Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
57 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
76 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 57 defect(s)
** CID 271729: Resource leaks (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/read-stringtable.c: 943 in stringtable_parse()
________________________________________________________________________________________________________
*** CID 271729: Resource leaks (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/read-stringtable.c: 943 in stringtable_parse()
937 else
938 {
939 po_xerror (PO_SEVERITY_ERROR, NULL,
940 real_file_name, gram_pos.line_number, (size_t)(-1),
941 false, _("\
942 warning: syntax error, expected ';' after string"));
>>> CID 271729: Resource leaks (RESOURCE_LEAK)
>>> Variable "msgstr" going out of scope leaks the storage it points to.
943 break;
944 }
945 }
946 else
947 {
948 po_xerror (PO_SEVERITY_ERROR, NULL,
** CID 272135: Resource leaks (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/msgmerge.c: 1691 in merge()
________________________________________________________________________________________________________
*** CID 272135: Resource leaks (RESOURCE_LEAK)
/external/gpl2/gettext/dist/gettext-tools/src/msgmerge.c: 1691 in merge()
1685 (long) stats.obsolete);
1686 else if (!quiet)
1687 fputs (_(" done.\n"), stderr);
1688
1689 /* Return results. */
1690 *defp = def;
>>> CID 272135: Resource leaks (RESOURCE_LEAK)
>>> Variable "empty_list" going out of scope leaks the storage it points to.
1691 return result;
** CID 600473: Null pointer dereferences (FORWARD_NULL)
/external/gpl2/diffutils/dist/src/diff.c: 1257 in compare_files()
________________________________________________________________________________________________________
*** CID 600473: Null pointer dereferences (FORWARD_NULL)
/external/gpl2/diffutils/dist/src/diff.c: 1257 in compare_files()
1251 || (unidirectional_new_file
1252 && cmp.file[0].desc == NONEXISTENT)))
1253 status = diff_dirs (&cmp, compare_files);
1254 else
1255 {
1256 char const *dir
>>> CID 600473: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "parent".
1257 = parent->file[cmp.file[0].desc == NONEXISTENT].name;
1258
1259 /* See POSIX 1003.1-2001 for this format. */
1260 message ("Only in %s: %s\n", dir, name0);
1261
1262 status = EXIT_FAILURE;
** CID 600477: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/gdb/ada-lang.c: 10672 in ada_evaluate_subexp()
________________________________________________________________________________________________________
*** CID 600477: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/gdb/dist/gdb/ada-lang.c: 10672 in ada_evaluate_subexp()
10666 {
10667 struct type *type_arg;
10668
10669 if (exp->elts[*pos].opcode == OP_TYPE)
10670 {
10671 evaluate_subexp (NULL_TYPE, exp, pos, EVAL_SKIP);
>>> CID 600477: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "arg1" = "NULL".
10672 arg1 = NULL;
10673 type_arg = check_typedef (exp->elts[pc + 2].type);
10674 }
10675 else
10676 {
10677 arg1 = evaluate_subexp (NULL_TYPE, exp, pos, noside);
** CID 602870: (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 132 in proper_name_utf8()
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 146 in proper_name_utf8()
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 154 in proper_name_utf8()
________________________________________________________________________________________________________
*** CID 602870: (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 132 in proper_name_utf8()
126 || (name_converted_translit != NULL
127 && strstr (translation, name_converted_translit) != NULL))
128 {
129 if (alloc_name_converted != NULL)
130 free (alloc_name_converted);
131 if (alloc_name_converted_translit != NULL)
>>> CID 602870: (DEADCODE)
>>> Execution cannot reach this statement: "free(alloc_name_converted_t...".
132 free (alloc_name_converted_translit);
133 return translation;
134 }
135 else
136 {
137 /* Return "TRANSLATION (NAME)". */
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 146 in proper_name_utf8()
140
141 sprintf (result, "%s (%s)", translation, name);
142
143 if (alloc_name_converted != NULL)
144 free (alloc_name_converted);
145 if (alloc_name_converted_translit != NULL)
>>> CID 602870: (DEADCODE)
>>> Execution cannot reach this statement: "free(alloc_name_converted_t...".
146 free (alloc_name_converted_translit);
147 return result;
148 }
149 }
150 else
151 {
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 154 in proper_name_utf8()
148 }
149 }
150 else
151 {
152 if (alloc_name_converted != NULL && alloc_name_converted != name)
153 free (alloc_name_converted);
>>> CID 602870: (DEADCODE)
>>> Execution cannot reach the expression "alloc_name_converted_translit != name" inside this statement: "if (alloc_name_converted_tr...".
154 if (alloc_name_converted_translit != NULL
155 && alloc_name_converted_translit != name)
156 free (alloc_name_converted_translit);
157 return name;
158 }
** CID 980971: Integer handling issues (SIGN_EXTENSION)
/sys/dev/usb/hid.c: 464 in hid_get_udata()
________________________________________________________________________________________________________
*** CID 980971: Integer handling issues (SIGN_EXTENSION)
/sys/dev/usb/hid.c: 464 in hid_get_udata()
458
459 data = 0;
460 off = hpos / 8;
461 num = (hpos + hsize + 7) / 8 - off;
462
463 for (i = 0; i < num; i++)
>>> CID 980971: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "buf[off + i]" with type "unsigned char" (8 bits, unsigned) is promoted in "buf[off + i] << i * 8U" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "buf[off + i] << i * 8U" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
464 data |= buf[off + i] << (i * 8);
465
466 data >>= hpos % 8;
467 if (hsize < sizeof(data) * NBBY)
468 data &= (1UL << hsize) - 1;
469
** CID 991186: Control flow issues (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 115 in proper_name_utf8()
________________________________________________________________________________________________________
*** CID 991186: Control flow issues (DEADCODE)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/propername.c: 115 in proper_name_utf8()
109 {
110 name_converted = name_utf8;
111 name_converted_translit = name_utf8;
112 }
113
114 /* The name in locale encoding. */
>>> CID 991186: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "name_converted_translit" inside this statement: "name = ((name_converted != ...".
115 name = (name_converted != NULL ? name_converted :
116 name_converted_translit != NULL ? name_converted_translit :
117 name_ascii);
118
119 if (translation != name_ascii)
120 {
** CID 1006746: (STRING_OVERFLOW)
/external/bsd/flex/dist/src/scan.l: 296 in flexscan()
/external/bsd/flex/dist/src/scan.l: 439 in flexscan()
/external/bsd/flex/dist/src/scan.l: 188 in flexscan()
/external/bsd/flex/dist/src/scan.l: 200 in flexscan()
________________________________________________________________________________________________________
*** CID 1006746: (STRING_OVERFLOW)
/external/bsd/flex/dist/src/scan.l: 296 in flexscan()
290 <PICKUPDEF>{
291 {WS} /* separates name and definition */
292
293 {NOT_WS}[^\r\n]* {
294 if(yyleng < MAXLINE)
295 {
>>> CID 1006746: (STRING_OVERFLOW)
>>> You might overrun the 2048 byte fixed-size string "nmdef" by copying "yytext" without checking the length.
296 strcpy( (char *) nmdef, yytext );
297 }
298 else
299 {
300 format_synerr( _("Definition value for {%s} too long\n"), nmstr);
301 FLEX_EXIT(EXIT_FAILURE);
/external/bsd/flex/dist/src/scan.l: 439 in flexscan()
433 }
434
435
436 \"[^"\n]*\" {
437 if(yyleng-1 < MAXLINE)
438 {
>>> CID 1006746: (STRING_OVERFLOW)
>>> You might overrun the 2048 byte fixed-size string "nmstr" by copying "yytext + 1" without checking the length.
439 strcpy( nmstr, yytext + 1 );
440 }
441 else
442 {
443 synerr( _("Option line too long\n"));
444 FLEX_EXIT(EXIT_FAILURE);
/external/bsd/flex/dist/src/scan.l: 188 in flexscan()
182 /* xgettext: no-c-format */
183 ^"%"[^sxaceknopr{}].* synerr( _( "unrecognized '%' directive" ) );
184
185 ^{NAME} {
186 if(yyleng < MAXLINE)
187 {
>>> CID 1006746: (STRING_OVERFLOW)
>>> You might overrun the 2048 byte fixed-size string "nmstr" by copying "yytext" without checking the length.
188 strcpy( nmstr, yytext );
189 }
190 else
191 {
192 synerr( _("Definition name too long\n"));
193 FLEX_EXIT(EXIT_FAILURE);
/external/bsd/flex/dist/src/scan.l: 200 in flexscan()
194 }
195
196 didadef = false;
197 BEGIN(PICKUPDEF);
198 }
199
>>> CID 1006746: (STRING_OVERFLOW)
>>> You might overrun the 2048 byte fixed-size string "nmstr" by copying "yytext" without checking the length.
200 {SCNAME} RETURNNAME;
201 ^{OPTWS}{NL} ++linenum; /* allows blank lines in section 1 */
202 {OPTWS}{NL} ACTION_ECHO; ++linenum; /* maybe end of comment line */
203 }
204
205
** CID 1056891: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet6.c: 491 in in6_addr_flags()
________________________________________________________________________________________________________
*** CID 1056891: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet6.c: 491 in in6_addr_flags()
485 int s;
486 struct in6_ifreq ifr;
487
488 if ((s = getsock(AF_INET6)) == -1)
489 err(EXIT_FAILURE, "%s: getsock", __func__);
490 memset(&ifr, 0, sizeof(ifr));
>>> CID 1056891: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on destination array "ifr.ifr_name" of size 16 bytes might leave the destination string unterminated.
491 strncpy(ifr.ifr_name, ifa->ifa_name, sizeof(ifr.ifr_name));
492 ifr.ifr_addr = *(struct sockaddr_in6 *)ifa->ifa_addr;
493 if (prog_ioctl(s, SIOCGIFAFLAG_IN6, &ifr) == -1)
494 err(EXIT_FAILURE, "SIOCGIFAFLAG_IN6");
495 return ifr.ifr_ifru.ifru_flags6 & flags ? true : false;
496 }
** CID 1233467: Security best practices violations (STRING_OVERFLOW)
/external/bsd/dhcp/dist/server/ddns.c: 1158 in ddns_update_lease_ptr()
________________________________________________________________________________________________________
*** CID 1233467: Security best practices violations (STRING_OVERFLOW)
/external/bsd/dhcp/dist/server/ddns.c: 1158 in ddns_update_lease_ptr()
1152 if (ddns_cb == NULL) {
1153 log_info("%s(%d): No control block for lease update",
1154 file, line);
1155 return (ISC_R_FAILURE);
1156 }
1157 else {
>>> CID 1233467: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 46 byte fixed-size string "ddns_address" by copying the return value of "piaddr" without checking the length.
1158 strcpy(ddns_address, piaddr(ddns_cb->address));
1159 }
1160 #if defined (DEBUG_DNS_UPDATES)
1161 log_info("%s(%d): Updating lease_ptr for ddns_cp=%p (addr=%s)",
1162 file, line, ddns_cb, ddns_address );
1163 #endif
** CID 1298238: (TAINTED_STRING)
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
________________________________________________________________________________________________________
*** CID 1298238: (TAINTED_STRING)
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
/external/bsd/dhcp/dist/client/dhclient.c: 465 in main()
459 e = fscanf(pidfd, "%ld\n", &temp);
460 oldpid = (pid_t)temp;
461
462 if (e != 0 && e != EOF && oldpid) {
463 if (kill(oldpid, SIGTERM) == 0) {
464 log_info("Killed old client process");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
465 (void) unlink(path_dhclient_pid);
466 /*
467 * wait for the old process to
468 * cleanly terminate.
469 * Note kill() with sig=0 could
470 * detect termination but only
/external/bsd/dhcp/dist/client/dhclient.c: 476 in main()
470 * detect termination but only
471 * the parent can be signaled...
472 */
473 sleep(1);
474 } else if (errno == ESRCH) {
475 log_info("Removed stale PID file");
>>> CID 1298238: (TAINTED_STRING)
>>> Passing tainted string "path_dhclient_pid" to "unlink", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
476 (void) unlink(path_dhclient_pid);
477 }
478 }
479 fclose(pidfd);
480 }
481 }
** CID 1298707: Uninitialized variables (UNINIT)
/sys/external/bsd/acpica/dist/compiler/dttable1.c: 1232 in DtCompileIort()
________________________________________________________________________________________________________
*** CID 1298707: Uninitialized variables (UNINIT)
/sys/external/bsd/acpica/dist/compiler/dttable1.c: 1232 in DtCompileIort()
1226 UINT32 NodeNumber;
1227 UINT32 NodeLength;
1228 UINT32 IdMappingNumber;
1229 UINT32 ItsNumber;
1230 UINT32 ContextIrptNumber;
1231 UINT32 PmuIrptNumber;
>>> CID 1298707: Uninitialized variables (UNINIT)
>>> Declaring variable "PaddingLength" without initializer.
1232 UINT32 PaddingLength;
1233
1234
1235 ParentTable = DtPeekSubtable ();
1236
1237 Status = DtCompileTable (PFieldList, AcpiDmTableInfoIort,
** CID 1311982: Error handling issues (CHECKED_RETURN)
/external/bsd/dhcp/dist/common/options.c: 4351 in parse_vendor_option()
________________________________________________________________________________________________________
*** CID 1311982: Error handling issues (CHECKED_RETURN)
/external/bsd/dhcp/dist/common/options.c: 4351 in parse_vendor_option()
4345 oc = lookup_option(vendor_cfg_option->universe,
4346 out_options, vendor_cfg_option->code);
4347 if (oc == NULL)
4348 return;
4349
4350 memset(&name, 0, sizeof(name));
>>> CID 1311982: Error handling issues (CHECKED_RETURN)
>>> Calling "evaluate_option_cache" without checking return value (as is done elsewhere 150 out of 157 times).
4351 evaluate_option_cache(&name, packet, lease, client_state,
4352 in_options, out_options, scope, oc, MDL);
4353
4354 /* No name, all done */
4355 if (name.len == 0)
4356 return;
** CID 1330835: Uninitialized variables (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 793 in gl_linked_iterator()
________________________________________________________________________________________________________
*** CID 1330835: Uninitialized variables (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 793 in gl_linked_iterator()
787 #ifdef lint
788 result.i = 0;
789 result.j = 0;
790 result.count = 0;
791 #endif
792
>>> CID 1330835: Uninitialized variables (UNINIT)
>>> Using uninitialized value "result". Field "result.count" is uninitialized.
793 return result;
794 }
795
796 static gl_list_iterator_t
797 gl_linked_iterator_from_to (gl_list_t list,
798 size_t start_index, size_t end_index)
** CID 1330836: Uninitialized variables (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 864 in gl_linked_iterator_from_to()
________________________________________________________________________________________________________
*** CID 1330836: Uninitialized variables (UNINIT)
/external/gpl2/gettext/dist/gettext-tools/gnulib-lib/gl_anylinked_list2.h: 864 in gl_linked_iterator_from_to()
858 #ifdef lint
859 result.i = 0;
860 result.j = 0;
861 result.count = 0;
862 #endif
863
>>> CID 1330836: Uninitialized variables (UNINIT)
>>> Using uninitialized value "result". Field "result.count" is uninitialized.
864 return result;
865 }
866
867 static bool
868 gl_linked_iterator_next (gl_list_iterator_t *iterator,
869 const void **eltp, gl_list_node_t *nodep)
** CID 1340268: (RESOURCE_LEAK)
/sys/external/bsd/acpica/dist/common/adisasm.c: 209 in AdAmlDisassemble()
/sys/external/bsd/acpica/dist/common/adisasm.c: 301 in AdAmlDisassemble()
________________________________________________________________________________________________________
*** CID 1340268: (RESOURCE_LEAK)
/sys/external/bsd/acpica/dist/common/adisasm.c: 209 in AdAmlDisassemble()
203
204 /* Process any user-specified files for external objects */
205
206 Status = AdDoExternalFileList (Filename);
207 if (ACPI_FAILURE (Status))
208 {
>>> CID 1340268: (RESOURCE_LEAK)
>>> Variable "ListHead" going out of scope leaks the storage it points to.
209 return (Status);
210 }
211 }
212 else
213 {
214 Status = AdGetLocalTables ();
/sys/external/bsd/acpica/dist/common/adisasm.c: 301 in AdAmlDisassemble()
295 fclose (File);
296 AcpiOsRedirectOutput (stdout);
297 }
298
299 AcpiPsDeleteParseTree (AcpiGbl_ParseOpRoot);
300 AcpiGbl_ParseOpRoot = NULL;
>>> CID 1340268: (RESOURCE_LEAK)
>>> Variable "ListHead" going out of scope leaks the storage it points to.
301 return (Status);
302 }
303
304
305 /******************************************************************************
306 *
** CID 1348201: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet.c: 234 in in_addr_flags()
________________________________________________________________________________________________________
*** CID 1348201: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/sbin/ifconfig/af_inet.c: 234 in in_addr_flags()
228 in_addr_flags(struct ifaddrs *ifa, int flags)
229 {
230 int s;
231 struct ifreq ifr;
232
233 memset(&ifr, 0, sizeof(ifr));
>>> CID 1348201: Memory - illegal accesses (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on destination array "ifr.ifr_name" of size 16 bytes might leave the destination string unterminated.
234 strncpy(ifr.ifr_name, ifa->ifa_name, sizeof(ifr.ifr_name));
235 ifr.ifr_addr = *ifa->ifa_addr;
236 if ((s = getsock(AF_INET)) == -1)
237 err(EXIT_FAILURE, "%s: getsock", __func__);
238 if (prog_ioctl(s, SIOCGIFAFLAG_IN, &ifr) == -1)
239 err(EXIT_FAILURE, "SIOCGIFAFLAG_IN");
** CID 1348202: Error handling issues (CHECKED_RETURN)
________________________________________________________________________________________________________
*** CID 1348202: Error handling issues (CHECKED_RETURN)
/external/bsd/tmux/dist/client.c: 594 in client_exec()
588 xasprintf(&argv0, "%s", name);
589 setenv("SHELL", shell, 1);
590
591 setblocking(STDIN_FILENO, 1);
592 setblocking(STDOUT_FILENO, 1);
593 setblocking(STDERR_FILENO, 1);
>>> CID 1348202: Error handling issues (CHECKED_RETURN)
>>> Calling "closefrom(3)" without checking return value. It wraps a library function that may fail and return an error code.
594 closefrom(STDERR_FILENO + 1);
595
596 execl(shell, argv0, "-c", shell_cmd, (char *) NULL);
597 fatal("execl failed");
598 }
599
** CID 1348203: (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 403 in AcValidateTableHeader()
/sys/external/bsd/acpica/dist/common/acfileio.c: 400 in AcValidateTableHeader()
________________________________________________________________________________________________________
*** CID 1348203: (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 403 in AcValidateTableHeader()
397 /* Read a potential table header */
398
399 OriginalOffset = ftell (File);
400 fseek (File, TableOffset, SEEK_SET);
401
402 Actual = fread (&TableHeader, 1, sizeof (ACPI_TABLE_HEADER), File);
>>> CID 1348203: (CHECKED_RETURN)
>>> Calling "fseek(File, OriginalOffset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
403 fseek (File, OriginalOffset, SEEK_SET);
404
405 if (Actual < sizeof (ACPI_TABLE_HEADER))
406 {
407 return (AE_ERROR);
408 }
/sys/external/bsd/acpica/dist/common/acfileio.c: 400 in AcValidateTableHeader()
394 ACPI_FUNCTION_TRACE ("AcValidateTableHeader");
395
396
397 /* Read a potential table header */
398
399 OriginalOffset = ftell (File);
>>> CID 1348203: (CHECKED_RETURN)
>>> Calling "fseek(File, TableOffset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
400 fseek (File, TableOffset, SEEK_SET);
401
402 Actual = fread (&TableHeader, 1, sizeof (ACPI_TABLE_HEADER), File);
403 fseek (File, OriginalOffset, SEEK_SET);
404
405 if (Actual < sizeof (ACPI_TABLE_HEADER))
** CID 1348204: Error handling issues (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 288 in AcGetOneTableFromFile()
________________________________________________________________________________________________________
*** CID 1348204: Error handling issues (CHECKED_RETURN)
/sys/external/bsd/acpica/dist/common/acfileio.c: 288 in AcGetOneTableFromFile()
282 {
283 return (AE_NO_MEMORY);
284 }
285
286 /* Read the entire ACPI table, including header */
287
>>> CID 1348204: Error handling issues (CHECKED_RETURN)
>>> Calling "fseek(File, TableOffset, 0)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
288 fseek (File, TableOffset, SEEK_SET);
289
290 Count = fread (Table, 1, TableHeader.Length, File);
291 if (Count != (INT32) TableHeader.Length)
292 {
293 Status = AE_ERROR;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index