Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
13 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
22 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 483248: (FORWARD_NULL)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 172 in verify_callback()
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 178 in verify_callback()
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 144 in verify_callback()
________________________________________________________________________________________________________
*** CID 483248: (FORWARD_NULL)
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 172 in verify_callback()
166 0, XN_FLAG_ONELINE);
167 BIO_puts(bio_err, "\n");
168 break;
169 case X509_V_ERR_CERT_NOT_YET_VALID:
170 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
171 BIO_printf(bio_err, "notBefore=");
>>> CID 483248: (FORWARD_NULL)
>>> Dereferencing null pointer "err_cert".
172 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
173 BIO_printf(bio_err, "\n");
174 break;
175 case X509_V_ERR_CERT_HAS_EXPIRED:
176 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
177 BIO_printf(bio_err, "notAfter=");
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 178 in verify_callback()
172 ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert));
173 BIO_printf(bio_err, "\n");
174 break;
175 case X509_V_ERR_CERT_HAS_EXPIRED:
176 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
177 BIO_printf(bio_err, "notAfter=");
>>> CID 483248: (FORWARD_NULL)
>>> Dereferencing null pointer "err_cert".
178 ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
179 BIO_printf(bio_err, "\n");
180 break;
181 case X509_V_ERR_NO_EXPLICIT_POLICY:
182 policies_print(bio_err, ctx);
183 break;
/crypto/external/bsd/openssl/dist/apps/s_cb.c: 144 in verify_callback()
138
139 err_cert = X509_STORE_CTX_get_current_cert(ctx);
140 err = X509_STORE_CTX_get_error(ctx);
141 depth = X509_STORE_CTX_get_error_depth(ctx);
142
143 BIO_printf(bio_err, "depth=%d ", depth);
>>> CID 483248: (FORWARD_NULL)
>>> Comparing "err_cert" to null implies that "err_cert" might be null.
144 if (err_cert) {
145 X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
146 0, XN_FLAG_ONELINE);
147 BIO_puts(bio_err, "\n");
148 } else
149 BIO_puts(bio_err, "<no cert>\n");
** CID 483257: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/openssl/dist/apps/enc.c: 240 in enc_main()
________________________________________________________________________________________________________
*** CID 483257: Resource leaks (RESOURCE_LEAK)
/crypto/external/bsd/openssl/dist/apps/enc.c: 240 in enc_main()
234 BIO_printf(bio_err, "unable to read key from '%s'\n", file);
235 goto bad;
236 }
237 buf[0] = '\0';
238 if (!fgets(buf, sizeof buf, infile)) {
239 BIO_printf(bio_err, "unable to read key from '%s'\n", file);
>>> CID 483257: Resource leaks (RESOURCE_LEAK)
>>> Variable "infile" going out of scope leaks the storage it points to.
240 goto bad;
241 }
242 fclose(infile);
243 i = strlen(buf);
244 if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
245 buf[--i] = '\0';
** CID 1011262: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1702 in rotate_serial()
________________________________________________________________________________________________________
*** CID 1011262: Error handling issues (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1702 in rotate_serial()
1696 buf[0], serialfile);
1697 #endif
1698 if (rename(buf[0], serialfile) < 0) {
1699 BIO_printf(bio_err,
1700 "unable to rename %s to %s\n", buf[0], serialfile);
1701 perror("reason");
>>> CID 1011262: Error handling issues (CHECKED_RETURN)
>>> Calling "rename(buf[1], serialfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1702 rename(buf[1], serialfile);
1703 goto err;
1704 }
1705 return 1;
1706 err:
1707 return 0;
** CID 1011263: (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1952 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1966 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1977 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1975 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1965 in rotate_index()
/crypto/external/bsd/openssl/dist/apps/apps.c: 1976 in rotate_index()
________________________________________________________________________________________________________
*** CID 1011263: (CHECKED_RETURN)
/crypto/external/bsd/openssl/dist/apps/apps.c: 1952 in rotate_index()
1946 #ifdef RL_DEBUG
1947 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
1948 #endif
1949 if (rename(buf[0], dbfile) < 0) {
1950 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
1951 perror("reason");
>>> CID 1011263: (CHECKED_RETURN)
>>> Calling "rename(buf[1], dbfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1952 rename(buf[1], dbfile);
1953 goto err;
1954 }
1955 #ifdef RL_DEBUG
1956 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[4], buf[3]);
1957 #endif
/crypto/external/bsd/openssl/dist/apps/apps.c: 1966 in rotate_index()
1960 && errno != ENOTDIR
1961 #endif
1962 ) {
1963 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
1964 perror("reason");
1965 rename(dbfile, buf[0]);
>>> CID 1011263: (CHECKED_RETURN)
>>> Calling "rename(buf[1], dbfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1966 rename(buf[1], dbfile);
1967 goto err;
1968 }
1969 #ifdef RL_DEBUG
1970 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
1971 #endif
/crypto/external/bsd/openssl/dist/apps/apps.c: 1977 in rotate_index()
1971 #endif
1972 if (rename(buf[2], buf[4]) < 0) {
1973 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1974 perror("reason");
1975 rename(buf[3], buf[4]);
1976 rename(dbfile, buf[0]);
>>> CID 1011263: (CHECKED_RETURN)
>>> Calling "rename(buf[1], dbfile)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1977 rename(buf[1], dbfile);
1978 goto err;
1979 }
1980 return 1;
1981 err:
1982 return 0;
/crypto/external/bsd/openssl/dist/apps/apps.c: 1975 in rotate_index()
1969 #ifdef RL_DEBUG
1970 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
1971 #endif
1972 if (rename(buf[2], buf[4]) < 0) {
1973 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1974 perror("reason");
>>> CID 1011263: (CHECKED_RETURN)
>>> Calling "rename(buf[3], buf[4])" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1975 rename(buf[3], buf[4]);
1976 rename(dbfile, buf[0]);
1977 rename(buf[1], dbfile);
1978 goto err;
1979 }
1980 return 1;
/crypto/external/bsd/openssl/dist/apps/apps.c: 1965 in rotate_index()
1959 #ifdef ENOTDIR
1960 && errno != ENOTDIR
1961 #endif
1962 ) {
1963 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
1964 perror("reason");
>>> CID 1011263: (CHECKED_RETURN)
>>> Calling "rename(dbfile, buf[0])" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1965 rename(dbfile, buf[0]);
1966 rename(buf[1], dbfile);
1967 goto err;
1968 }
1969 #ifdef RL_DEBUG
1970 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
/crypto/external/bsd/openssl/dist/apps/apps.c: 1976 in rotate_index()
1970 BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
1971 #endif
1972 if (rename(buf[2], buf[4]) < 0) {
1973 BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
1974 perror("reason");
1975 rename(buf[3], buf[4]);
>>> CID 1011263: (CHECKED_RETURN)
>>> Calling "rename(dbfile, buf[0])" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
1976 rename(dbfile, buf[0]);
1977 rename(buf[1], dbfile);
1978 goto err;
1979 }
1980 return 1;
1981 err:
** CID 1018138: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/lib/libdtrace/common/drti.c: 161 in dtrace_dof_init()
________________________________________________________________________________________________________
*** CID 1018138: Control flow issues (DEADCODE)
/external/cddl/osnet/dist/lib/libdtrace/common/drti.c: 161 in dtrace_dof_init()
155 #endif
156
157 if (lmid == 0) {
158 (void) snprintf(dh.dofhp_mod, sizeof (dh.dofhp_mod),
159 "%s", modname);
160 } else {
>>> CID 1018138: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "(void)snprintf(dh.dofhp_mod...".
161 (void) snprintf(dh.dofhp_mod, sizeof (dh.dofhp_mod),
162 "LM%lu`%s", lmid, modname);
163 }
164
165 if ((p = getenv("DTRACE_DOF_INIT_DEVNAME")) != NULL)
166 devnamep = p;
** CID 1291620: Control flow issues (DEADCODE)
/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c: 408 in ssl23_client_hello()
________________________________________________________________________________________________________
*** CID 1291620: Control flow issues (DEADCODE)
/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c: 408 in ssl23_client_hello()
402 return -1;
403 }
404 #endif
405 else if (version == SSL3_VERSION) {
406 version_major = SSL3_VERSION_MAJOR;
407 version_minor = SSL3_VERSION_MINOR;
>>> CID 1291620: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "if (version == 2) {
versi...".
408 } else if (version == SSL2_VERSION) {
409 version_major = SSL2_VERSION_MAJOR;
410 version_minor = SSL2_VERSION_MINOR;
411 } else {
412 SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
413 return (-1);
** CID 1315713: Error handling issues (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/InstrProfilingUtil.c: 32 in __llvm_profile_recursive_mkdir()
________________________________________________________________________________________________________
*** CID 1315713: Error handling issues (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/InstrProfilingUtil.c: 32 in __llvm_profile_recursive_mkdir()
26 for (i = 1; path[i] != '\0'; ++i) {
27 if (path[i] != '/') continue;
28 path[i] = '\0';
29 #ifdef _WIN32
30 _mkdir(path);
31 #else
>>> CID 1315713: Error handling issues (CHECKED_RETURN)
>>> Calling "mkdir(path, 493U)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
32 mkdir(path, 0755); /* Some of these will fail, ignore it. */
33 #endif
34 path[i] = '/';
35 }
** CID 1355428: Error handling issues (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 490 in llvm_gcda_end_file()
________________________________________________________________________________________________________
*** CID 1355428: Error handling issues (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 490 in llvm_gcda_end_file()
484 free(write_buffer);
485 } else {
486 unmap_file();
487 }
488
489 fclose(output_file);
>>> CID 1355428: Error handling issues (CHECKED_RETURN)
>>> Calling "flock" without checking return value (as is done elsewhere 51 out of 60 times).
490 flock(fd, LOCK_UN);
491 output_file = NULL;
492 write_buffer = NULL;
493 }
494 free(filename);
495
** CID 1355429: Null pointer dereferences (NULL_RETURNS)
/sys/net/npf/npf_rproc.c: 295 in npf_rproc_create()
________________________________________________________________________________________________________
*** CID 1355429: Null pointer dereferences (NULL_RETURNS)
/sys/net/npf/npf_rproc.c: 295 in npf_rproc_create()
289
290 if (!prop_dictionary_get_cstring_nocopy(rpdict, "name", &name)) {
291 return NULL;
292 }
293
294 rp = kmem_intr_zalloc(sizeof(npf_rproc_t), KM_SLEEP);
>>> CID 1355429: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "rp".
295 rp->rp_refcnt = 1;
296
297 strlcpy(rp->rp_name, name, RPROC_NAME_LEN);
298 prop_dictionary_get_uint32(rpdict, "flags", &rp->rp_flags);
299 return rp;
300 }
** CID 1355430: Resource leaks (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 296 in show_vtw_v4()
________________________________________________________________________________________________________
*** CID 1355430: Resource leaks (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 296 in show_vtw_v4()
290 vtw_tcpv4[i].lim.v4 += delta;
291 vtw_tcpv4[i].alloc.v4 += delta;
292 vtw_tcpv4[i].fat = &fat_tcpv4;
293
294 if (vtw_tcpv4[i].oldest.v4)
295 vtw_tcpv4[i].oldest.v4 += delta;
>>> CID 1355430: Resource leaks (RESOURCE_LEAK)
>>> Variable "ubase" going out of scope leaks the storage it points to.
296 }
297
298 /* snarf/adjust fat_ctl */
299
300 base = fat_tcpv4.base;
301 lim = fat_tcpv4.lim;
** CID 1355431: Resource leaks (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 397 in show_vtw_v6()
________________________________________________________________________________________________________
*** CID 1355431: Resource leaks (RESOURCE_LEAK)
/usr.bin/netstat/vtw.c: 397 in show_vtw_v6()
391 vtw_tcpv6[i].lim.v6 += delta;
392 vtw_tcpv6[i].alloc.v6 += delta;
393 vtw_tcpv6[i].fat = &fat_tcpv6;
394
395 if (vtw_tcpv6[i].oldest.v6)
396 vtw_tcpv6[i].oldest.v6 += delta;
>>> CID 1355431: Resource leaks (RESOURCE_LEAK)
>>> Variable "ubase" going out of scope leaks the storage it points to.
397 }
398
399 base = fat_tcpv6.base;
400 lim = fat_tcpv6.lim;
401
402 if (!base || !lim)
** CID 1355438: Null pointer dereferences (NULL_RETURNS)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_rlock.c: 190 in zfs_range_lock_writer()
________________________________________________________________________________________________________
*** CID 1355438: Null pointer dereferences (NULL_RETURNS)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_rlock.c: 190 in zfs_range_lock_writer()
184 */
185 rl = avl_find(tree, new, &where);
186 if (rl)
187 goto wait; /* already locked at same offset */
188
189 rl = (rl_t *)avl_nearest(tree, where, AVL_AFTER);
>>> CID 1355438: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "rl".
190 KASSERT(0 < rl->r_refcnt);
191 if (rl && (rl->r_off < new->r_off + new->r_len))
192 goto wait;
193
194 rl = (rl_t *)avl_nearest(tree, where, AVL_BEFORE);
195 KASSERT(0 < rl->r_refcnt);
** CID 1355439: (REVERSE_INULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_rlock.c: 191 in zfs_range_lock_writer()
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_rlock.c: 196 in zfs_range_lock_writer()
________________________________________________________________________________________________________
*** CID 1355439: (REVERSE_INULL)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_rlock.c: 191 in zfs_range_lock_writer()
185 rl = avl_find(tree, new, &where);
186 if (rl)
187 goto wait; /* already locked at same offset */
188
189 rl = (rl_t *)avl_nearest(tree, where, AVL_AFTER);
190 KASSERT(0 < rl->r_refcnt);
>>> CID 1355439: (REVERSE_INULL)
>>> Null-checking "rl" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
191 if (rl && (rl->r_off < new->r_off + new->r_len))
192 goto wait;
193
194 rl = (rl_t *)avl_nearest(tree, where, AVL_BEFORE);
195 KASSERT(0 < rl->r_refcnt);
196 if (rl && rl->r_off + rl->r_len > new->r_off)
/external/cddl/osnet/dist/uts/common/fs/zfs/zfs_rlock.c: 196 in zfs_range_lock_writer()
190 KASSERT(0 < rl->r_refcnt);
191 if (rl && (rl->r_off < new->r_off + new->r_len))
192 goto wait;
193
194 rl = (rl_t *)avl_nearest(tree, where, AVL_BEFORE);
195 KASSERT(0 < rl->r_refcnt);
>>> CID 1355439: (REVERSE_INULL)
>>> Null-checking "rl" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
196 if (rl && rl->r_off + rl->r_len > new->r_off)
197 goto wait;
198
199 new->r_type = RL_WRITER; /* convert possible RL_APPEND */
200 avl_insert(tree, new, where);
201 return;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index