New Defects reported by Coverity Scan for NetBSD-i386-kernel

To: coverity-updates%netbsd.org@localhost
Subject: New Defects reported by Coverity Scan for NetBSD-i386-kernel
From: scan-admin%coverity.com@localhost
Date: Mon, 17 Aug 2015 17:40:39 -0700
Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.

9 new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 1316545:  Control flow issues  (DEADCODE)
/sys/ufs/lfs/lfs_alloc.c: 312 in lfs_valloc_fixed()


________________________________________________________________________________________________________
*** CID 1316545:  Control flow issues  (DEADCODE)
/sys/ufs/lfs/lfs_alloc.c: 312 in lfs_valloc_fixed()
306     			brelse(bp, 0);
307     		}
308     		if (nextfree == LFS_UNUSED_INUM) {
309     			brelse(bp, 0);
310     			return ENOENT;
311     		}
>>>     CID 1316545:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "lfs_if_setnextfree(fs, ifp,...".
312     		lfs_if_setnextfree(fs, ifp, oldnext);
313     		LFS_BWRITE_LOG(bp);
314     	}
315     
316     	return 0;
317     }

** CID 1316544:  Incorrect expression  (ASSERT_SIDE_EFFECT)
/sys/netinet/if_arp.c: 582 in arp_rtrequest()


________________________________________________________________________________________________________
*** CID 1316544:  Incorrect expression  (ASSERT_SIDE_EFFECT)
/sys/netinet/if_arp.c: 582 in arp_rtrequest()
576     		{
577     			/*
578     			 * Give this route an expiration time, even though
579     			 * it's a "permanent" route, so that routes cloned
580     			 * from it do not need their expiration time set.
581     			 */
>>>     CID 1316544:  Incorrect expression  (ASSERT_SIDE_EFFECT)
>>>     Argument "time_uptime" of KASSERT() has a side effect because the variable is volatile.  The containing function might work differently in a non-debug build.
582     			KASSERT(time_uptime != 0);
583     			rt->rt_expire = time_uptime;
584     			/*
585     			 * linklayers with particular link MTU limitation.
586     			 */
587     			switch (ifp->if_type) {

** CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 314 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 320 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 333 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 360 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 400 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 416 in lfs_truncate()
/sys/ufs/lfs/lfs_inode.c: 602 in lfs_truncate()


________________________________________________________________________________________________________
*** CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_inode.c: 314 in lfs_truncate()
308     			oip->i_flag |= IN_CHANGE | IN_UPDATE;
309     			KASSERT(ovp->v_size == oip->i_size);
310     			oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
311     			return (lfs_update(ovp, NULL, NULL, 0));
312     		} else {
313     			error = lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
314     			    lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
315     			if (error)
316     				return (error);
317     			error = lfs_balloc(ovp, length - 1, 1, cred,
318     					   aflags, &bp);
319     			lfs_reserve(fs, ovp, NULL,
/sys/ufs/lfs/lfs_inode.c: 320 in lfs_truncate()
314     			    lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
315     			if (error)
316     				return (error);
317     			error = lfs_balloc(ovp, length - 1, 1, cred,
318     					   aflags, &bp);
319     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "5 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
320     			    -lfs_btofsb(fs, (ULFS_NIADDR + 2) << lfs_sb_getbshift(fs)));
321     			if (error)
322     				return (error);
323     			oip->i_ffs1_size = oip->i_size = length;
324     			uvm_vnp_setsize(ovp, length);
325     			(void) VOP_BWRITE(bp->b_vp, bp);
/sys/ufs/lfs/lfs_inode.c: 333 in lfs_truncate()
327     			oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
328     			return (lfs_update(ovp, NULL, NULL, 0));
329     		}
330     	}
331     
332     	if ((error = lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
333     	    lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)))) != 0)
334     		return (error);
335     
336     	/*
337     	 * Shorten the size of the file. If the file is not being
338     	 * truncated to a block boundary, the contents of the
/sys/ufs/lfs/lfs_inode.c: 360 in lfs_truncate()
354     		aflags = B_CLRBUF;
355     		if (ioflag & IO_SYNC)
356     			aflags |= B_SYNC;
357     		error = lfs_balloc(ovp, length - 1, 1, cred, aflags, &bp);
358     		if (error) {
359     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
360     			    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
361     			goto errout;
362     		}
363     		obufsize = bp->b_bufsize;
364     		odb = lfs_btofsb(fs, bp->b_bcount);
365     		oip->i_size = oip->i_ffs1_size = length;
/sys/ufs/lfs/lfs_inode.c: 400 in lfs_truncate()
394     		voff_t eoz;
395     
396     		aflags = ioflag & IO_SYNC ? B_SYNC : 0;
397     		error = ulfs_balloc_range(ovp, length - 1, 1, cred, aflags);
398     		if (error) {
399     			lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
400     				    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
401     			goto errout;
402     		}
403     		xlbn = lfs_lblkno(fs, length);
404     		size = lfs_blksize(fs, oip, xlbn);
405     		eoz = MIN(lfs_lblktosize(fs, xlbn) + size, osize);
/sys/ufs/lfs/lfs_inode.c: 416 in lfs_truncate()
410     			error = VOP_PUTPAGES(ovp, round_page(length),
411     			    round_page(eoz),
412     			    PGO_CLEANIT | PGO_DEACTIVATE |
413     			    ((ioflag & IO_SYNC) ? PGO_SYNCIO : 0));
414     			if (error) {
415     				lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
416     					    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
417     				goto errout;
418     			}
419     		}
420     	}
421     
/sys/ufs/lfs/lfs_inode.c: 602 in lfs_truncate()
596     
597     	oip->i_flag |= IN_CHANGE;
598     #if defined(LFS_QUOTA) || defined(LFS_QUOTA2)
599     	(void) lfs_chkdq(oip, -blocksreleased, NOCRED, 0);
600     #endif
601     	lfs_reserve(fs, ovp, NULL,
>>>     CID 1315725:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "9 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
602     	    -lfs_btofsb(fs, (2 * ULFS_NIADDR + 3) << lfs_sb_getbshift(fs)));
603     	genfs_node_unlock(ovp);
604       errout:
605     	oip->i_lfs_hiblk = lfs_lblkno(fs, oip->i_size + lfs_sb_getbsize(fs) - 1) - 1;
606     	if (ovp != fs->lfs_ivnode)
607     		lfs_segunlock(fs);

** CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()


________________________________________________________________________________________________________
*** CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 532 in lfs_do_deregister()
526     {
527     	ASSERT_MAYBE_SEGLOCK(fs);
528     
529     	mutex_enter(&lfs_lock);
530     	--ip->i_lfs_nbtree;
531     	SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
>>>     CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
532     	if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
533     		fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534     	fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535     	if (locked_fakequeue_count > 0)
536     		--locked_fakequeue_count;
537     	lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
/sys/ufs/lfs/lfs_balloc.c: 533 in lfs_do_deregister()
527     	ASSERT_MAYBE_SEGLOCK(fs);
528     
529     	mutex_enter(&lfs_lock);
530     	--ip->i_lfs_nbtree;
531     	SPLAY_REMOVE(lfs_splay, &ip->i_lfs_lbtree, lbp);
532     	if (fs->lfs_favail > lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs))))
>>>     CID 1315724:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
533     		fs->lfs_favail -= lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
534     	fs->lfs_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
535     	if (locked_fakequeue_count > 0)
536     		--locked_fakequeue_count;
537     	lfs_subsys_pages -= lfs_sb_getbsize(fs) >> PAGE_SHIFT;
538     	mutex_exit(&lfs_lock);

** CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()


________________________________________________________________________________________________________
*** CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/ulfs_readwrite.c: 526 in lfs_bufwr()
520     			flags |= B_CLRBUF;
521     		else
522     			flags &= ~B_CLRBUF;
523     
524     #ifdef LFS_READWRITE
525     		error = lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
526     		    lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
527     		if (error)
528     			break;
529     		need_unreserve = true;
530     #endif
531     		error = lfs_balloc(vp, uio->uio_offset, xfersize, cred, flags,
/sys/ufs/lfs/ulfs_readwrite.c: 560 in lfs_bufwr()
554     			brelse(bp, BC_INVAL);
555     			break;
556     		}
557     #ifdef LFS_READWRITE
558     		(void)VOP_BWRITE(bp->b_vp, bp);
559     		lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
560     		    -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
561     		need_unreserve = false;
562     #else
563     		if (ioflag & IO_SYNC)
564     			(void)bwrite(bp);
565     		else if (xfersize + blkoffset == fs->fs_bsize)
/sys/ufs/lfs/ulfs_readwrite.c: 576 in lfs_bufwr()
570     		if (error || xfersize == 0)
571     			break;
572     	}
573     #ifdef LFS_READWRITE
574     	if (need_unreserve) {
575     		lfs_reserve(fs, vp, NULL,
>>>     CID 1315723:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "4 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
576     		    -lfs_btofsb(fs, (ULFS_NIADDR + 1) << lfs_sb_getbshift(fs)));
577     	}
578     #endif
579     
580     	error = ulfs_post_write_update(vp, uio, ioflag, cred, osize, resid,
581     	    extended, error);

** CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2287 in lfs_writeseg()
/sys/ufs/lfs/lfs_segment.c: 2289 in lfs_writeseg()


________________________________________________________________________________________________________
*** CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_segment.c: 2287 in lfs_writeseg()
2281     	lfs_ss_setdatasum(fs, ssp, lfs_cksum_fold(sum));
2282     	sumstart = lfs_ss_getsumstart(fs);
2283     	lfs_ss_setsumsum(fs, ssp, cksum((char *)ssp + sumstart,
2284     	    lfs_sb_getsumsize(fs) - sumstart));
2285     
2286     	mutex_enter(&lfs_lock);
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2287     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2288     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2289     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2290     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2291     	mutex_exit(&lfs_lock);
2292     
/sys/ufs/lfs/lfs_segment.c: 2289 in lfs_writeseg()
2283     	lfs_ss_setsumsum(fs, ssp, cksum((char *)ssp + sumstart,
2284     	    lfs_sb_getsumsize(fs) - sumstart));
2285     
2286     	mutex_enter(&lfs_lock);
2287     	lfs_sb_subbfree(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2288     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
>>>     CID 1315722:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
2289     	lfs_sb_adddmeta(fs, (lfs_btofsb(fs, ninos * lfs_sb_getibsize(fs)) +
2290     			  lfs_btofsb(fs, lfs_sb_getsumsize(fs))));
2291     	mutex_exit(&lfs_lock);
2292     
2293     	/*
2294     	 * When we simply write the blocks we lose a rotation for every block

** CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 870 in lfs_do_segclean()
/sys/ufs/lfs/lfs_syscalls.c: 872 in lfs_do_segclean()


________________________________________________________________________________________________________
*** CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_syscalls.c: 870 in lfs_do_segclean()
864     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_SBPAD));
865     	if (lfs_sb_getversion(fs) > 1 && segnum == 0 &&
866     	    lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
867     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
868     	mutex_enter(&lfs_lock);
869     	lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>>     CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
870     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
871     	lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
872     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
873     	if (lfs_sb_getdmeta(fs) < 0)
874     		lfs_sb_setdmeta(fs, 0);
875     	mutex_exit(&lfs_lock);
/sys/ufs/lfs/lfs_syscalls.c: 872 in lfs_do_segclean()
866     	    lfs_sb_gets0addr(fs) < lfs_btofsb(fs, LFS_LABELPAD))
867     		lfs_sb_subavail(fs, lfs_btofsb(fs, LFS_LABELPAD) - lfs_sb_gets0addr(fs));
868     	mutex_enter(&lfs_lock);
869     	lfs_sb_addbfree(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
870     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
871     	lfs_sb_subdmeta(fs, sup->su_nsums * lfs_btofsb(fs, lfs_sb_getsumsize(fs)) +
>>>     CID 1315721:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "sup->su_ninos * lfs_sb_getibsize(fs)" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
872     		lfs_btofsb(fs, sup->su_ninos * lfs_sb_getibsize(fs)));
873     	if (lfs_sb_getdmeta(fs) < 0)
874     		lfs_sb_setdmeta(fs, 0);
875     	mutex_exit(&lfs_lock);
876     	sup->su_flags &= ~SEGUSE_DIRTY;
877     	LFS_WRITESEGENTRY(sup, fs, segnum, bp);

** CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()


________________________________________________________________________________________________________
*** CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
/sys/ufs/lfs/lfs_balloc.c: 504 in lfs_register_block()
498     
499     	fs = ip->i_lfs;
500     
501     	ASSERT_NO_SEGLOCK(fs);
502     
503     	/* If no space, wait for the cleaner */
>>>     CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
504     	lfs_availwait(fs, lfs_btofsb(fs, 1 << lfs_sb_getbshift(fs)));
505     
506     	lbp = (struct lbnentry *)pool_get(&lfs_lbnentry_pool, PR_WAITOK);
507     	lbp->lbn = lbn;
508     	mutex_enter(&lfs_lock);
509     	if (SPLAY_INSERT(lfs_splay, &ip->i_lfs_lbtree, lbp) != NULL) {
/sys/ufs/lfs/lfs_balloc.c: 517 in lfs_register_block()
511     		/* Already there */
512     		pool_put(&lfs_lbnentry_pool, lbp);
513     		return;
514     	}
515     
516     	++ip->i_lfs_nbtree;
>>>     CID 1315720:    (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << lfs_sb_getbshift(fs)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "__uint64_t" (64 bits, unsigned).
517     	fs->lfs_favail += lfs_btofsb(fs, (1 << lfs_sb_getbshift(fs)));
518     	fs->lfs_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
519     	++locked_fakequeue_count;
520     	lfs_subsys_pages += lfs_sb_getbsize(fs) >> PAGE_SHIFT;
521     	mutex_exit(&lfs_lock);
522     }

** CID 1305544:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixgbe.c: 2670 in ixgbe_allocate_msix()


________________________________________________________________________________________________________
*** CID 1305544:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sys/dev/pci/ixgbe/ixgbe.c: 2670 in ixgbe_allocate_msix()
2664     			aprint_error_dev(dev,
2665     			    "Failed to register QUE handler\n");
2666     			kcpuset_destroy(affinity);
2667     			return ENXIO;
2668     		}
2669     		que->msix = vector;
>>>     CID 1305544:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1 << que->msix" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "u64" (64 bits, unsigned).
2670             	adapter->que_mask |= (u64)(1 << que->msix);
2671     #ifdef	RSS
2672     		/*
2673     		 * The queue ID is used as the RSS layer bucket ID.
2674     		 * We look up the queue ID -> RSS CPU ID and select
2675     		 * that.


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-kernel?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Prev by Date: New Defects reported by Coverity Scan for NetBSD-i386-user
Next by Date: New Defects reported by Coverity Scan for NetBSD-i386-user
Previous by Thread: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Next by Thread: New Defects reported by Coverity Scan for NetBSD-i386-kernel
Indexes:
Home | Main Index | Thread Index | Old Index