Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
175 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
55 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 175 defect(s)
** CID 21202: (REVERSE_INULL)
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
________________________________________________________________________________________________________
*** CID 21202: (REVERSE_INULL)
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
553 {
554 if (heap->bloc_start <= b->data && b->data <= heap->end)
555 break;
556 heap = heap->next;
557 /* We know HEAP is not null now,
558 because there has to be space for bloc B. */
>>> CID 21202: (REVERSE_INULL)
>>> Directly dereferencing pointer "heap".
559 heap->first_bloc = NIL_BLOC;
560 heap->last_bloc = NIL_BLOC;
561 heap->free = heap->bloc_start;
562 }
563
564 /* Update HEAP's status for bloc B. */
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
553 {
554 if (heap->bloc_start <= b->data && b->data <= heap->end)
555 break;
556 heap = heap->next;
557 /* We know HEAP is not null now,
558 because there has to be space for bloc B. */
>>> CID 21202: (REVERSE_INULL)
>>> Directly dereferencing pointer "heap".
559 heap->first_bloc = NIL_BLOC;
560 heap->last_bloc = NIL_BLOC;
561 heap->free = heap->bloc_start;
562 }
563
564 /* Update HEAP's status for bloc B. */
/external/gpl2/libmalloc/dist/ralloc.c: 559 in update_heap_bloc_correspondence()
553 {
554 if (heap->bloc_start <= b->data && b->data <= heap->end)
555 break;
556 heap = heap->next;
557 /* We know HEAP is not null now,
558 because there has to be space for bloc B. */
>>> CID 21202: (REVERSE_INULL)
>>> Directly dereferencing pointer "heap".
559 heap->first_bloc = NIL_BLOC;
560 heap->last_bloc = NIL_BLOC;
561 heap->free = heap->bloc_start;
562 }
563
564 /* Update HEAP's status for bloc B. */
** CID 270355: Resource leaks (RESOURCE_LEAK)
/external/gpl3/binutils/dist/binutils/objcopy.c: 2464 in copy_object()
________________________________________________________________________________________________________
*** CID 270355: Resource leaks (RESOURCE_LEAK)
/external/gpl3/binutils/dist/binutils/objcopy.c: 2464 in copy_object()
2458
2459 left -= now;
2460 off += now;
2461 }
2462 }
2463 }
>>> CID 270355: Resource leaks (RESOURCE_LEAK)
>>> Variable "buf" going out of scope leaks the storage it points to.
2464 }
2465
2466 /* Allow the BFD backend to copy any private data it understands
2467 from the input BFD to the output BFD. This is done last to
2468 permit the routine to look at the filtered symbol table, which is
2469 important for the ECOFF code at least. */
** CID 274208: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/binutils/dist/bfd/merge.c: 340 in sec_merge_emit()
________________________________________________________________________________________________________
*** CID 274208: Null pointer dereferences (FORWARD_NULL)
/external/gpl3/binutils/dist/bfd/merge.c: 340 in sec_merge_emit()
334
335 /* Trailing alignment needed? */
336 off = sec->size - off;
337 if (off != 0)
338 {
339 if (contents)
>>> CID 274208: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pad" to "memcpy", which dereferences it.
340 memcpy (contents + offset, pad, off);
341 else if (bfd_bwrite (pad, off, abfd) != off)
342 goto err;
343 }
344
345 if (pad != NULL)
** CID 751135: Error handling issues (NEGATIVE_RETURNS)
/external/gpl2/libmalloc/dist/valloc.c: 48 in valloc()
________________________________________________________________________________________________________
*** CID 751135: Error handling issues (NEGATIVE_RETURNS)
/external/gpl2/libmalloc/dist/valloc.c: 48 in valloc()
42 valloc (size)
43 __malloc_size_t size;
44 {
45 if (pagesize == 0)
46 pagesize = __getpagesize ();
47
>>> CID 751135: Error handling issues (NEGATIVE_RETURNS)
>>> "pagesize" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
48 return memalign (pagesize, size);
** CID 985529: (NESTING_INDENT_MISMATCH)
/compat/amd64/i386/obj/external/cddl/osnet/lib/libdtrace/dt_lex.c: 1407 in yylex()
/external/cddl/osnet/lib/libdtrace/obj/dt_lex.c: 1407 in yylex()
________________________________________________________________________________________________________
*** CID 985529: (NESTING_INDENT_MISMATCH)
/compat/amd64/i386/obj/external/cddl/osnet/lib/libdtrace/dt_lex.c: 1407 in yylex()
1401 YY_USER_INIT;
1402 #endif
1403
1404 /* Create the reject buffer large enough to save one state per allowed character. */
1405 if ( ! (yy_state_buf) )
1406 (yy_state_buf) = (yy_state_type *)yyalloc(YY_STATE_BUF_SIZE );
>>> CID 985529: (NESTING_INDENT_MISMATCH)
>>> This 'if' statement is indented to column 13, as if it were nested within the preceding parent statement, but it is not.
1407 if ( ! (yy_state_buf) )
1408 YY_FATAL_ERROR( "out of dynamic memory in yylex()" );
1409
1410 if ( ! (yy_start) )
1411 (yy_start) = 1; /* first start state */
1412
/external/cddl/osnet/lib/libdtrace/obj/dt_lex.c: 1407 in yylex()
1401 YY_USER_INIT;
1402 #endif
1403
1404 /* Create the reject buffer large enough to save one state per allowed character. */
1405 if ( ! (yy_state_buf) )
1406 (yy_state_buf) = (yy_state_type *)yyalloc(YY_STATE_BUF_SIZE );
>>> CID 985529: (NESTING_INDENT_MISMATCH)
>>> This 'if' statement is indented to column 13, as if it were nested within the preceding parent statement, but it is not.
1407 if ( ! (yy_state_buf) )
1408 YY_FATAL_ERROR( "out of dynamic memory in yylex()" );
1409
1410 if ( ! (yy_start) )
1411 (yy_start) = 1; /* first start state */
1412
** CID 991522: (RESOURCE_LEAK)
/external/gpl3/gdb/dist/bfd/elflink.c: 9521 in elf_link_input_bfd()
/external/gpl3/gdb/dist/bfd/elflink.c: 9562 in elf_link_input_bfd()
/external/gpl3/gdb/dist/bfd/elflink.c: 9586 in elf_link_input_bfd()
/external/gpl3/gdb/dist/bfd/elflink.c: 9793 in elf_link_input_bfd()
/external/gpl3/binutils/dist/bfd/elflink.c: 9749 in elf_link_input_bfd()
/external/gpl3/binutils/dist/bfd/elflink.c: 9798 in elf_link_input_bfd()
/external/gpl3/binutils/dist/bfd/elflink.c: 9822 in elf_link_input_bfd()
/external/gpl3/binutils/dist/bfd/elflink.c: 10030 in elf_link_input_bfd()
________________________________________________________________________________________________________
*** CID 991522: (RESOURCE_LEAK)
/external/gpl3/gdb/dist/bfd/elflink.c: 9521 in elf_link_input_bfd()
9515 continue;
9516
9517 /* Get the name of the symbol. */
9518 name = bfd_elf_string_from_elf_section (input_bfd, symtab_hdr->sh_link,
9519 isym->st_name);
9520 if (name == NULL)
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9521 return FALSE;
9522
9523 /* See if we are discarding symbols with this name. */
9524 if ((flinfo->info->strip == strip_some
9525 && (bfd_hash_lookup (flinfo->info->keep_hash, name, FALSE, FALSE)
9526 == NULL))
/external/gpl3/gdb/dist/bfd/elflink.c: 9562 in elf_link_input_bfd()
9556 osym = *isym;
9557
9558 /* Adjust the section index for the output file. */
9559 osym.st_shndx = _bfd_elf_section_from_bfd_section (output_bfd,
9560 isec->output_section);
9561 if (osym.st_shndx == SHN_BAD)
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9562 return FALSE;
9563
9564 /* ELF symbols in relocatable files are section relative, but
9565 in executable files they are virtual addresses. Note that
9566 this code assumes that all ELF sections have an associated
9567 BFD section with a reasonable value for output_offset; below
/external/gpl3/gdb/dist/bfd/elflink.c: 9586 in elf_link_input_bfd()
9580 }
9581 }
9582
9583 indx = bfd_get_symcount (output_bfd);
9584 ret = elf_link_output_sym (flinfo, name, &osym, isec, NULL);
9585 if (ret == 0)
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9586 return FALSE;
9587 else if (ret == 1)
9588 *pindex = indx;
9589 }
9590
9591 if (bed->s->arch_size == 32)
/external/gpl3/gdb/dist/bfd/elflink.c: 9793 in elf_link_input_bfd()
9787 sprintf_vma (buffer, rel->r_info);
9788 (*_bfd_error_handler)
9789 (_("error: %B contains a reloc (0x%s) for section %A "
9790 "that references a non-existent global symbol"),
9791 input_bfd, o, buffer);
9792 bfd_set_error (bfd_error_bad_value);
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9793 return FALSE;
9794 }
9795
9796 while (h->root.type == bfd_link_hash_indirect
9797 || h->root.type == bfd_link_hash_warning)
9798 h = (struct elf_link_hash_entry *) h->root.u.i.link;
/external/gpl3/binutils/dist/bfd/elflink.c: 9749 in elf_link_input_bfd()
9743 continue;
9744
9745 /* Get the name of the symbol. */
9746 name = bfd_elf_string_from_elf_section (input_bfd, symtab_hdr->sh_link,
9747 isym->st_name);
9748 if (name == NULL)
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9749 return FALSE;
9750
9751 /* See if we are discarding symbols with this name. */
9752 if ((flinfo->info->strip == strip_some
9753 && (bfd_hash_lookup (flinfo->info->keep_hash, name, FALSE, FALSE)
9754 == NULL))
/external/gpl3/binutils/dist/bfd/elflink.c: 9798 in elf_link_input_bfd()
9792 osym = *isym;
9793
9794 /* Adjust the section index for the output file. */
9795 osym.st_shndx = _bfd_elf_section_from_bfd_section (output_bfd,
9796 isec->output_section);
9797 if (osym.st_shndx == SHN_BAD)
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9798 return FALSE;
9799
9800 /* ELF symbols in relocatable files are section relative, but
9801 in executable files they are virtual addresses. Note that
9802 this code assumes that all ELF sections have an associated
9803 BFD section with a reasonable value for output_offset; below
/external/gpl3/binutils/dist/bfd/elflink.c: 9822 in elf_link_input_bfd()
9816 }
9817 }
9818
9819 indx = bfd_get_symcount (output_bfd);
9820 ret = elf_link_output_symstrtab (flinfo, name, &osym, isec, NULL);
9821 if (ret == 0)
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
9822 return FALSE;
9823 else if (ret == 1)
9824 *pindex = indx;
9825 }
9826
9827 if (bed->s->arch_size == 32)
/external/gpl3/binutils/dist/bfd/elflink.c: 10030 in elf_link_input_bfd()
10024 sprintf_vma (buffer, rel->r_info);
10025 (*_bfd_error_handler)
10026 (_("error: %B contains a reloc (0x%s) for section %A "
10027 "that references a non-existent global symbol"),
10028 input_bfd, o, buffer);
10029 bfd_set_error (bfd_error_bad_value);
>>> CID 991522: (RESOURCE_LEAK)
>>> Variable "isymbuf" going out of scope leaks the storage it points to.
10030 return FALSE;
10031 }
10032
10033 while (h->root.type == bfd_link_hash_indirect
10034 || h->root.type == bfd_link_hash_warning)
10035 h = (struct elf_link_hash_entry *) h->root.u.i.link;
** CID 1006482: (UNINIT)
/external/cddl/osnet/dist/uts/common/dtrace/dtrace.c: 7226 in dtrace_match()
/external/cddl/osnet/dist/uts/common/dtrace/dtrace.c: 7226 in dtrace_match()
/external/cddl/osnet/dist/uts/common/dtrace/dtrace.c: 7226 in dtrace_match()
________________________________________________________________________________________________________
*** CID 1006482: (UNINIT)
/external/cddl/osnet/dist/uts/common/dtrace/dtrace.c: 7226 in dtrace_match()
7220 }
7221
7222 static int
7223 dtrace_match(const dtrace_probekey_t *pkp, uint32_t priv, uid_t uid,
7224 zoneid_t zoneid, int (*matched)(dtrace_probe_t *, void *), void *arg)
7225 {
>>> CID 1006482: (UNINIT)
>>> Declaring variable "template" without initializer.
7226 dtrace_probe_t template, *probe;
7227 dtrace_hash_t *hash = NULL;
7228 int len, rc, best = INT_MAX, nmatched = 0;
7229 dtrace_id_t i;
7230
7231 ASSERT(MUTEX_HELD(&dtrace_lock));
/external/cddl/osnet/dist/uts/common/dtrace/dtrace.c: 7226 in dtrace_match()
7220 }
7221
7222 static int
7223 dtrace_match(const dtrace_probekey_t *pkp, uint32_t priv, uid_t uid,
7224 zoneid_t zoneid, int (*matched)(dtrace_probe_t *, void *), void *arg)
7225 {
>>> CID 1006482: (UNINIT)
>>> Declaring variable "template" without initializer.
7226 dtrace_probe_t template, *probe;
7227 dtrace_hash_t *hash = NULL;
7228 int len, rc, best = INT_MAX, nmatched = 0;
7229 dtrace_id_t i;
7230
7231 ASSERT(MUTEX_HELD(&dtrace_lock));
/external/cddl/osnet/dist/uts/common/dtrace/dtrace.c: 7226 in dtrace_match()
7220 }
7221
7222 static int
7223 dtrace_match(const dtrace_probekey_t *pkp, uint32_t priv, uid_t uid,
7224 zoneid_t zoneid, int (*matched)(dtrace_probe_t *, void *), void *arg)
7225 {
>>> CID 1006482: (UNINIT)
>>> Declaring variable "template" without initializer.
7226 dtrace_probe_t template, *probe;
7227 dtrace_hash_t *hash = NULL;
7228 int len, rc, best = INT_MAX, nmatched = 0;
7229 dtrace_id_t i;
7230
7231 ASSERT(MUTEX_HELD(&dtrace_lock));
** CID 1006554: Uninitialized variables (UNINIT)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 827 in intrinsic()
________________________________________________________________________________________________________
*** CID 1006554: Uninitialized variables (UNINIT)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 827 in intrinsic()
821 intr->intr_nbits = width * 8;
822 break;
823 }
824
825 tdp = xcalloc(sizeof (*tdp));
826 tdp->t_type = INTRINSIC;
>>> CID 1006554: Uninitialized variables (UNINIT)
>>> Using uninitialized value "width".
827 tdp->t_size = width;
828 tdp->t_name = NULL;
829 tdp->t_intr = intr;
830 parse_debug(3, NULL, "intrinsic: size=%d", width);
831 *rtdp = tdp;
832
** CID 1006622: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 1006622: Insecure data handling (TAINTED_STRING)
/external/cddl/osnet/dist/tools/ctf/cvt/ctfmerge.c: 900 in main()
894 /*
895 * This is ugly, but we don't want to have to have a separate tool
896 * (yet) just for copying an ELF section with our specific requirements,
897 * so we shoe-horn a copier into ctfmerge.
898 */
899 if (docopy) {
>>> CID 1006622: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "argv[optind + 1]" to "copy_ctf_data", which cannot accept tainted data.
900 copy_ctf_data(argv[optind], argv[optind + 1], keep_stabs);
901
902 exit(0);
903 }
904
905 set_terminate_cleanup(terminate_cleanup);
** CID 1006623: Insecure data handling (TAINTED_STRING)
/external/cddl/osnet/dist/tools/ctf/cvt/ctfconvert.c: 261 in main()
________________________________________________________________________________________________________
*** CID 1006623: Insecure data handling (TAINTED_STRING)
/external/cddl/osnet/dist/tools/ctf/cvt/ctfconvert.c: 261 in main()
255 */
256 if (outfile && strcmp(infile, outfile) != 0) {
257 write_ctf(mstrtd, infile, outfile, dynsym | keep_stabs);
258 } else {
259 char *tmpname = mktmpname(infile, ".ctf");
260 write_ctf(mstrtd, infile, tmpname, dynsym | keep_stabs);
>>> CID 1006623: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "infile" to "rename", which cannot accept tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
261 if (rename(tmpname, infile) != 0)
262 terminate("Couldn't rename temp file %s", tmpname);
263 free(tmpname);
264 }
265
266 return (0);
** CID 1006658: (TAINTED_SCALAR)
/external/cddl/osnet/dev/dtrace/dtrace_ioctl.c: 350 in dtrace_ioctl()
/external/cddl/osnet/dev/dtrace/dtrace_ioctl.c: 350 in dtrace_ioctl()
________________________________________________________________________________________________________
*** CID 1006658: (TAINTED_SCALAR)
/external/cddl/osnet/dev/dtrace/dtrace_ioctl.c: 350 in dtrace_ioctl()
344 if (p->dof == NULL) {
345 dtrace_enabling_matchall();
346
347 return (0);
348 }
349
>>> CID 1006658: (TAINTED_SCALAR)
>>> Assigning: "dof" = "dtrace_dof_copyin", which taints "dof".
350 if ((dof = dtrace_dof_copyin((uintptr_t) p->dof, &rval)) == NULL)
351 return (EINVAL);
352
353 mutex_enter(&cpu_lock);
354 mutex_enter(&dtrace_lock);
355 vstate = &state->dts_vstate;
/external/cddl/osnet/dev/dtrace/dtrace_ioctl.c: 350 in dtrace_ioctl()
344 if (p->dof == NULL) {
345 dtrace_enabling_matchall();
346
347 return (0);
348 }
349
>>> CID 1006658: (TAINTED_SCALAR)
>>> Assigning: "dof" = "dtrace_dof_copyin", which taints "dof".
350 if ((dof = dtrace_dof_copyin((uintptr_t) p->dof, &rval)) == NULL)
351 return (EINVAL);
352
353 mutex_enter(&cpu_lock);
354 mutex_enter(&dtrace_lock);
355 vstate = &state->dts_vstate;
** CID 1006773: Security best practices violations (STRING_OVERFLOW)
/external/cddl/osnet/dev/profile/profile.c: 261 in profile_create()
________________________________________________________________________________________________________
*** CID 1006773: Security best practices violations (STRING_OVERFLOW)
/external/cddl/osnet/dev/profile/profile.c: 261 in profile_create()
255 if (profile_total > profile_max) {
256 atomic_add_32(&profile_total, -1);
257 return;
258 }
259
260 prof = kmem_zalloc(sizeof (profile_probe_t), KM_SLEEP);
>>> CID 1006773: Security best practices violations (STRING_OVERFLOW)
>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
261 (void) strcpy(prof->prof_name, name);
262 prof->prof_interval = interval;
263 prof->prof_cyclic = CYCLIC_NONE;
264 prof->prof_kind = kind;
265 prof->prof_id = dtrace_probe_create(profile_id,
266 NULL, NULL, name,
** CID 1007189: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c: 386 in stabs_read()
________________________________________________________________________________________________________
*** CID 1007189: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c: 386 in stabs_read()
380 resolve_typed_bitfields();
381 parse_finish(td);
382
383 cvt_fixstabs(td);
384 cvt_fixups(td, elf_ptrsz(elf));
385
>>> CID 1007189: Resource leaks (RESOURCE_LEAK)
>>> Variable "fstr" going out of scope leaks the storage it points to.
386 return (0);
** CID 1007190: (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c: 386 in stabs_read()
/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c: 386 in stabs_read()
________________________________________________________________________________________________________
*** CID 1007190: (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c: 386 in stabs_read()
380 resolve_typed_bitfields();
381 parse_finish(td);
382
383 cvt_fixstabs(td);
384 cvt_fixups(td, elf_ptrsz(elf));
385
>>> CID 1007190: (RESOURCE_LEAK)
>>> Variable "file_stack" going out of scope leaks the storage it points to.
386 return (0);
/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c: 386 in stabs_read()
380 resolve_typed_bitfields();
381 parse_finish(td);
382
383 cvt_fixstabs(td);
384 cvt_fixups(td, elf_ptrsz(elf));
385
>>> CID 1007190: (RESOURCE_LEAK)
>>> Variable "file_stack" going out of scope leaks the storage it points to.
386 return (0);
** CID 1007191: (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 957 in soudef()
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 975 in soudef()
________________________________________________________________________________________________________
*** CID 1007191: (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 957 in soudef()
951 parse_debug(3, NULL, " refers to %s (%d, %s)",
952 w ? w : "anon", h, tdesc_name(tdp));
953 }
954
955 cp = offsize(cp, mlp);
956
>>> CID 1007191: (RESOURCE_LEAK)
>>> Overwriting "itdp" in "itdp = find_intrinsic(tdp)" leaks the storage that "itdp" points to.
957 itdp = find_intrinsic(tdp);
958 if (itdp->t_type == INTRINSIC) {
959 if ((int)mlp->ml_size != itdp->t_intr->intr_nbits) {
960 parse_debug(4, cp, "making %d bit intrinsic "
961 "from %s", mlp->ml_size, tdesc_name(itdp));
962 mlp->ml_type = bitintrinsic(itdp, mlp->ml_size);
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 975 in soudef()
969 mlp->ml_type = tdp;
970 }
971
972 /* cp is now pointing to next field */
973 prev = &mlp->ml_next;
974 }
>>> CID 1007191: (RESOURCE_LEAK)
>>> Variable "tdp" going out of scope leaks the storage it points to.
975 return (cp);
976 }
977
978 static char *
979 arraydef(char *cp, tdesc_t **rtdp)
980 {
** CID 1007192: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 447 in parse_stab()
________________________________________________________________________________________________________
*** CID 1007192: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 447 in parse_stab()
441 case N_STSYM:
442 parse = parse_sym;
443 break;
444 default:
445 parse_debug(1, cp, "Unknown stab type %#x", stab->n_type);
446 bzero(&resetbuf, sizeof (resetbuf));
>>> CID 1007192: Resource leaks (RESOURCE_LEAK)
>>> Variable "ii" going out of scope leaks the storage it points to.
447 return (-1);
448 }
449
450 rc = parse(cp, ii);
451 bzero(&resetbuf, sizeof (resetbuf));
452
** CID 1007193: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 237 in parse_fun()
________________________________________________________________________________________________________
*** CID 1007193: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 237 in parse_fun()
231 }
232
233 nargs++;
234 if (nargs > FUNCARG_DEF)
235 args = xrealloc(args, sizeof (tdesc_t *) * nargs);
236 if (!(cp = read_tid(cp, &args[nargs - 1])))
>>> CID 1007193: Resource leaks (RESOURCE_LEAK)
>>> Variable "tdp" going out of scope leaks the storage it points to.
237 return (-1);
238 }
239
240 ii->ii_type = iitype;
241 ii->ii_dtype = tdp;
242 ii->ii_nargs = nargs;
** CID 1007194: (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 237 in parse_fun()
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 237 in parse_fun()
________________________________________________________________________________________________________
*** CID 1007194: (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 237 in parse_fun()
231 }
232
233 nargs++;
234 if (nargs > FUNCARG_DEF)
235 args = xrealloc(args, sizeof (tdesc_t *) * nargs);
236 if (!(cp = read_tid(cp, &args[nargs - 1])))
>>> CID 1007194: (RESOURCE_LEAK)
>>> Variable "args" going out of scope leaks the storage it points to.
237 return (-1);
238 }
239
240 ii->ii_type = iitype;
241 ii->ii_dtype = tdp;
242 ii->ii_nargs = nargs;
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 237 in parse_fun()
231 }
232
233 nargs++;
234 if (nargs > FUNCARG_DEF)
235 args = xrealloc(args, sizeof (tdesc_t *) * nargs);
236 if (!(cp = read_tid(cp, &args[nargs - 1])))
>>> CID 1007194: (RESOURCE_LEAK)
>>> Variable "args" going out of scope leaks the storage it points to.
237 return (-1);
238 }
239
240 ii->ii_type = iitype;
241 ii->ii_dtype = tdp;
242 ii->ii_nargs = nargs;
** CID 1007195: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/dwarf.c: 1685 in die_function_create()
________________________________________________________________________________________________________
*** CID 1007195: Resource leaks (RESOURCE_LEAK)
/external/cddl/osnet/dist/tools/ctf/cvt/dwarf.c: 1685 in die_function_create()
1679 free(name1);
1680 ii->ii_vargs = 1;
1681 continue;
1682 }
1683
1684 ii->ii_nargs++;
>>> CID 1007195: Resource leaks (RESOURCE_LEAK)
>>> Variable "name1" going out of scope leaks the storage it points to.
1685 }
1686
1687 if (ii->ii_nargs > 0) {
1688 int i;
1689
1690 debug(3, "die %ju: function has %d argument%s\n",
** CID 1007248: Security best practices violations (STRING_OVERFLOW)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 104 in parse_debug()
________________________________________________________________________________________________________
*** CID 1007248: Security best practices violations (STRING_OVERFLOW)
/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c: 104 in parse_debug()
98 if (!iscntrl((unsigned char)cp[i]))
99 tmp[i] = cp[i];
100 }
101 tmp[i] = '\0';
102 (void) snprintf(buf, sizeof (buf), "%s [cp='%s']\n", fmt, tmp);
103 } else {
>>> CID 1007248: Security best practices violations (STRING_OVERFLOW)
>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
104 strcpy(buf, fmt);
105 strcat(buf, "\n");
106 }
107
108 va_start(ap, fmt);
109 vadebug(level, buf, ap);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index