 size = get2byte(&data[i+2]);
58782 assert( i+size<=usableSize ); /* Enforced by btreeInitPage() */
58783 for(j=i+size-1; j>=i; j--) hit[j]++;
/external/public-domain/sqlite/dist/sqlite3.c: 58783 in checkTreePage()
58777 i = get2byte(&data[hdr+1]);
58778 while( i>0 ){
58779 int size, j;
58780 assert( i<=usableSize-4 ); /* Enforced by btreeInitPage() */
58781 size = get2byte(&data[i+2]);
58782 assert( i+size<=usableSize ); /* Enforced by btreeInitPage() */
>>> CID 832: (TAINTED_SCALAR)
>>> Using tainted variable "j" as an index to pointer "hit".
58783 for(j=i+size-1; j>=i; j--) hit[j]++;
58784 j = get2byte(&data[i]);
58785 assert( j==0 || j>i+size ); /* Enforced by btreeInitPage() */
58786 assert( j<=usableSize-4 ); /* Enforced by btreeInitPage() */
58787 i = j;
58788 }
/external/public-domain/sqlite/dist/sqlite3.c: 58783 in checkTreePage()
58777 i = get2byte(&data[hdr+1]);
58778 while( i>0 ){
58779 int size, j;
58780 assert( i<=usableSize-4 ); /* Enforced by btreeInitPage() */
58781 size = get2byte(&data[i+2]);
58782 assert( i+size<=usableSize ); /* Enforced by btreeInitPage() */
>>> CID 832: (TAINTED_SCALAR)
>>> Using tainted variable "j" as a loop boundary.
58783 for(j=i+size-1; j>=i; j--) hit[j]++;
58784 j = get2byte(&data[i]);
58785 assert( j==0 || j>i+size ); /* Enforced by btreeInitPage() */
58786 assert( j<=usableSize-4 ); /* Enforced by btreeInitPage() */
58787 i = j;
58788 }
/external/public-domain/sqlite/dist/sqlite3.c: 58675 in checkTreePage()
58669 }
58670 assert( sz==info.nPayload );
58671 if( (sz>info.nLocal)
58672 && (&pCell[info.iOverflow]<=&pPage->aData[pBt->usableSize])
58673 ){
58674 int nPage = (sz - info.nLocal + usableSize - 5)/(usableSize - 4);
>>> CID 832: (TAINTED_SCALAR)
>>> Assigning: "pgnoOvfl" = "sqlite3Get4byte", which taints "pgnoOvfl".
58675 Pgno pgnoOvfl = get4byte(&pCell[info.iOverflow]);
58676 #ifndef SQLITE_OMIT_AUTOVACUUM
58677 if( pBt->autoVacuum ){
58678 checkPtrmap(pCheck, pgnoOvfl, PTRMAP_OVERFLOW1, iPage, zContext);
58679 }
58680 #endif
/external/public-domain/sqlite/dist/sqlite3.c: 58687 in checkTreePage()
58681 checkList(pCheck, 0, pgnoOvfl, nPage, zContext);
58682 }
58683
58684 /* Check sanity of left child page.
58685 */
58686 if( !pPage->leaf ){
>>> CID 832: (TAINTED_SCALAR)
>>> Assigning: "pgno" = "sqlite3Get4byte", which taints "pgno".
58687 pgno = get4byte(pCell);
58688 #ifndef SQLITE_OMIT_AUTOVACUUM
58689 if( pBt->autoVacuum ){
58690 checkPtrmap(pCheck, pgno, PTRMAP_BTREE, iPage, zContext);
58691 }
58692 #endif
/external/public-domain/sqlite/dist/sqlite3.c: 58702 in checkTreePage()
58696 }
58697 depth = d2;
58698 }
58699 }
58700
58701 if( !pPage->leaf ){
>>> CID 832: (TAINTED_SCALAR)
>>> Assigning: "pgno" = "sqlite3Get4byte", which taints "pgno".
58702 pgno = get4byte(&pPage->aData[pPage->hdrOffset+8]);
58703 sqlite3_snprintf(sizeof(zContext), zContext,
58704 "On page %d at right child: ", iPage);
58705 #ifndef SQLITE_OMIT_AUTOVACUUM
58706 if( pBt->autoVacuum ){
58707 checkPtrmap(pCheck, pgno, PTRMAP_BTREE, iPage, zContext);
** CID 1010: Error handling issues (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 92078 in fkScanChildren()
________________________________________________________________________________________________________
*** CID 1010: Error handling issues (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 92078 in fkScanChildren()
92072 }
92073
92074 /* Resolve the references in the WHERE clause. */
92075 memset(&sNameContext, 0, sizeof(NameContext));
92076 sNameContext.pSrcList = pSrc;
92077 sNameContext.pParse = pParse;
>>> CID 1010: Error handling issues (CHECKED_RETURN)
>>> Calling "sqlite3ResolveExprNames" without checking return value (as is done elsewhere 13 out of 15 times).
92078 sqlite3ResolveExprNames(&sNameContext, pWhere);
92079
92080 /* Create VDBE to loop through the entries in pSrc that match the WHERE
92081 ** clause. If the constraint is not deferred, throw an exception for
92082 ** each row found. Otherwise, for deferred constraints, increment the
92083 ** deferred constraint counter by nIncr for each row selected. */
** CID 1037: Null pointer dereferences (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 92731 in fkActionTrigger()
________________________________________________________________________________________________________
*** CID 1037: Null pointer dereferences (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 92731 in fkActionTrigger()
92725 case OE_Cascade:
92726 if( !pChanges ){
92727 pStep->op = TK_DELETE;
92728 break;
92729 }
92730 default:
>>> CID 1037: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "pStep".
92731 pStep->op = TK_UPDATE;
92732 }
92733 pStep->pTrig = pTrigger;
92734 pTrigger->pSchema = pTab->pSchema;
92735 pTrigger->pTabSchema = pTab->pSchema;
92736 pFKey->apTrigger[iAction] = pTrigger;
** CID 1221: Null pointer dereferences (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 136840 in fts3SegmentMerge()
________________________________________________________________________________________________________
*** CID 1221: Null pointer dereferences (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 136840 in fts3SegmentMerge()
136834 int iIndex, /* Index in p->aIndex[] to merge */
136835 int iLevel /* Level to merge */
136836 ){
136837 int rc; /* Return code */
136838 int iIdx = 0; /* Index of new segment */
136839 sqlite3_int64 iNewLevel = 0; /* Level/index to create new segment at */
>>> CID 1221: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pWriter" = "NULL".
136840 SegmentWriter *pWriter = 0; /* Used to write the new, merged, segment */
136841 Fts3SegFilter filter; /* Segment term filter condition */
136842 Fts3MultiSegReader csr; /* Cursor to iterate through level(s) */
136843 int bIgnoreEmpty = 0; /* True to ignore empty segments */
136844
136845 assert( iLevel==FTS3_SEGCURSOR_ALL
** CID 94002: (FORWARD_NULL)
/external/gpl2/lvm2/dist/lib/activate/dev_manager.c: 314 in _status()
/external/gpl2/lvm2/dist/lib/activate/dev_manager.c: 314 in _status()
/external/gpl2/lvm2/dist/lib/activate/dev_manager.c: 318 in _status()
________________________________________________________________________________________________________
*** CID 94002: (FORWARD_NULL)
/external/gpl2/lvm2/dist/lib/activate/dev_manager.c: 314 in _status()
308 static int _status(const char *name, const char *uuid,
309 unsigned long long *start, unsigned long long *length,
310 char **type, uint32_t type_size, char **params,
311 uint32_t param_size)
312 {
313 if (uuid && *uuid) {
>>> CID 94002: (FORWARD_NULL)
>>> Comparing "*params" to null implies that "*params" might be null.
314 if (_status_run(NULL, uuid, start, length, type,
315 type_size, params, param_size) &&
316 *params)
317 return 1;
318 else if (_status_run(NULL, uuid + sizeof(UUID_PREFIX) - 1, start,
319 length, type, type_size, params,
/external/gpl2/lvm2/dist/lib/activate/dev_manager.c: 314 in _status()
308 static int _status(const char *name, const char *uuid,
309 unsigned long long *start, unsigned long long *length,
310 char **type, uint32_t type_size, char **params,
311 uint32_t param_size)
312 {
313 if (uuid && *uuid) {
>>> CID 94002: (FORWARD_NULL)
>>> Comparing "*params" to null implies that "*params" might be null.
314 if (_status_run(NULL, uuid, start, length, type,
315 type_size, params, param_size) &&
316 *params)
317 return 1;
318 else if (_status_run(NULL, uuid + sizeof(UUID_PREFIX) - 1, start,
319 length, type, type_size, params,
/external/gpl2/lvm2/dist/lib/activate/dev_manager.c: 318 in _status()
312 {
313 if (uuid && *uuid) {
314 if (_status_run(NULL, uuid, start, length, type,
315 type_size, params, param_size) &&
316 *params)
317 return 1;
>>> CID 94002: (FORWARD_NULL)
>>> Comparing "*params" to null implies that "*params" might be null.
318 else if (_status_run(NULL, uuid + sizeof(UUID_PREFIX) - 1, start,
319 length, type, type_size, params,
320 param_size) &&
321 *params)
322 return 1;
323 }
** CID 94102: Error handling issues (CHECKED_RETURN)
/external/gpl2/lvm2/dist/lib/metadata/lv_manip.c: 2791 in set_lv()
________________________________________________________________________________________________________
*** CID 94102: Error handling issues (CHECKED_RETURN)
/external/gpl2/lvm2/dist/lib/metadata/lv_manip.c: 2791 in set_lv()
2785 if (!sectors)
2786 sectors = UINT64_C(4096) >> SECTOR_SHIFT;
2787
2788 if (sectors > lv->size)
2789 sectors = lv->size;
2790
>>> CID 94102: Error handling issues (CHECKED_RETURN)
>>> Calling "dev_set" without checking return value (as is done elsewhere 6 out of 7 times).
2791 dev_set(dev, UINT64_C(0), (size_t) sectors << SECTOR_SHIFT, value);
2792 dev_flush(dev);
2793 dev_close_immediate(dev);
2794
2795 return 1;
2796 }
** CID 220011: Null pointer dereferences (FORWARD_NULL)
/external/mit/expat/dist/lib/xmlparse.c: 4448 in doProlog()
________________________________________________________________________________________________________
*** CID 220011: Null pointer dereferences (FORWARD_NULL)
/external/mit/expat/dist/lib/xmlparse.c: 4448 in doProlog()
4442 }
4443 groupConnector[prologState.level] = 0;
4444 if (dtd->in_eldecl) {
4445 int myindex = nextScaffoldPart(parser);
4446 if (myindex < 0)
4447 return XML_ERROR_NO_MEMORY;
>>> CID 220011: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "dtd->scaffIndex".
4448 dtd->scaffIndex[dtd->scaffLevel] = myindex;
4449 dtd->scaffLevel++;
4450 dtd->scaffold[myindex].type = XML_CTYPE_SEQ;
4451 if (elementDeclHandler)
4452 handleDefault = XML_FALSE;
4453 }
** CID 240721: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/kdc/digest.c: 1455 in _kdc_do_digest()
/crypto/external/bsd/heimdal/dist/kdc/digest.c: 342 in _kdc_do_digest()
________________________________________________________________________________________________________
*** CID 240721: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/kdc/digest.c: 1455 in _kdc_do_digest()
1449
1450 {
1451 krb5_keyblock *key;
1452
1453 ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
1454 if (ret)
>>> CID 240721: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
1455 goto out;
1456
1457 ret = krb5_crypto_init(context, key, 0, &crypto);
1458 krb5_free_keyblock (context, key);
1459 if (ret)
1460 goto out;
/crypto/external/bsd/heimdal/dist/kdc/digest.c: 342 in _kdc_do_digest()
336 /* unpack request */
337 {
338 krb5_keyblock *key;
339
340 ret = krb5_auth_con_getremotesubkey(context, ac, &key);
341 if (ret)
>>> CID 240721: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
342 goto out;
343 if (key == NULL) {
344 ret = EINVAL;
345 krb5_set_error_message(context, ret, "digest: remote subkey not found");
346 goto out;
347 }
** CID 240736: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/lib/libgssapi/obj/krb5__accept_sec_context.c: 600 in gsskrb5_acceptor_start()
/compat/amd64/i386/obj/crypto/external/bsd/heimdal/lib/libgssapi/krb5__accept_sec_context.c: 600 in gsskrb5_acceptor_start()
________________________________________________________________________________________________________
*** CID 240736: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/lib/libgssapi/obj/krb5__accept_sec_context.c: 600 in gsskrb5_acceptor_start()
594 ctx->auth_context,
595 rkey);
596 if (kret == 0)
597 use_subkey = 1;
598 krb5_free_keyblock(context, rkey);
599 }
>>> CID 240736: (RESOURCE_LEAK)
>>> Variable "rkey" going out of scope leaks the storage it points to.
600 }
601 if (use_subkey) {
602 ctx->more_flags |= ACCEPTOR_SUBKEY;
603 krb5_auth_con_addflags(context, ctx->auth_context,
604 KRB5_AUTH_CONTEXT_USE_SUBKEY,
605 NULL);
/compat/amd64/i386/obj/crypto/external/bsd/heimdal/lib/libgssapi/krb5__accept_sec_context.c: 600 in gsskrb5_acceptor_start()
594 ctx->auth_context,
595 rkey);
596 if (kret == 0)
597 use_subkey = 1;
598 krb5_free_keyblock(context, rkey);
599 }
>>> CID 240736: (RESOURCE_LEAK)
>>> Variable "rkey" going out of scope leaks the storage it points to.
600 }
601 if (use_subkey) {
602 ctx->more_flags |= ACCEPTOR_SUBKEY;
603 krb5_auth_con_addflags(context, ctx->auth_context,
604 KRB5_AUTH_CONTEXT_USE_SUBKEY,
605 NULL);
** CID 241063: (CHECKED_RETURN)
/compat/amd64/i386/obj/crypto/external/bsd/heimdal/lib/libgssapi/krb5__creds.c: 250 in _gsskrb5_import_cred()
/crypto/external/bsd/heimdal/lib/libgssapi/obj/krb5__creds.c: 250 in _gsskrb5_import_cred()
________________________________________________________________________________________________________
*** CID 241063: (CHECKED_RETURN)
/compat/amd64/i386/obj/crypto/external/bsd/heimdal/lib/libgssapi/krb5__creds.c: 250 in _gsskrb5_import_cred()
244 krb5_cc_close(context, id);
245 *minor_status = ENOMEM;
246 return GSS_S_FAILURE;
247 }
248
249 handle->usage = GSS_C_INITIATE;
>>> CID 241063: (CHECKED_RETURN)
>>> Calling "krb5_cc_get_principal" without checking return value (as is done elsewhere 39 out of 41 times).
250 krb5_cc_get_principal(context, id, &handle->principal);
251 handle->ccache = id;
252 handle->cred_flags = flags;
253
254 *cred_handle = (gss_cred_id_t)handle;
255
256 return GSS_S_COMPLETE;
/crypto/external/bsd/heimdal/lib/libgssapi/obj/krb5__creds.c: 250 in _gsskrb5_import_cred()
244 krb5_cc_close(context, id);
245 *minor_status = ENOMEM;
246 return GSS_S_FAILURE;
247 }
248
249 handle->usage = GSS_C_INITIATE;
>>> CID 241063: (CHECKED_RETURN)
>>> Calling "krb5_cc_get_principal" without checking return value (as is done elsewhere 39 out of 41 times).
250 krb5_cc_get_principal(context, id, &handle->principal);
251 handle->ccache = id;
252 handle->cred_flags = flags;
253
254 *cred_handle = (gss_cred_id_t)handle;
255
256 return GSS_S_COMPLETE;
** CID 241476: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/kdc/misc.c: 82 in _kdc_db_fetch()
/crypto/external/bsd/heimdal/dist/kdc/misc.c: 116 in _kdc_db_fetch()
________________________________________________________________________________________________________
*** CID 241476: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/kdc/misc.c: 82 in _kdc_db_fetch()
76 return ret;
77 }
78 ret = krb5_parse_name(context, principal->name.name_string.val[0],
79 &enterprise_principal);
80 if (ret) {
81 free(ent);
>>> CID 241476: (RESOURCE_LEAK)
>>> Returning without freeing "principal" leaks the storage that it points to.
82 return ret;
83 }
84
85 principal = enterprise_principal;
86 }
87
/crypto/external/bsd/heimdal/dist/kdc/misc.c: 116 in _kdc_db_fetch()
110 return 0;
111 }
112 }
113 free(ent);
114 krb5_set_error_message(context, ret,
115 "no such entry found in hdb");
>>> CID 241476: (RESOURCE_LEAK)
>>> Returning without freeing "principal" leaks the storage that it points to.
116 return ret;
117 }
118
119 void
120 _kdc_free_ent(krb5_context context, hdb_entry_ex *ent)
121 {
** CID 241489: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/lib/hdb/mkey.c: 590 in hdb_set_master_keyfile()
________________________________________________________________________________________________________
*** CID 241489: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/lib/hdb/mkey.c: 590 in hdb_set_master_keyfile()
584 hdb_master_key key;
585 krb5_error_code ret;
586
587 ret = hdb_read_master_key(context, keyfile, &key);
588 if (ret) {
589 if (ret != ENOENT)
>>> CID 241489: Resource leaks (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
590 return ret;
591 krb5_clear_error_message(context);
592 return 0;
593 }
594 db->hdb_master_key = key;
595 db->hdb_master_key_set = 1;
** CID 271717: (RESOURCE_LEAK)
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2922 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2902 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2907 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3207 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2585 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2612 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2626 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2670 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2736 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2754 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2763 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2771 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2797 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2876 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3030 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3195 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3215 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3221 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3253 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2577 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2596 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2604 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2634 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2643 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2651 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2663 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2676 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2682 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2701 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2793 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3026 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3040 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3052 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3132 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3146 in parse_upto()
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3181 in parse_upto()
________________________________________________________________________________________________________
*** CID 271717: (RESOURCE_LEAK)
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2922 in parse_upto()
2916 int sub_position = position;
2917 struct format_arg_list *sub_list =
2918 (list != NULL ? copy_list (list) : NULL);
2919 if (!parse_upto (formatp, &sub_position, &sub_list, escapep,
2920 NULL, spec, ']', false,
2921 invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2922 return false;
2923 if (sub_list != NULL)
2924 {
2925 if (union_position == -2)
2926 union_position = sub_position;
2927 else if (sub_position < 0
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2902 in parse_upto()
2896 FAT_LIST, empty_list);
2897 free_list (empty_list);
2898 }
2899 if (!parse_upto (formatp, &sub_position, &sub_list, escapep,
2900 &sub_separator, spec, ']', true,
2901 invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2902 return false;
2903 if (!sub_separator)
2904 {
2905 *invalid_reason =
2906 xasprintf (_("In the directive number %u, '~:[' is not followed by two clauses, separated by '~;'."), spec->directives);
2907 return false;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2907 in parse_upto()
2901 invalid_reason))
2902 return false;
2903 if (!sub_separator)
2904 {
2905 *invalid_reason =
2906 xasprintf (_("In the directive number %u, '~:[' is not followed by two clauses, separated by '~;'."), spec->directives);
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2907 return false;
2908 }
2909 if (sub_list != NULL)
2910 union_position = sub_position;
2911 union_list = union (union_list, sub_list);
2912 }
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3207 in parse_upto()
3201 struct format_arg_list *this_escape = copy_list (list);
3202 if (position >= 0)
3203 this_escape = add_end_constraint (this_escape, position);
3204 escape = union (escape, this_escape);
3205 }
3206 if (position >= 0)
>>> CID 271717: (RESOURCE_LEAK)
>>> Overwriting "list" in "list = add_required_constraint(list, position)" leaks the storage that "list" points to.
3207 list = add_required_constraint (list, position);
3208 break;
3209
3210 case ';': /* 22.3.9.1 FORMAT-SEPARATOR */
3211 if (!separator)
3212 {
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2585 in parse_upto()
2579 add_req_type_constraint (&list, position++, FAT_OBJECT);
2580 break;
2581
2582 case 'W': case 'w': /* 22.3.4.3 FORMAT-WRITE */
2583 if (!check_params (&list, paramcount, params, 0, NULL,
2584 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2585 return false;
2586 if (position >= 0)
2587 add_req_type_constraint (&list, position++, FAT_OBJECT);
2588 break;
2589
2590 case 'D': case 'd': /* 22.3.2.2 FORMAT-DECIMAL */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2612 in parse_upto()
2606 add_req_type_constraint (&list, position++, FAT_INTEGER);
2607 break;
2608
2609 case 'P': case 'p': /* 22.3.8.3 FORMAT-PLURAL */
2610 if (!check_params (&list, paramcount, params, 0, NULL,
2611 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2612 return false;
2613 if (colon_p)
2614 {
2615 /* Go back by 1 argument. */
2616 if (position > 0)
2617 position--;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2626 in parse_upto()
2620 add_req_type_constraint (&list, position++, FAT_OBJECT);
2621 break;
2622
2623 case 'C': case 'c': /* 22.3.1.1 FORMAT-CHARACTER */
2624 if (!check_params (&list, paramcount, params, 0, NULL,
2625 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2626 return false;
2627 if (position >= 0)
2628 add_req_type_constraint (&list, position++, FAT_CHARACTER);
2629 break;
2630
2631 case 'F': case 'f': /* 22.3.3.1 FORMAT-FIXED-FLOAT */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2670 in parse_upto()
2664 break;
2665
2666 case '\n': /* 22.3.9.3 #\Newline */
2667 case '_': /* 22.3.5.1 */
2668 if (!check_params (&list, paramcount, params, 0, NULL,
2669 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2670 return false;
2671 break;
2672
2673 case 'T': case 't': /* 22.3.6.1 FORMAT-TABULATE */
2674 if (!check_params (&list, paramcount, params, 2, II,
2675 spec->directives, invalid_reason))
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2736 in parse_upto()
2730 }
2731 break;
2732
2733 case '?': /* 22.3.7.6 FORMAT-INDIRECTION */
2734 if (!check_params (&list, paramcount, params, 0, NULL,
2735 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2736 return false;
2737 if (position >= 0)
2738 add_req_type_constraint (&list, position++, FAT_FORMATSTRING);
2739 if (atsign_p)
2740 position = -1;
2741 else
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2754 in parse_upto()
2748 }
2749 break;
2750
2751 case '/': /* 22.3.5.4 FORMAT-CALL-USER-FUNCTION */
2752 if (!check_params (&list, paramcount, params, 0, NULL,
2753 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2754 return false;
2755 if (position >= 0)
2756 add_req_type_constraint (&list, position++, FAT_OBJECT);
2757 while (*format != '\0' && *format != '/')
2758 format++;
2759 if (*format == '\0')
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2763 in parse_upto()
2757 while (*format != '\0' && *format != '/')
2758 format++;
2759 if (*format == '\0')
2760 {
2761 *invalid_reason =
2762 xstrdup (_("The string ends in the middle of a ~/.../ directive."));
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2763 return false;
2764 }
2765 format++;
2766 break;
2767
2768 case '(': /* 22.3.8.1 FORMAT-CASE-CONVERSION */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2771 in parse_upto()
2765 format++;
2766 break;
2767
2768 case '(': /* 22.3.8.1 FORMAT-CASE-CONVERSION */
2769 if (!check_params (&list, paramcount, params, 0, NULL,
2770 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2771 return false;
2772 *formatp = format;
2773 *positionp = position;
2774 *listp = list;
2775 *escapep = escape;
2776 {
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2797 in parse_upto()
2791 *invalid_reason =
2792 xasprintf (_("Found '~%c' without matching '~%c'."), ')', '(');
2793 return false;
2794 }
2795 if (!check_params (&list, paramcount, params, 0, NULL,
2796 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2797 return false;
2798 *formatp = format;
2799 *positionp = position;
2800 *listp = list;
2801 *escapep = escape;
2802 return true;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2876 in parse_upto()
2870 {
2871 int union_position;
2872 struct format_arg_list *union_list;
2873
2874 if (!check_params (&list, paramcount, params, 0, NULL,
2875 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2876 return false;
2877
2878 if (position >= 0)
2879 add_req_type_constraint (&list, position++, FAT_OBJECT);
2880
2881 *formatp = format;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3030 in parse_upto()
3024 *invalid_reason =
3025 xasprintf (_("Found '~%c' without matching '~%c'."), ']', '[');
3026 return false;
3027 }
3028 if (!check_params (&list, paramcount, params, 0, NULL,
3029 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3030 return false;
3031 *formatp = format;
3032 *positionp = position;
3033 *listp = list;
3034 *escapep = escape;
3035 return true;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3195 in parse_upto()
3189 *escapep = escape;
3190 return true;
3191
3192 case '^': /* 22.3.9.2 FORMAT-UP-AND-OUT */
3193 if (!check_params (&list, paramcount, params, 3, THREE,
3194 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3195 return false;
3196 if (position >= 0 && list != NULL && is_required (list, position))
3197 /* This ~^ can never be executed. Ignore it. */
3198 break;
3199 if (list != NULL)
3200 {
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3215 in parse_upto()
3209
3210 case ';': /* 22.3.9.1 FORMAT-SEPARATOR */
3211 if (!separator)
3212 {
3213 *invalid_reason =
3214 xasprintf (_("In the directive number %u, '~;' is used in an invalid position."), spec->directives);
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3215 return false;
3216 }
3217 if (terminator == '>')
3218 {
3219 if (!check_params (&list, paramcount, params, 1, I,
3220 spec->directives, invalid_reason))
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3221 in parse_upto()
3215 return false;
3216 }
3217 if (terminator == '>')
3218 {
3219 if (!check_params (&list, paramcount, params, 1, I,
3220 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3221 return false;
3222 }
3223 else
3224 {
3225 if (!check_params (&list, paramcount, params, 0, NULL,
3226 spec->directives, invalid_reason))
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3253 in parse_upto()
3247 default:
3248 --format;
3249 *invalid_reason =
3250 (*format == '\0'
3251 ? INVALID_UNTERMINATED_DIRECTIVE ()
3252 : INVALID_CONVERSION_SPECIFIER (spec->directives, *format));
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3253 return false;
3254 }
3255
3256 free (params);
3257 }
3258
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2577 in parse_upto()
2571 switch (*format++)
2572 {
2573 case 'A': case 'a': /* 22.3.4.1 FORMAT-ASCII */
2574 case 'S': case 's': /* 22.3.4.2 FORMAT-S-EXPRESSION */
2575 if (!check_params (&list, paramcount, params, 4, IIIC,
2576 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2577 return false;
2578 if (position >= 0)
2579 add_req_type_constraint (&list, position++, FAT_OBJECT);
2580 break;
2581
2582 case 'W': case 'w': /* 22.3.4.3 FORMAT-WRITE */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2596 in parse_upto()
2590 case 'D': case 'd': /* 22.3.2.2 FORMAT-DECIMAL */
2591 case 'B': case 'b': /* 22.3.2.3 FORMAT-BINARY */
2592 case 'O': case 'o': /* 22.3.2.4 FORMAT-OCTAL */
2593 case 'X': case 'x': /* 22.3.2.5 FORMAT-HEXADECIMAL */
2594 if (!check_params (&list, paramcount, params, 4, ICCI,
2595 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2596 return false;
2597 if (position >= 0)
2598 add_req_type_constraint (&list, position++, FAT_INTEGER);
2599 break;
2600
2601 case 'R': case 'r': /* 22.3.2.1 FORMAT-RADIX */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2604 in parse_upto()
2598 add_req_type_constraint (&list, position++, FAT_INTEGER);
2599 break;
2600
2601 case 'R': case 'r': /* 22.3.2.1 FORMAT-RADIX */
2602 if (!check_params (&list, paramcount, params, 5, IICCI,
2603 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2604 return false;
2605 if (position >= 0)
2606 add_req_type_constraint (&list, position++, FAT_INTEGER);
2607 break;
2608
2609 case 'P': case 'p': /* 22.3.8.3 FORMAT-PLURAL */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2634 in parse_upto()
2628 add_req_type_constraint (&list, position++, FAT_CHARACTER);
2629 break;
2630
2631 case 'F': case 'f': /* 22.3.3.1 FORMAT-FIXED-FLOAT */
2632 if (!check_params (&list, paramcount, params, 5, IIICC,
2633 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2634 return false;
2635 if (position >= 0)
2636 add_req_type_constraint (&list, position++, FAT_REAL);
2637 break;
2638
2639 case 'E': case 'e': /* 22.3.3.2 FORMAT-EXPONENTIAL-FLOAT */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2643 in parse_upto()
2637 break;
2638
2639 case 'E': case 'e': /* 22.3.3.2 FORMAT-EXPONENTIAL-FLOAT */
2640 case 'G': case 'g': /* 22.3.3.3 FORMAT-GENERAL-FLOAT */
2641 if (!check_params (&list, paramcount, params, 7, IIIICCC,
2642 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2643 return false;
2644 if (position >= 0)
2645 add_req_type_constraint (&list, position++, FAT_REAL);
2646 break;
2647
2648 case '$': /* 22.3.3.4 FORMAT-DOLLARS-FLOAT */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2651 in parse_upto()
2645 add_req_type_constraint (&list, position++, FAT_REAL);
2646 break;
2647
2648 case '$': /* 22.3.3.4 FORMAT-DOLLARS-FLOAT */
2649 if (!check_params (&list, paramcount, params, 4, IIIC,
2650 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2651 return false;
2652 if (position >= 0)
2653 add_req_type_constraint (&list, position++, FAT_REAL);
2654 break;
2655
2656 case '%': /* 22.3.1.2 FORMAT-TERPRI */
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2663 in parse_upto()
2657 case '&': /* 22.3.1.3 FORMAT-FRESH-LINE */
2658 case '|': /* 22.3.1.4 FORMAT-PAGE */
2659 case '~': /* 22.3.1.5 FORMAT-TILDE */
2660 case 'I': case 'i': /* 22.3.5.3 */
2661 if (!check_params (&list, paramcount, params, 1, I,
2662 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2663 return false;
2664 break;
2665
2666 case '\n': /* 22.3.9.3 #\Newline */
2667 case '_': /* 22.3.5.1 */
2668 if (!check_params (&list, paramcount, params, 0, NULL,
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2676 in parse_upto()
2670 return false;
2671 break;
2672
2673 case 'T': case 't': /* 22.3.6.1 FORMAT-TABULATE */
2674 if (!check_params (&list, paramcount, params, 2, II,
2675 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2676 return false;
2677 break;
2678
2679 case '*': /* 22.3.7.1 FORMAT-GOTO */
2680 if (!check_params (&list, paramcount, params, 1, I,
2681 spec->directives, invalid_reason))
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2682 in parse_upto()
2676 return false;
2677 break;
2678
2679 case '*': /* 22.3.7.1 FORMAT-GOTO */
2680 if (!check_params (&list, paramcount, params, 1, I,
2681 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2682 return false;
2683 {
2684 int n; /* value of first parameter */
2685 if (paramcount == 0
2686 || (paramcount >= 1 && params[0].type == PT_NIL))
2687 n = (atsign_p ? 0 : 1);
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2701 in parse_upto()
2695 }
2696 if (n < 0)
2697 {
2698 /* invalid argument */
2699 *invalid_reason =
2700 xasprintf (_("In the directive number %u, the argument %d is negative."), spec->directives, n);
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2701 return false;
2702 }
2703 if (atsign_p)
2704 {
2705 /* Absolute goto. */
2706 position = n;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 2793 in parse_upto()
2787
2788 case ')': /* 22.3.8.2 FORMAT-CASE-CONVERSION-END */
2789 if (terminator != ')')
2790 {
2791 *invalid_reason =
2792 xasprintf (_("Found '~%c' without matching '~%c'."), ')', '(');
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
2793 return false;
2794 }
2795 if (!check_params (&list, paramcount, params, 0, NULL,
2796 spec->directives, invalid_reason))
2797 return false;
2798 *formatp = format;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3026 in parse_upto()
3020
3021 case ']': /* 22.3.7.3 FORMAT-CONDITIONAL-END */
3022 if (terminator != ']')
3023 {
3024 *invalid_reason =
3025 xasprintf (_("Found '~%c' without matching '~%c'."), ']', '[');
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3026 return false;
3027 }
3028 if (!check_params (&list, paramcount, params, 0, NULL,
3029 spec->directives, invalid_reason))
3030 return false;
3031 *formatp = format;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3040 in parse_upto()
3034 *escapep = escape;
3035 return true;
3036
3037 case '{': /* 22.3.7.4 FORMAT-ITERATION */
3038 if (!check_params (&list, paramcount, params, 1, I,
3039 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3040 return false;
3041 *formatp = format;
3042 {
3043 int sub_position = 0;
3044 struct format_arg_list *sub_list = make_unconstrained_list ();
3045 struct format_arg_list *sub_escape = NULL;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3052 in parse_upto()
3046 struct spec sub_spec;
3047 sub_spec.directives = 0;
3048 sub_spec.list = sub_list;
3049 if (!parse_upto (formatp, &sub_position, &sub_list, &sub_escape,
3050 NULL, &sub_spec, '}', false,
3051 invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3052 return false;
3053 spec->directives += sub_spec.directives;
3054
3055 /* If the sub-formatstring is empty, except for the terminating
3056 ~} directive, a formatstring argument is consumed. */
3057 if (*format == '~' && sub_spec.directives == 1)
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3132 in parse_upto()
3126
3127 case '}': /* 22.3.7.5 FORMAT-ITERATION-END */
3128 if (terminator != '}')
3129 {
3130 *invalid_reason =
3131 xasprintf (_("Found '~%c' without matching '~%c'."), '}', '{');
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3132 return false;
3133 }
3134 if (!check_params (&list, paramcount, params, 0, NULL,
3135 spec->directives, invalid_reason))
3136 return false;
3137 *formatp = format;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3146 in parse_upto()
3140 *escapep = escape;
3141 return true;
3142
3143 case '<': /* 22.3.6.2, 22.3.5.2 FORMAT-JUSTIFICATION */
3144 if (!check_params (&list, paramcount, params, 4, IIIC,
3145 spec->directives, invalid_reason))
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3146 return false;
3147 {
3148 struct format_arg_list *sub_escape = NULL;
3149
3150 *formatp = format;
3151 *positionp = position;
/gnu/dist/gettext/gettext-tools/src/format-lisp.c: 3181 in parse_upto()
3175
3176 case '>': /* 22.3.6.3 FORMAT-JUSTIFICATION-END */
3177 if (terminator != '>')
3178 {
3179 *invalid_reason =
3180 xasprintf (_("Found '~%c' without matching '~%c'."), '>', '<');
>>> CID 271717: (RESOURCE_LEAK)
>>> Variable "list" going out of scope leaks the storage it points to.
3181 return false;
3182 }
3183 if (!check_params (&list, paramcount, params, 0, NULL,
3184 spec->directives, invalid_reason))
3185 return false;
3186 *formatp = format;
** CID 273730: Null pointer dereferences (FORWARD_NULL)
/external/gpl2/xcvs/dist/src/diff.c: 542 in diff_fileproc()
________________________________________________________________________________________________________
*** CID 273730: Null pointer dereferences (FORWARD_NULL)
/external/gpl2/xcvs/dist/src/diff.c: 542 in diff_fileproc()
536 }
537 }
538 }
539 #endif
540
541 }
>>> CID 273730: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "vers->vn_user" to null implies that "vers->vn_user" might be null.
542 else if (vers->vn_user == NULL)
543 {
544 /* The file does not exist in the working directory. */
545 if ((diff_rev1 || diff_date1)
546 && vers->srcfile != NULL)
547 {
** CID 274452: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssl/dist/engines/e_chil.c: 1297 in hwcrhk_insert_card()
________________________________________________________________________________________________________
*** CID 274452: Uninitialized variables (UNINIT)
/crypto/external/bsd/openssl/dist/engines/e_chil.c: 1297 in hwcrhk_insert_card()
1291 UI_add_user_data(ui, callback_data);
1292
1293 if (ok >= 0)
1294 ok = UI_process(ui);
1295 UI_free(ui);
1296
>>> CID 274452: Uninitialized variables (UNINIT)
>>> Using uninitialized value "answer".
1297 if (ok == -2 || (ok >= 0 && answer == 'C'))
1298 ok = 1;
1299 else if (ok < 0)
1300 ok = -1;
1301 else
1302 ok = 0;
** CID 274948: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/lib/krb5/digest.c: 305 in digest_request()
/crypto/external/bsd/heimdal/dist/lib/krb5/digest.c: 362 in digest_request()
________________________________________________________________________________________________________
*** CID 274948: (RESOURCE_LEAK)
/crypto/external/bsd/heimdal/dist/lib/krb5/digest.c: 305 in digest_request()
299
300 {
301 krb5_keyblock *key;
302
303 ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
304 if (ret)
>>> CID 274948: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
305 goto out;
306 if (key == NULL) {
307 ret = EINVAL;
308 krb5_set_error_message(context, ret,
309 N_("Digest failed to get local subkey", ""));
310 goto out;
/crypto/external/bsd/heimdal/dist/lib/krb5/digest.c: 362 in digest_request()
356 }
357 {
358 krb5_keyblock *key;
359
360 ret = krb5_auth_con_getremotesubkey(context, ac, &key);
361 if (ret)
>>> CID 274948: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
362 goto out;
363 if (key == NULL) {
364 ret = EINVAL;
365 krb5_set_error_message(context, ret,
366 N_("Digest reply have no remote subkey", ""));
367 goto out;
** CID 275078: (FORWARD_NULL)
/external/bsd/bind/dist/lib/dns/zone.c: 14287 in zone_xfrdone()
/external/bsd/bind/dist/lib/dns/zone.c: 14291 in zone_xfrdone()
________________________________________________________________________________________________________
*** CID 275078: (FORWARD_NULL)
/external/bsd/bind/dist/lib/dns/zone.c: 14287 in zone_xfrdone()
14281
14282 /*
14283 * This is not necessary if we just performed a AXFR
14284 * however it is necessary for an IXFR / UPTODATE and
14285 * won't hurt with an AXFR.
14286 */
>>> CID 275078: (FORWARD_NULL)
>>> Comparing "zone->journal" to null implies that "zone->journal" might be null.
14287 if (zone->masterfile != NULL || zone->journal != NULL) {
14288 unsigned int delay = DNS_DUMP_DELAY;
14289
14290 result = ISC_R_FAILURE;
14291 if (zone->journal != NULL)
14292 result = isc_file_settime(zone->journal, &now);
/external/bsd/bind/dist/lib/dns/zone.c: 14291 in zone_xfrdone()
14285 * won't hurt with an AXFR.
14286 */
14287 if (zone->masterfile != NULL || zone->journal != NULL) {
14288 unsigned int delay = DNS_DUMP_DELAY;
14289
14290 result = ISC_R_FAILURE;
>>> CID 275078: (FORWARD_NULL)
>>> Comparing "zone->journal" to null implies that "zone->journal" might be null.
14291 if (zone->journal != NULL)
14292 result = isc_file_settime(zone->journal, &now);
14293 if (result != ISC_R_SUCCESS &&
14294 zone->masterfile != NULL)
14295 result = isc_file_settime(zone->masterfile,
14296 &now);
** CID 401659: Memory - corruptions (USE_AFTER_FREE)
/home/phil/cov/xsrc/external/mit/glu/dist/src/libtess/sweep.c: 753 in CheckForIntersect()
________________________________________________________________________________________________________
*** CID 401659: Memory - corruptions (USE_AFTER_FREE)
/home/phil/cov/xsrc/external/mit/glu/dist/src/libtess/sweep.c: 753 in CheckForIntersect()
747 * the mesh (ie. eUp->Lface) to be smaller than the faces in the
748 * unprocessed original contours (which will be eLo->Oprev->Lface).
749 */
750 if (__gl_meshSplitEdge( eUp->Sym ) == NULL) longjmp(tess->env,1);
751 if (__gl_meshSplitEdge( eLo->Sym ) == NULL) longjmp(tess->env,1);
752 if ( !__gl_meshSplice( eLo->Oprev, eUp ) ) longjmp(tess->env,1);
>>> CID 401659: Memory - corruptions (USE_AFTER_FREE)
>>> Dereferencing freed pointer "eUp->Org".
753 eUp->Org->s = isect.s;
754 eUp->Org->t = isect.t;
755 eUp->Org->pqHandle = pqInsert( tess->pq, eUp->Org ); /* __gl_pqSortInsert */
756 if (eUp->Org->pqHandle == LONG_MAX) {
757 pqDeletePriorityQ(tess->pq); /* __gl_pqSortDeletePriorityQ */
758 tess->pq = NULL;
** CID 401660: Memory - corruptions (USE_AFTER_FREE)
/home/phil/cov/xsrc/external/mit/glu/dist/src/libtess/sweep.c: 595 in CheckForLeftSplice()
________________________________________________________________________________________________________
*** CID 401660: Memory - corruptions (USE_AFTER_FREE)
/home/phil/cov/xsrc/external/mit/glu/dist/src/libtess/sweep.c: 595 in CheckForLeftSplice()
589 if (RegionAbove(regUp))
590 RegionAbove(regUp)->dirty = TRUE;
591 regUp->dirty = TRUE;
592 e = __gl_meshSplitEdge( eUp );
593 if (e == NULL) longjmp(tess->env,1);
594 if ( !__gl_meshSplice( eLo->Sym, e ) ) longjmp(tess->env,1);
>>> CID 401660: Memory - corruptions (USE_AFTER_FREE)
>>> Dereferencing freed pointer "e->Lface".
595 e->Lface->inside = regUp->inside;
596 } else {
597 if( EdgeSign( eLo->Dst, eUp->Dst, eLo->Org ) > 0 ) return FALSE;
598
599 /* eUp->Dst is below eLo, so splice eUp->Dst into eLo */
600 regUp->dirty = regLo->dirty = TRUE;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1449?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782 .
Home |
Main Index |
Thread Index |
Old Index