Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
46 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
165 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 46 defect(s)
** CID 979064: (TAINTED_SCALAR)
/sys/kern/uipc_syscalls.c: 521 in sys_sendmsg()
/sys/kern/uipc_syscalls.c: 521 in sys_sendmsg()
________________________________________________________________________________________________________
*** CID 979064: (TAINTED_SCALAR)
/sys/kern/uipc_syscalls.c: 521 in sys_sendmsg()
515 syscallarg(const struct msghdr *) msg;
516 syscallarg(int) flags;
517 } */
518 struct msghdr msg;
519 int error;
520
>>> CID 979064: (TAINTED_SCALAR)
>>> Calling function "copyin" taints argument "msg". [Note: The source code implementation of the function has been overridden by a builtin model.]
521 error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
522 if (error)
523 return (error);
524
525 msg.msg_flags = MSG_IOVUSRSPACE;
526 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), retval);
/sys/kern/uipc_syscalls.c: 521 in sys_sendmsg()
515 syscallarg(const struct msghdr *) msg;
516 syscallarg(int) flags;
517 } */
518 struct msghdr msg;
519 int error;
520
>>> CID 979064: (TAINTED_SCALAR)
>>> Calling function "copyin" taints argument "msg". [Note: The source code implementation of the function has been overridden by a builtin model.]
521 error = copyin(SCARG(uap, msg), &msg, sizeof(msg));
522 if (error)
523 return (error);
524
525 msg.msg_flags = MSG_IOVUSRSPACE;
526 return do_sys_sendmsg(l, SCARG(uap, s), &msg, SCARG(uap, flags), retval);
** CID 1203213: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-intel/dist/src/sna/sna_display.c: 2961 in sna_output_attach_edid()
________________________________________________________________________________________________________
*** CID 1203213: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-intel/dist/src/sna/sna_display.c: 2961 in sna_output_attach_edid()
2955
2956 if (old &&
2957 blob.length == sna_output->edid_len &&
2958 memcmp(old, raw, blob.length) == 0) {
2959 assert(sna_output->edid_raw == raw);
2960 sna_output->edid_blob_id = blob.blob_id;
>>> CID 1203213: Error handling issues (CHECKED_RETURN)
>>> Calling "RRChangeOutputProperty" without checking return value (as is done elsewhere 13 out of 14 times).
2961 RRChangeOutputProperty(output->randr_output,
2962 MakeAtom("EDID", strlen("EDID"), TRUE),
2963 XA_INTEGER, 8, PropModeReplace,
2964 sna_output->edid_len,
2965 sna_output->edid_raw,
2966 FALSE, FALSE);
** CID 1203217: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-nv/dist/src/g80_driver.c: 471 in AcquireDisplay()
________________________________________________________________________________________________________
*** CID 1203217: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-nv/dist/src/g80_driver.c: 471 in AcquireDisplay()
465 AcquireDisplay(ScrnInfoPtr pScrn)
466 {
467 if(!G80DispInit(pScrn))
468 return FALSE;
469 if(!G80CursorAcquire(pScrn))
470 return FALSE;
>>> CID 1203217: Error handling issues (CHECKED_RETURN)
>>> Calling "xf86SetDesiredModes" without checking return value (as is done elsewhere 11 out of 13 times).
471 xf86SetDesiredModes(pScrn);
472
473 return TRUE;
474 }
475
476 /*
** CID 1296206: (PW.BAD_PRINTF_FORMAT_STRING)
/external/bsd/ntp/dist/ntpd/ntp_io.c: 2517 in ()
/external/bsd/ntp/dist/ntpd/ntp_io.c: 2547 in ()
________________________________________________________________________________________________________
*** CID 1296206: (PW.BAD_PRINTF_FORMAT_STRING)
/external/bsd/ntp/dist/ntpd/ntp_io.c: 2517 in ()
2511 mreq.imr_interface.s_addr = htonl(INADDR_ANY);
2512 if (setsockopt(iface->fd,
2513 IPPROTO_IP,
2514 IP_ADD_MEMBERSHIP,
2515 (char *)&mreq,
2516 sizeof(mreq))) {
>>> CID 1296206: (PW.BAD_PRINTF_FORMAT_STRING)
>>> invalid format string conversion
2517 DPRINTF(2, (
2518 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2519 iface->fd, stoa(&iface->sin),
2520 mreq.imr_multiaddr.s_addr,
2521 mreq.imr_interface.s_addr,
2522 stoa(maddr)));
/external/bsd/ntp/dist/ntpd/ntp_io.c: 2547 in ()
2541 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2542 mreq6.ipv6mr_interface = iface->ifindex;
2543
2544 if (setsockopt(iface->fd, IPPROTO_IPV6,
2545 IPV6_JOIN_GROUP, (char *)&mreq6,
2546 sizeof(mreq6))) {
>>> CID 1296206: (PW.BAD_PRINTF_FORMAT_STRING)
>>> invalid format string conversion
2547 DPRINTF(2, (
2548 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
2549 iface->fd, stoa(&iface->sin),
2550 mreq6.ipv6mr_interface, stoa(maddr)));
2551 return ISC_FALSE;
2552 }
** CID 1306209: (RESOURCE_LEAK)
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1709 in doprintpeers()
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1717 in doprintpeers()
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1727 in doprintpeers()
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1713 in doprintpeers()
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1719 in doprintpeers()
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1678 in doprintpeers()
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1868 in doprintpeers()
________________________________________________________________________________________________________
*** CID 1306209: (RESOURCE_LEAK)
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1709 in doprintpeers()
1703 have_da_rid = FALSE;
1704 }
1705 } else if (pvl == apeervarlist) {
1706 have_da_rid = TRUE;
1707 drlen = strlen(value);
1708 if (0 == drlen) {
>>> CID 1306209: (RESOURCE_LEAK)
>>> Overwriting "dstadr_refid" in "dstadr_refid = """ leaks the storage that "dstadr_refid" points to.
1709 dstadr_refid = "";
1710 } else if (drlen <= 4) {
1711 ZERO(u32);
1712 memcpy(&u32, value, drlen);
1713 dstadr_refid = refid_str(u32, 1);
1714 //fprintf(stderr, "apeervarlist S1 refid: value=<%s>\n", value);
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1717 in doprintpeers()
1711 ZERO(u32);
1712 memcpy(&u32, value, drlen);
1713 dstadr_refid = refid_str(u32, 1);
1714 //fprintf(stderr, "apeervarlist S1 refid: value=<%s>\n", value);
1715 } else if (decodenetnum(value, &refidadr)) {
1716 if (SOCK_UNSPEC(&refidadr))
>>> CID 1306209: (RESOURCE_LEAK)
>>> Overwriting "dstadr_refid" in "dstadr_refid = "0.0.0.0"" leaks the storage that "dstadr_refid" points to.
1717 dstadr_refid = "0.0.0.0";
1718 else if (ISREFCLOCKADR(&refidadr))
1719 dstadr_refid =
1720 refnumtoa(&refidadr);
1721 else {
1722 char *buf = emalloc(10);
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1727 in doprintpeers()
1721 else {
1722 char *buf = emalloc(10);
1723 int i = ntohl(refidadr.sa4.sin_addr.s_addr);
1724
1725 snprintf(buf, 10,
1726 "%0x", i);
>>> CID 1306209: (RESOURCE_LEAK)
>>> Overwriting "dstadr_refid" in "dstadr_refid = buf" leaks the storage that "dstadr_refid" points to.
1727 dstadr_refid = buf;
1728 //fprintf(stderr, "apeervarlist refid: value=<%x>\n", i);
1729 }
1730 //fprintf(stderr, "apeervarlist refid: value=<%s>\n", value);
1731 } else {
1732 have_da_rid = FALSE;
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1713 in doprintpeers()
1707 drlen = strlen(value);
1708 if (0 == drlen) {
1709 dstadr_refid = "";
1710 } else if (drlen <= 4) {
1711 ZERO(u32);
1712 memcpy(&u32, value, drlen);
>>> CID 1306209: (RESOURCE_LEAK)
>>> Overwriting "dstadr_refid" in "dstadr_refid = refid_str(u32, 1)" leaks the storage that "dstadr_refid" points to.
1713 dstadr_refid = refid_str(u32, 1);
1714 //fprintf(stderr, "apeervarlist S1 refid: value=<%s>\n", value);
1715 } else if (decodenetnum(value, &refidadr)) {
1716 if (SOCK_UNSPEC(&refidadr))
1717 dstadr_refid = "0.0.0.0";
1718 else if (ISREFCLOCKADR(&refidadr))
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1719 in doprintpeers()
1713 dstadr_refid = refid_str(u32, 1);
1714 //fprintf(stderr, "apeervarlist S1 refid: value=<%s>\n", value);
1715 } else if (decodenetnum(value, &refidadr)) {
1716 if (SOCK_UNSPEC(&refidadr))
1717 dstadr_refid = "0.0.0.0";
1718 else if (ISREFCLOCKADR(&refidadr))
>>> CID 1306209: (RESOURCE_LEAK)
>>> Overwriting "dstadr_refid" in "dstadr_refid = refnumtoa(&refidadr)" leaks the storage that "dstadr_refid" points to.
1719 dstadr_refid =
1720 refnumtoa(&refidadr);
1721 else {
1722 char *buf = emalloc(10);
1723 int i = ntohl(refidadr.sa4.sin_addr.s_addr);
1724
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1678 in doprintpeers()
1672 if (decodenetnum(value, &dum_store)) {
1673 type = decodeaddrtype(&dum_store);
1674 have_dstadr = TRUE;
1675 dstadr = dum_store;
1676 if (pvl == opeervarlist) {
1677 have_da_rid = TRUE;
>>> CID 1306209: (RESOURCE_LEAK)
>>> Overwriting "dstadr_refid" in "dstadr_refid = trunc_left(socktoa(&dstadr), 15UL)" leaks the storage that "dstadr_refid" points to.
1678 dstadr_refid = trunc_left(stoa(&dstadr), 15);
1679 }
1680 }
1681 } else if (!strcmp("hmode", name)) {
1682 decodeint(value, &hmode);
1683 } else if (!strcmp("refid", name)) {
/external/bsd/ntp/dist/ntpq/ntpq-subs.c: 1868 in doprintpeers()
1862 (have_jitter)
1863 ? lfptoms(&estjitter, 3)
1864 : lfptoms(&estdisp, 3));
1865 return (1);
1866 }
1867 else
>>> CID 1306209: (RESOURCE_LEAK)
>>> Variable "dstadr_refid" going out of scope leaks the storage it points to.
1868 return(1);
1869 }
1870
1871
1872 /*
1873 * dogetpeers - given an association ID, read and print the spreadsheet
** CID 1311701: Memory - illegal accesses (OVERRUN)
/home/phil/cov/xsrc/external/mit/xterm/dist/input.c: 1221 in Input()
________________________________________________________________________________________________________
*** CID 1311701: Memory - illegal accesses (OVERRUN)
/home/phil/cov/xsrc/external/mit/xterm/dist/input.c: 1221 in Input()
1215 if (keyboard->flags & MODE_DECCKM) {
1216 reply.a_type = ANSI_SS3;
1217 } else {
1218 reply.a_type = ANSI_CSI;
1219 }
1220 modifyCursorKey(&reply, keyboard->modify_now.cursor_keys, &modify_parm);
>>> CID 1311701: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "curfinal" of 10 bytes at byte offset 15 using index "kd.keysym - 65360UL" (which evaluates to 15).
1221 reply.a_final = (Char) (curfinal[kd.keysym - XK_Home]);
1222 VT52_CURSOR_KEYS;
1223 MODIFIER_PARM;
1224 unparseseq(xw, &reply);
1225 key = True;
1226 } else if (kd.nbytes > 0) {
** CID 1311702: Memory - illegal accesses (OVERRUN)
/home/phil/cov/xsrc/external/mit/xterm/dist/input.c: 1698 in sunfuncvalue()
________________________________________________________________________________________________________
*** CID 1311702: Memory - illegal accesses (OVERRUN)
/home/phil/cov/xsrc/external/mit/xterm/dist/input.c: 1698 in sunfuncvalue()
1692 reply->a_type = ANSI_CSI;
1693 reply->a_nparam = 1;
1694 reply->a_param[0] = result;
1695 reply->a_final = 'z';
1696 } else if (IsCursorKey(kd->keysym)) {
1697 reply->a_type = ANSI_SS3;
>>> CID 1311702: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "curfinal" of 10 bytes at byte offset 15 using index "kd->keysym - 65360UL" (which evaluates to 15).
1698 reply->a_final = (Char) curfinal[kd->keysym - XK_Home];
1699 }
1700 #else
1701 (void) reply;
1702 (void) kd;
1703 #endif /* OPT_SUN_FUNC_KEYS */
** CID 1314703: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-intel-old/dist/src/i830_driver.c: 3180 in I830PMEvent()
________________________________________________________________________________________________________
*** CID 1314703: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xf86-video-intel-old/dist/src/i830_driver.c: 3180 in I830PMEvent()
3174 /* This is currently used for ACPI */
3175 case XF86_APM_CAPABILITY_CHANGED:
3176 ErrorF("I830PMEvent: Capability change\n");
3177
3178 SaveScreens(SCREEN_SAVER_FORCER, ScreenSaverReset);
3179 if (pI830->quirk_flag & QUIRK_RESET_MODES)
>>> CID 1314703: Error handling issues (CHECKED_RETURN)
>>> Calling "xf86SetDesiredModes" without checking return value (as is done elsewhere 11 out of 13 times).
3180 xf86SetDesiredModes(pScrn);
3181
3182 break;
3183 default:
3184 ErrorF("I830PMEvent: received APM event %d\n", event);
3185 }
** CID 1314704: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/libXt/dist/src/Selection.c: 2196 in XtGetSelectionParameters()
________________________________________________________________________________________________________
*** CID 1314704: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/libXt/dist/src/Selection.c: 2196 in XtGetSelectionParameters()
2190
2191 req = GetRequestRecord(owner, selection, request_id);
2192
2193 if (req && req->property) {
2194 unsigned long bytes_after; /* unused */
2195 StartProtectedSection(dpy, req->requestor);
>>> CID 1314704: Error handling issues (CHECKED_RETURN)
>>> Calling "XGetWindowProperty" without checking return value (as is done elsewhere 39 out of 46 times).
2196 XGetWindowProperty(dpy, req->requestor, req->property, 0L, 10000000,
2197 False, AnyPropertyType, type_return, format_return,
2198 length_return, &bytes_after,
2199 (unsigned char**) value_return);
2200 EndProtectedSection(dpy);
2201 #ifdef XT_COPY_SELECTION
** CID 1314705: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xditview/dist/Dvi.c: 449 in OpenFile()
________________________________________________________________________________________________________
*** CID 1314705: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xditview/dist/Dvi.c: 449 in OpenFile()
443 if (fd != -1) {
444 dw->dvi.tmpFile = fdopen(fd, "w+");
445 if (dw->dvi.tmpFile == NULL)
446 close(fd);
447 }
448 #endif
>>> CID 1314705: Error handling issues (CHECKED_RETURN)
>>> Calling "remove(tmpName)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
449 remove (tmpName);
450 }
451 if (dw->dvi.requested_page < 1)
452 dw->dvi.requested_page = 1;
453 dw->dvi.last_page = 0;
454 }
** CID 1314706: (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xprop/dist/clientwin.c: 42 in Window_Has_Property()
/home/phil/cov/xsrc/external/mit/xwd/dist/clientwin.c: 42 in Window_Has_Property()
________________________________________________________________________________________________________
*** CID 1314706: (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xprop/dist/clientwin.c: 42 in Window_Has_Property()
36 int format_ret;
37 unsigned char *prop_ret;
38 unsigned long bytes_after, num_ret;
39
40 type_ret = None;
41 prop_ret = NULL;
>>> CID 1314706: (CHECKED_RETURN)
>>> Calling "XGetWindowProperty" without checking return value (as is done elsewhere 39 out of 46 times).
42 XGetWindowProperty(dpy, win, atom, 0, 0, False, AnyPropertyType,
43 &type_ret, &format_ret, &num_ret,
44 &bytes_after, &prop_ret);
45 if (prop_ret)
46 XFree(prop_ret);
47
/home/phil/cov/xsrc/external/mit/xwd/dist/clientwin.c: 42 in Window_Has_Property()
36 int format_ret;
37 unsigned char *prop_ret;
38 unsigned long bytes_after, num_ret;
39
40 type_ret = None;
41 prop_ret = NULL;
>>> CID 1314706: (CHECKED_RETURN)
>>> Calling "XGetWindowProperty" without checking return value (as is done elsewhere 39 out of 46 times).
42 XGetWindowProperty(dpy, win, atom, 0, 0, False, AnyPropertyType,
43 &type_ret, &format_ret, &num_ret,
44 &bytes_after, &prop_ret);
45 if (prop_ret)
46 XFree(prop_ret);
47
** CID 1314707: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/x11perf/dist/do_simple.c: 100 in DoGetProperty()
________________________________________________________________________________________________________
*** CID 1314707: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/x11perf/dist/do_simple.c: 100 in DoGetProperty()
94 unsigned long actual_length, bytes_remaining;
95 unsigned char *prop;
96
97 Atom actual_type;
98
99 for (i = 0; i != reps; i++) {
>>> CID 1314707: Error handling issues (CHECKED_RETURN)
>>> Calling "XGetWindowProperty" without checking return value (as is done elsewhere 39 out of 46 times).
100 XGetWindowProperty (
101 xp->d, xp->w, XA_PK_TEMP, 0, 4,
102 False, AnyPropertyType, &actual_type, &actual_format,
103 &actual_length, &bytes_remaining, &prop);
104 CheckAbort ();
105 XFree(prop);
106 }
** CID 1314708: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-ast/dist/src/ast_mode.c: 1204 in vInitChrontelReg()
________________________________________________________________________________________________________
*** CID 1314708: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/xf86-video-ast/dist/src/ast_mode.c: 1204 in vInitChrontelReg()
1198 if (jReg & 0x20) /* DVI */
1199 {
1200
1201 /* DVI PLL Filter */
1202 if (ulDCLK > 65)
1203 {
>>> CID 1314708: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "SetChrontelReg(pAST, 1, 51,...".
1204 SetChrontelReg(pAST, 1, 0x33, 0x06);
1205 SetChrontelReg(pAST, 1, 0x34, 0x26);
1206 SetChrontelReg(pAST, 1, 0x36, 0xA0);
1207 }
1208 else
1209 {
** CID 1314709: Null pointer dereferences (FORWARD_NULL)
/external/bsd/dhcpcd/dist/ipv4.c: 706 in ipv4_buildroutes()
________________________________________________________________________________________________________
*** CID 1314709: Null pointer dereferences (FORWARD_NULL)
/external/bsd/dhcpcd/dist/ipv4.c: 706 in ipv4_buildroutes()
700 continue;
701 TAILQ_FOREACH_SAFE(rt, dnr, next, rtn) {
702 rt->iface = ifp;
703 #ifdef HAVE_ROUTE_METRIC
704 rt->metric = ifp->metric;
705 #endif
>>> CID 1314709: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "state".
706 rt->flags = state->added & STATE_FAKE;
707 /* Is this route already in our table? */
708 if ((find_route(nrs, rt, NULL)) != NULL)
709 continue;
710 /* Do we already manage it? */
711 if ((or = find_route(ctx->ipv4_routes, rt, NULL))) {
** CID 1314710: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 634 in af_glyph_hints_reload()
________________________________________________________________________________________________________
*** CID 1314710: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 634 in af_glyph_hints_reload()
628 hints->max_contours = AF_CONTOURS_EMBEDDED;
629 }
630 }
631 else if ( new_max > old_max )
632 {
633 if ( hints->contours == hints->embedded.contours )
>>> CID 1314710: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "hints->contours" = "NULL".
634 hints->contours = NULL;
635
636 new_max = ( new_max + 3 ) & ~3U; /* round up to a multiple of 4 */
637
638 if ( FT_RENEW_ARRAY( hints->contours, old_max, new_max ) )
639 goto Exit;
** CID 1314711: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 762 in af_glyph_hints_reload()
________________________________________________________________________________________________________
*** CID 1314711: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 762 in af_glyph_hints_reload()
756 short* end = outline->contours;
757 short idx = 0;
758
759
760 for ( ; contour < contour_limit; contour++, end++ )
761 {
>>> CID 1314711: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "contour".
762 contour[0] = points + idx;
763 idx = (short)( end[0] + 1 );
764 }
765 }
766
767 {
** CID 1314712: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 663 in af_glyph_hints_reload()
________________________________________________________________________________________________________
*** CID 1314712: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 663 in af_glyph_hints_reload()
657 hints->max_points = AF_POINTS_EMBEDDED;
658 }
659 }
660 else if ( new_max > old_max )
661 {
662 if ( hints->points == hints->embedded.points )
>>> CID 1314712: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "hints->points" = "NULL".
663 hints->points = NULL;
664
665 new_max = ( new_max + 2 + 7 ) & ~7U; /* round up to a multiple of 8 */
666
667 if ( FT_RENEW_ARRAY( hints->points, old_max, new_max ) )
668 goto Exit;
** CID 1314713: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 717 in af_glyph_hints_reload()
________________________________________________________________________________________________________
*** CID 1314713: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/autofit/afhints.c: 717 in af_glyph_hints_reload()
711 AF_Point prev = end;
712 FT_Int contour_index = 0;
713
714
715 for ( point = points; point < point_limit; point++, vec++, tag++ )
716 {
>>> CID 1314713: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "point".
717 point->in_dir = (FT_Char)AF_DIR_NONE;
718 point->out_dir = (FT_Char)AF_DIR_NONE;
719
720 point->fx = (FT_Short)vec->x;
721 point->fy = (FT_Short)vec->y;
722 point->ox = point->x = FT_MulFix( vec->x, x_scale ) + x_delta;
** CID 1314714: Control flow issues (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-ast/dist/src/ast_vgatool.c: 3033 in vInit3rdTX()
________________________________________________________________________________________________________
*** CID 1314714: Control flow issues (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-ast/dist/src/ast_vgatool.c: 3033 in vInit3rdTX()
3027 {
3028 case 0x04: /* Sil164 */
3029 InitDVO(pScrn);
3030 break;
3031 case 0x08: /* DP501 with VBIOS launch FW */
3032 LaunchM68K(pScrn);
>>> CID 1314714: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
3033 case 0x0C: /* DP501 with BMC launch FW */
3034 InitDVO(pScrn);
3035 break;
3036 default: /* Force to VGA */
3037 if (pAST->jTxChipType == Tx_Sil164)
3038 InitDVO(pScrn);
** CID 1314715: Control flow issues (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c: 1579 in R128LoadPalette()
________________________________________________________________________________________________________
*** CID 1314715: Control flow issues (MISSING_BREAK)
/home/phil/cov/xsrc/external/mit/xf86-video-r128/dist/src/r128_driver.c: 1579 in R128LoadPalette()
1573 for (j = 0; j < 8; j++) {
1574 lut_r[index * 8 + j] = colors[index].red << 8;
1575 lut_g[index * 8 + j] = colors[index].green << 8;
1576 lut_b[index * 8 + j] = colors[index].blue << 8;
1577 }
1578 }
>>> CID 1314715: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
1579 case 16:
1580 for (i = 0; i < numColors; i++) {
1581 index = indices[i];
1582
1583 /* XXX: The old version of R128LoadPalette did not do this and
1584 * the old version of RADEONLoadPalette has a comment asking why.
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1449?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index