Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.

94 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
42 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 94 defect(s)


** CID 30220:  Null pointer dereferences  (REVERSE_INULL)
/external/gpl3/gcc/dist/libcpp/traditional.c: 313 in _cpp_read_logical_line_trad()


________________________________________________________________________________________________________
*** CID 30220:  Null pointer dereferences  (REVERSE_INULL)
/external/gpl3/gcc/dist/libcpp/traditional.c: 313 in _cpp_read_logical_line_trad()
307           if (pfile->buffer->need_line && !_cpp_get_fresh_line (pfile))
308     	return false;
309         }
310       while (!_cpp_scan_out_logical_line (pfile, NULL, false)
311     	 || pfile->state.skipping);
312     
>>>     CID 30220:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "pfile->buffer" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
313       return pfile->buffer != NULL;
314     }
315     
316     /* Return true if NODE is a fun_like macro.  */
317     static inline bool
318     fun_like_macro (cpp_hashnode *node)

** CID 30273:  Control flow issues  (DEADCODE)
/external/gpl3/gcc/dist/libcpp/charset.c: 1807 in _cpp_default_encoding()


________________________________________________________________________________________________________
*** CID 30273:  Control flow issues  (DEADCODE)
/external/gpl3/gcc/dist/libcpp/charset.c: 1807 in _cpp_default_encoding()
1801            would be friendly to support.
1802          (Zack Weinberg and Paolo Bonzini, May 20th 2004)  */
1803     #if defined (HAVE_LOCALE_H) && defined (HAVE_LANGINFO_CODESET) && 0
1804       setlocale (LC_CTYPE, "");
1805       current_encoding = nl_langinfo (CODESET);
1806     #endif
>>>     CID 30273:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "*current_encoding == 0" inside this statement: "if (current_encoding == NUL...".
1807       if (current_encoding == NULL || *current_encoding == '\0')
1808         current_encoding = SOURCE_CHARSET;
1809     
1810       return current_encoding;

** CID 30848:    (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1881 in _cpp_save_file_entries()
/external/gpl3/gcc/dist/libcpp/files.c: 1883 in _cpp_save_file_entries()
/external/gpl3/gcc/dist/libcpp/files.c: 1829 in _cpp_save_file_entries()


________________________________________________________________________________________________________
*** CID 30848:    (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1881 in _cpp_save_file_entries()
1875       result_size = (sizeof (struct pchf_data)
1876                      + sizeof (struct pchf_entry) * (result->count - 1));
1877     
1878       qsort (result->entries, result->count, sizeof (struct pchf_entry),
1879     	 pchf_save_compare);
1880     
>>>     CID 30848:    (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "result_size" used as critical argument to function. [Note: The source code implementation of the function has been overridden by a builtin model.]
1881       ret = fwrite (result, result_size, 1, fp) == 1;
1882       free (result);
1883       return ret;
1884     }
1885     
1886     /* Read the pchf_data structure from F.  */
/external/gpl3/gcc/dist/libcpp/files.c: 1883 in _cpp_save_file_entries()
1877     
1878       qsort (result->entries, result->count, sizeof (struct pchf_entry),
1879     	 pchf_save_compare);
1880     
1881       ret = fwrite (result, result_size, 1, fp) == 1;
1882       free (result);
>>>     CID 30848:    (INTEGER_OVERFLOW)
>>>     Overflowed or truncated value (or a value computed from an overflowed or truncated value) "ret" used as return value.
1883       return ret;
1884     }
1885     
1886     /* Read the pchf_data structure from F.  */
1887     
1888     bool
/external/gpl3/gcc/dist/libcpp/files.c: 1829 in _cpp_save_file_entries()
1823       _cpp_file *f;
1824       bool ret;
1825     
1826       for (f = pfile->all_files; f; f = f->next_file)
1827         ++count;
1828     
>>>     CID 30848:    (INTEGER_OVERFLOW)
>>>     Assigning overflowed or truncated value (or a value computed from an overflowed or a truncated value) to "result_size".
1829       result_size = (sizeof (struct pchf_data)
1830     		 + sizeof (struct pchf_entry) * (count - 1));
1831       result = XCNEWVAR (struct pchf_data, result_size);
1832     
1833       result->count = 0;
1834       result->have_once_only = false;

** CID 721886:  Control flow issues  (DEADCODE)
/external/gpl3/gcc/dist/libcpp/lex.c: 496 in init_vectorized_lexer()()


________________________________________________________________________________________________________
*** CID 721886:  Control flow issues  (DEADCODE)
/external/gpl3/gcc/dist/libcpp/lex.c: 496 in init_vectorized_lexer()()
490       minimum = 2;
491     #elif defined(__SSE__)
492       minimum = 1;
493     #endif
494     
495       if (minimum == 3)
>>>     CID 721886:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "impl = search_line_sse42;".
496         impl = search_line_sse42;
497       else if (__get_cpuid (1, &dummy, &dummy, &ecx, &edx) || minimum == 2)
498         {
499           if (minimum == 3 || (ecx & bit_SSE4_2))
500             impl = search_line_sse42;
501           else if (minimum == 2 || (edx & bit_SSE2))

** CID 722209:  Control flow issues  (MISSING_BREAK)
/external/gpl3/gcc/dist/libcpp/pch.c: 59 in write_macdef(cpp_reader *, cpp_hashnode *, void *)()


________________________________________________________________________________________________________
*** CID 722209:  Control flow issues  (MISSING_BREAK)
/external/gpl3/gcc/dist/libcpp/pch.c: 59 in write_macdef(cpp_reader *, cpp_hashnode *, void *)()
53       switch (hn->type)
54         {
55         case NT_VOID:
56           if (! (hn->flags & NODE_POISONED))
57     	return 1;
58     
>>>     CID 722209:  Control flow issues  (MISSING_BREAK)
>>>     The above case falls through to this one.
59         case NT_MACRO:
60           if ((hn->flags & NODE_BUILTIN)
61     	  && (!pfile->cb.user_builtin_macro
62     	      || !pfile->cb.user_builtin_macro (pfile, hn)))
63     	return 1;
64     

** CID 722294:    (NEGATIVE_RETURNS)
/external/gpl3/gcc/dist/libcpp/files.c: 770 in read_file(cpp_reader *, _cpp_file *)()
/external/gpl3/gcc/dist/libcpp/files.c: 763 in read_file(cpp_reader *, _cpp_file *)()


________________________________________________________________________________________________________
*** CID 722294:    (NEGATIVE_RETURNS)
/external/gpl3/gcc/dist/libcpp/files.c: 770 in read_file(cpp_reader *, _cpp_file *)()
764         {
765           open_file_failed (pfile, file, 0);
766           return false;
767         }
768     
769       file->dont_read = !read_file_guts (pfile, file);
>>>     CID 722294:    (NEGATIVE_RETURNS)
>>>     "file->fd" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
770       close (file->fd);
771       file->fd = -1;
772     
773       return !file->dont_read;
774     }
775     
/external/gpl3/gcc/dist/libcpp/files.c: 763 in read_file(cpp_reader *, _cpp_file *)()
757         return true;
758     
759       /* If an earlier read failed for some reason don't try again.  */
760       if (file->dont_read || file->err_no)
761         return false;
762     
>>>     CID 722294:    (NEGATIVE_RETURNS)
>>>     Variable "file->fd" tests negative.
763       if (file->fd == -1 && !open_file (file))
764         {
765           open_file_failed (pfile, file, 0);
766           return false;
767         }
768     

** CID 724488:  Memory - illegal accesses  (OVERRUN)
/external/gpl3/gcc/dist/libcpp/files.c: 342 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()


________________________________________________________________________________________________________
*** CID 724488:  Memory - illegal accesses  (OVERRUN)
/external/gpl3/gcc/dist/libcpp/files.c: 342 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()
336     		continue;
337     	      if (dlen + plen > len)
338     		{
339     		  len += dlen + 64;
340     		  pchname = XRESIZEVEC (char, pchname, len);
341     		}
>>>     CID 724488:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning dynamic array "pchname" at offset corresponding to index variable "plen" through dereference in call to "memcpy".
342     	      memcpy (pchname + plen, d->d_name, dlen);
343     	      valid = validate_pch (pfile, file, pchname);
344     	      if (valid)
345     		break;
346     	    }
347     	  closedir (pchdir);

** CID 724489:  Memory - illegal accesses  (OVERRUN)
/external/gpl3/gcc/dist/libcpp/lex.c: 2970 in cpp_avoid_paste(cpp_reader *, const cpp_token *, const cpp_token *)()


________________________________________________________________________________________________________
*** CID 724489:  Memory - illegal accesses  (OVERRUN)
/external/gpl3/gcc/dist/libcpp/lex.c: 2970 in cpp_avoid_paste(cpp_reader *, const cpp_token *, const cpp_token *)()
2964         a = CPP_NAME;
2965       if (token2->flags & NAMED_OP)
2966         b = CPP_NAME;
2967     
2968       c = EOF;
2969       if (token2->flags & DIGRAPH)
>>>     CID 724489:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "digraph_spellings" of 6 4-byte elements at element index 16 (byte offset 64) using index "(int)b - 37" (which evaluates to 16).
2970         c = digraph_spellings[(int) b - (int) CPP_FIRST_DIGRAPH][0];
2971       else if (token_spellings[b].category == SPELL_OPERATOR)
2972         c = token_spellings[b].name[0];
2973     
2974       /* Quickly get everything that can paste with an '='.  */
2975       if ((int) a <= (int) CPP_LAST_EQ && c == '=')

** CID 726815:    (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/pch.c: 609 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 666 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 590 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 605 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()


________________________________________________________________________________________________________
*** CID 726815:    (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/pch.c: 609 in cpp_valid_state(cpp_reader *, const char *, int)()
603     	{
604     	  free (namebuf);
605     	  namebufsz = m.definition_length + 256;
606     	  namebuf = XNEWVEC (unsigned char, namebufsz);
607     	}
608     
>>>     CID 726815:    (TAINTED_SCALAR)
>>>     Passing tainted variable "m.definition_length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
609           if ((size_t)read (fd, namebuf, m.definition_length)
610     	  != m.definition_length)
611     	goto error;
612     
613           h = cpp_lookup (r, namebuf, m.name_length);
614           if (m.flags & NODE_POISONED
/external/gpl3/gcc/dist/libcpp/pch.c: 666 in cpp_valid_state(cpp_reader *, const char *, int)()
660       free (namebuf);
661       namebuf = NULL;
662     
663       /* Read in the list of identifiers that must not be defined.
664          Check that they really aren't.  */
665       undeftab = XNEWVEC (unsigned char, m.definition_length);
>>>     CID 726815:    (TAINTED_SCALAR)
>>>     Passing tainted variable "m.definition_length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
666       if ((size_t) read (fd, undeftab, m.definition_length) != m.definition_length)
667         goto error;
668     
669       /* Collect identifiers from the current hash table.  */
670       nl.n_defs = 0;
671       nl.asize = 10;
/external/gpl3/gcc/dist/libcpp/pch.c: 590 in cpp_valid_state(cpp_reader *, const char *, int)()
584           cpp_hashnode *h;
585           const unsigned char *newdefn;
586     
587           if (read (fd, &m, sizeof (m)) != sizeof (m))
588     	goto error;
589     
>>>     CID 726815:    (TAINTED_SCALAR)
>>>     Casting narrower unsigned "m.name_length" to wider signed type "int" effectively tests its lower bound.
590           if (m.name_length == 0)
591     	break;
592     
593           /* If this file is already preprocessed, there won't be any
594     	 macros defined, and that's OK.  */
595           if (CPP_OPTION (r, preprocessed))
/external/gpl3/gcc/dist/libcpp/pch.c: 605 in cpp_valid_state(cpp_reader *, const char *, int)()
599     	  continue;
600     	}
601     
602           if (m.definition_length > namebufsz)
603     	{
604     	  free (namebuf);
>>>     CID 726815:    (TAINTED_SCALAR)
>>>     Assigning: "namebufsz" = "m.definition_length + 256U". Both are now tainted.
605     	  namebufsz = m.definition_length + 256;
606     	  namebuf = XNEWVEC (unsigned char, namebufsz);
607     	}
608     
609           if ((size_t)read (fd, namebuf, m.definition_length)
610     	  != m.definition_length)
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
581          Check that they are defined in the same way.  */
582       for (;;)
583         {
584           cpp_hashnode *h;
585           const unsigned char *newdefn;
586     
>>>     CID 726815:    (TAINTED_SCALAR)
>>>     Calling function "read" taints argument "m". [Note: The source code implementation of the function has been overridden by a builtin model.]
587           if (read (fd, &m, sizeof (m)) != sizeof (m))
588     	goto error;
589     
590           if (m.name_length == 0)
591     	break;
592     
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
581          Check that they are defined in the same way.  */
582       for (;;)
583         {
584           cpp_hashnode *h;
585           const unsigned char *newdefn;
586     
>>>     CID 726815:    (TAINTED_SCALAR)
>>>     Calling function "read" taints argument "m". [Note: The source code implementation of the function has been overridden by a builtin model.]
587           if (read (fd, &m, sizeof (m)) != sizeof (m))
588     	goto error;
589     
590           if (m.name_length == 0)
591     	break;
592     

** CID 726820:  Security best practices violations  (TOCTOU)
/external/gpl3/gcc/dist/libcpp/files.c: 328 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()


________________________________________________________________________________________________________
*** CID 726820:  Security best practices violations  (TOCTOU)
/external/gpl3/gcc/dist/libcpp/files.c: 328 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()
322           DIR *pchdir;
323           struct dirent *d;
324           size_t dlen, plen = len;
325     
326           if (!S_ISDIR (st.st_mode))
327     	valid = validate_pch (pfile, file, pchname);
>>>     CID 726820:  Security best practices violations  (TOCTOU)
>>>     Calling function "opendir" that uses "pchname" after a check function. This can cause a time-of-check, time-of-use race condition.
328           else if ((pchdir = opendir (pchname)) != NULL)
329     	{
330     	  pchname[plen - 1] = '/';
331     	  while ((d = readdir (pchdir)) != NULL)
332     	    {
333     	      dlen = strlen (d->d_name) + 1;

** CID 730099:  Uninitialized variables  (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1565 in do_pragma_pop_macro(cpp_reader *)()


________________________________________________________________________________________________________
*** CID 730099:  Uninitialized variables  (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1565 in do_pragma_pop_macro(cpp_reader *)()
1559       *dest = 0;
1560       check_eol (pfile, false);
1561       skip_rest_of_line (pfile);
1562     
1563       while (c != NULL)
1564         {
>>>     CID 730099:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "*macroname" when calling "strcmp".
1565           if (!strcmp (c->name, macroname))
1566     	{
1567     	  if (!l)
1568     	    pfile->pushed_macros = c->next;
1569     	  else
1570     	    l->next = c->next;

** CID 730100:  Uninitialized variables  (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1509 in do_pragma_push_macro(cpp_reader *)()


________________________________________________________________________________________________________
*** CID 730100:  Uninitialized variables  (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1509 in do_pragma_push_macro(cpp_reader *)()
1503         }
1504       *dest = 0;
1505       check_eol (pfile, false);
1506       skip_rest_of_line (pfile);
1507       c = XNEW (struct def_pragma_macro);
1508       memset (c, 0, sizeof (struct def_pragma_macro));
>>>     CID 730100:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "*macroname" when calling "strlen".
1509       c->name = XNEWVAR (char, strlen (macroname) + 1);
1510       strcpy (c->name, macroname);
1511       c->next = pfile->pushed_macros;
1512       node = _cpp_lex_identifier (pfile, c->name);
1513       if (node->type == NT_VOID)
1514         c->is_undef = 1;

** CID 976361:  Insecure data handling  (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1897 in _cpp_read_file_entries()


________________________________________________________________________________________________________
*** CID 976361:  Insecure data handling  (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1897 in _cpp_read_file_entries()
1891       struct pchf_data d;
1892     
1893       if (fread (&d, sizeof (struct pchf_data) - sizeof (struct pchf_entry), 1, f)
1894            != 1)
1895         return false;
1896     
>>>     CID 976361:  Insecure data handling  (INTEGER_OVERFLOW)
>>>     Add operation overflows on operands "36U" and "28U * (d.count - 1U)". Example value for operand: "28U * (d.count - 1U)" = 4294967264.
1897       pchf = XNEWVAR (struct pchf_data, sizeof (struct pchf_data)
1898     		  + sizeof (struct pchf_entry) * (d.count - 1));
1899       memcpy (pchf, &d, sizeof (struct pchf_data) - sizeof (struct pchf_entry));
1900       if (fread (pchf->entries, sizeof (struct pchf_entry), d.count, f)
1901           != d.count)
1902         return false;

** CID 978990:    (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/files.c: 1900 in _cpp_read_file_entries()
/external/gpl3/gcc/dist/libcpp/files.c: 1893 in _cpp_read_file_entries()


________________________________________________________________________________________________________
*** CID 978990:    (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/files.c: 1900 in _cpp_read_file_entries()
1894            != 1)
1895         return false;
1896     
1897       pchf = XNEWVAR (struct pchf_data, sizeof (struct pchf_data)
1898     		  + sizeof (struct pchf_entry) * (d.count - 1));
1899       memcpy (pchf, &d, sizeof (struct pchf_data) - sizeof (struct pchf_entry));
>>>     CID 978990:    (TAINTED_SCALAR)
>>>     Passing tainted variable "d.count" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
1900       if (fread (pchf->entries, sizeof (struct pchf_entry), d.count, f)
1901           != d.count)
1902         return false;
1903       return true;
1904     }
1905     
/external/gpl3/gcc/dist/libcpp/files.c: 1893 in _cpp_read_file_entries()
1887     
1888     bool
1889     _cpp_read_file_entries (cpp_reader *pfile ATTRIBUTE_UNUSED, FILE *f)
1890     {
1891       struct pchf_data d;
1892     
>>>     CID 978990:    (TAINTED_SCALAR)
>>>     Calling function "fread" taints argument "d". [Note: The source code implementation of the function has been overridden by a builtin model.]
1893       if (fread (&d, sizeof (struct pchf_data) - sizeof (struct pchf_entry), 1, f)
1894            != 1)
1895         return false;
1896     
1897       pchf = XNEWVAR (struct pchf_data, sizeof (struct pchf_data)
1898     		  + sizeof (struct pchf_entry) * (d.count - 1));

** CID 1126634:    (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libgomp/env.c: 565 in parse_places_var()
/external/gpl3/gcc/dist/libgomp/env.c: 588 in parse_places_var()
/external/gpl3/gcc/dist/libgomp/env.c: 594 in parse_places_var()
/external/gpl3/gcc/dist/libgomp/env.c: 620 in parse_places_var()


________________________________________________________________________________________________________
*** CID 1126634:    (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libgomp/env.c: 565 in parse_places_var()
559       bool any_negate = false;
560       int level = 0;
561       unsigned long count = 0;
562       if (env == NULL)
563         return false;
564     
>>>     CID 1126634:    (TAINTED_SCALAR)
>>>     Using tainted variable "(unsigned char)*env" as an index to pointer "_ctype_tab_ + 1".
565       while (isspace ((unsigned char) *env))
566         ++env;
567       if (*env == '\0')
568         goto invalid;
569     
570       if (strncasecmp (env, "threads", 7) == 0)
/external/gpl3/gcc/dist/libgomp/env.c: 588 in parse_places_var()
582           env += 7;
583           level = 3;
584         }
585       if (level)
586         {
587           count = ULONG_MAX;
>>>     CID 1126634:    (TAINTED_SCALAR)
>>>     Using tainted variable "(unsigned char)*env" as an index to pointer "_ctype_tab_ + 1".
588           while (isspace ((unsigned char) *env))
589     	++env;
590           if (*env != '\0')
591     	{
592     	  if (*env++ != '(')
593     	    goto invalid;
/external/gpl3/gcc/dist/libgomp/env.c: 594 in parse_places_var()
588           while (isspace ((unsigned char) *env))
589     	++env;
590           if (*env != '\0')
591     	{
592     	  if (*env++ != '(')
593     	    goto invalid;
>>>     CID 1126634:    (TAINTED_SCALAR)
>>>     Using tainted variable "(unsigned char)*env" as an index to pointer "_ctype_tab_ + 1".
594     	  while (isspace ((unsigned char) *env))
595     	    ++env;
596     
597     	  errno = 0;
598     	  count = strtoul (env, &end, 10);
599     	  if (errno)
/external/gpl3/gcc/dist/libgomp/env.c: 620 in parse_places_var()
614     	return false;
615     
616           return gomp_affinity_init_level (level, count, false);
617         }
618     
619       count = 0;
>>>     CID 1126634:    (TAINTED_SCALAR)
>>>     Assigning: "end" = "env". Both are now tainted.
620       end = env;
621       do
622         {
623           bool negate;
624           unsigned long len;
625           long stride;

** CID 1152560:    (UNINIT_CTOR)
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<alt_state *, (unsigned int)150>::auto_vec()()
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<ainsn *, (unsigned int)150>::auto_vec()()
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<state *, (unsigned int)150>::auto_vec()()


________________________________________________________________________________________________________
*** CID 1152560:    (UNINIT_CTOR)
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<alt_state *, (unsigned int)150>::auto_vec()()
1250     {
1251     public:
1252       auto_vec ()
1253       {
1254         m_auto.embedded_init (MAX (N, 2), 0, 1);
1255         this->m_vec = &m_auto;
>>>     CID 1152560:    (UNINIT_CTOR)
>>>     Non-static class member "m_data" is not initialized in this constructor nor in any functions that it calls.
1256       }
1257     
1258       ~auto_vec ()
1259       {
1260         this->release ();
1261       }
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<ainsn *, (unsigned int)150>::auto_vec()()
1250     {
1251     public:
1252       auto_vec ()
1253       {
1254         m_auto.embedded_init (MAX (N, 2), 0, 1);
1255         this->m_vec = &m_auto;
>>>     CID 1152560:    (UNINIT_CTOR)
>>>     Non-static class member "m_data" is not initialized in this constructor nor in any functions that it calls.
1256       }
1257     
1258       ~auto_vec ()
1259       {
1260         this->release ();
1261       }
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<state *, (unsigned int)150>::auto_vec()()
1250     {
1251     public:
1252       auto_vec ()
1253       {
1254         m_auto.embedded_init (MAX (N, 2), 0, 1);
1255         this->m_vec = &m_auto;
>>>     CID 1152560:    (UNINIT_CTOR)
>>>     Non-static class member "m_data" is not initialized in this constructor nor in any functions that it calls.
1256       }
1257     
1258       ~auto_vec ()
1259       {
1260         this->release ();
1261       }

** CID 1186274:  Control flow issues  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/drivers/dri/i965/gen8_depth_state.c: 285 in gen8_hiz_exec()


________________________________________________________________________________________________________
*** CID 1186274:  Control flow issues  (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/drivers/dri/i965/gen8_depth_state.c: 285 in gen8_hiz_exec()
279        case GEN6_HIZ_OP_HIZ_RESOLVE:
280           dw1 |= GEN8_WM_HZ_HIZ_RESOLVE;
281           break;
282        case GEN6_HIZ_OP_DEPTH_CLEAR:
283           dw1 |= GEN8_WM_HZ_DEPTH_CLEAR;
284           break;
>>>     CID 1186274:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "case GEN6_HIZ_OP_NONE:".
285        case GEN6_HIZ_OP_NONE:
286           unreachable("Should not get here.");
287        }
288     
289        if (mt->num_samples > 0)
290           dw1 |= SET_FIELD(ffs(mt->num_samples) - 1, GEN8_WM_HZ_NUM_SAMPLES);

** CID 1261486:  Control flow issues  (MISSING_BREAK)
/external/mit/xorg/lib/dri/obj/i965_intel_mipmap_tree.c: 1020 in intel_miptree_get_tile_masks()


________________________________________________________________________________________________________
*** CID 1261486:  Control flow issues  (MISSING_BREAK)
/external/mit/xorg/lib/dri/obj/i965_intel_mipmap_tree.c: 1020 in intel_miptree_get_tile_masks()
1014        if (map_stencil_as_y_tiled)
1015           tiling = I915_TILING_Y;
1016     
1017        switch (tiling) {
1018        default:
1019           unreachable("not reached");
>>>     CID 1261486:  Control flow issues  (MISSING_BREAK)
>>>     The above case falls through to this one.
1020        case I915_TILING_NONE:
1021           *mask_x = *mask_y = 0;
1022           break;
1023        case I915_TILING_X:
1024           *mask_x = 512 / cpp - 1;
1025           *mask_y = 7;

** CID 1261488:  Uninitialized variables  (MISSING_RETURN)
/external/mit/xorg/lib/dri/obj/i965_intel_blit.c: 90 in br13_for_cpp()


________________________________________________________________________________________________________
*** CID 1261488:  Uninitialized variables  (MISSING_RETURN)
/external/mit/xorg/lib/dri/obj/i965_intel_blit.c: 90 in br13_for_cpp()
84        case 1:
85           return BR13_8;
86           break;
87        default:
88           unreachable("not reached");
89        }
>>>     CID 1261488:  Uninitialized variables  (MISSING_RETURN)
>>>     Arriving at the end of a function without returning a value.
90     }
91     
92     /**
93      * Emits the packet for switching the blitter from X to Y tiled or back.
94      *
95      * This has to be called in a single BEGIN_BATCH_BLT_TILED() /

** CID 1261489:  Uninitialized variables  (MISSING_RETURN)
/external/mit/xorg/lib/dri/obj/i965_intel_state.c: 99 in intel_translate_compare_func()


________________________________________________________________________________________________________
*** CID 1261489:  Uninitialized variables  (MISSING_RETURN)
/external/mit/xorg/lib/dri/obj/i965_intel_state.c: 99 in intel_translate_compare_func()
93           return BRW_COMPAREFUNCTION_EQUAL;
94        case GL_ALWAYS:
95           return BRW_COMPAREFUNCTION_ALWAYS;
96        }
97     
98        unreachable("Invalid comparison function.");
>>>     CID 1261489:  Uninitialized variables  (MISSING_RETURN)
>>>     Arriving at the end of a function without returning a value.
99     }
100     
101     int
102     intel_translate_stencil_op(GLenum op)
103     {
104        switch (op) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-i386-user?tab=overview

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782



Home | Main Index | Thread Index | Old Index