Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
95 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
43 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 95 defect(s)
** CID 30220: Null pointer dereferences (REVERSE_INULL)
/external/gpl3/gcc/dist/libcpp/traditional.c: 313 in _cpp_read_logical_line_trad()
________________________________________________________________________________________________________
*** CID 30220: Null pointer dereferences (REVERSE_INULL)
/external/gpl3/gcc/dist/libcpp/traditional.c: 313 in _cpp_read_logical_line_trad()
307 if (pfile->buffer->need_line && !_cpp_get_fresh_line (pfile))
308 return false;
309 }
310 while (!_cpp_scan_out_logical_line (pfile, NULL, false)
311 || pfile->state.skipping);
312
>>> CID 30220: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pfile->buffer" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
313 return pfile->buffer != NULL;
314 }
315
316 /* Return true if NODE is a fun_like macro. */
317 static inline bool
318 fun_like_macro (cpp_hashnode *node)
** CID 30273: Control flow issues (DEADCODE)
/external/gpl3/gcc/dist/libcpp/charset.c: 1807 in _cpp_default_encoding()
________________________________________________________________________________________________________
*** CID 30273: Control flow issues (DEADCODE)
/external/gpl3/gcc/dist/libcpp/charset.c: 1807 in _cpp_default_encoding()
1801 would be friendly to support.
1802 (Zack Weinberg and Paolo Bonzini, May 20th 2004) */
1803 #if defined (HAVE_LOCALE_H) && defined (HAVE_LANGINFO_CODESET) && 0
1804 setlocale (LC_CTYPE, "");
1805 current_encoding = nl_langinfo (CODESET);
1806 #endif
>>> CID 30273: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "*current_encoding == 0" inside this statement: "if (current_encoding == NUL...".
1807 if (current_encoding == NULL || *current_encoding == '\0')
1808 current_encoding = SOURCE_CHARSET;
1809
1810 return current_encoding;
** CID 30848: (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1881 in _cpp_save_file_entries()
/external/gpl3/gcc/dist/libcpp/files.c: 1883 in _cpp_save_file_entries()
/external/gpl3/gcc/dist/libcpp/files.c: 1829 in _cpp_save_file_entries()
________________________________________________________________________________________________________
*** CID 30848: (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1881 in _cpp_save_file_entries()
1875 result_size = (sizeof (struct pchf_data)
1876 + sizeof (struct pchf_entry) * (result->count - 1));
1877
1878 qsort (result->entries, result->count, sizeof (struct pchf_entry),
1879 pchf_save_compare);
1880
>>> CID 30848: (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "result_size" used as critical argument to function. [Note: The source code implementation of the function has been overridden by a builtin model.]
1881 ret = fwrite (result, result_size, 1, fp) == 1;
1882 free (result);
1883 return ret;
1884 }
1885
1886 /* Read the pchf_data structure from F. */
/external/gpl3/gcc/dist/libcpp/files.c: 1883 in _cpp_save_file_entries()
1877
1878 qsort (result->entries, result->count, sizeof (struct pchf_entry),
1879 pchf_save_compare);
1880
1881 ret = fwrite (result, result_size, 1, fp) == 1;
1882 free (result);
>>> CID 30848: (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "ret" used as return value.
1883 return ret;
1884 }
1885
1886 /* Read the pchf_data structure from F. */
1887
1888 bool
/external/gpl3/gcc/dist/libcpp/files.c: 1829 in _cpp_save_file_entries()
1823 _cpp_file *f;
1824 bool ret;
1825
1826 for (f = pfile->all_files; f; f = f->next_file)
1827 ++count;
1828
>>> CID 30848: (INTEGER_OVERFLOW)
>>> Assigning overflowed or truncated value (or a value computed from an overflowed or a truncated value) to "result_size".
1829 result_size = (sizeof (struct pchf_data)
1830 + sizeof (struct pchf_entry) * (count - 1));
1831 result = XCNEWVAR (struct pchf_data, result_size);
1832
1833 result->count = 0;
1834 result->have_once_only = false;
** CID 721886: Control flow issues (DEADCODE)
/external/gpl3/gcc/dist/libcpp/lex.c: 496 in init_vectorized_lexer()()
________________________________________________________________________________________________________
*** CID 721886: Control flow issues (DEADCODE)
/external/gpl3/gcc/dist/libcpp/lex.c: 496 in init_vectorized_lexer()()
490 minimum = 2;
491 #elif defined(__SSE__)
492 minimum = 1;
493 #endif
494
495 if (minimum == 3)
>>> CID 721886: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "impl = search_line_sse42;".
496 impl = search_line_sse42;
497 else if (__get_cpuid (1, &dummy, &dummy, &ecx, &edx) || minimum == 2)
498 {
499 if (minimum == 3 || (ecx & bit_SSE4_2))
500 impl = search_line_sse42;
501 else if (minimum == 2 || (edx & bit_SSE2))
** CID 722209: Control flow issues (MISSING_BREAK)
/external/gpl3/gcc/dist/libcpp/pch.c: 59 in write_macdef(cpp_reader *, cpp_hashnode *, void *)()
________________________________________________________________________________________________________
*** CID 722209: Control flow issues (MISSING_BREAK)
/external/gpl3/gcc/dist/libcpp/pch.c: 59 in write_macdef(cpp_reader *, cpp_hashnode *, void *)()
53 switch (hn->type)
54 {
55 case NT_VOID:
56 if (! (hn->flags & NODE_POISONED))
57 return 1;
58
>>> CID 722209: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
59 case NT_MACRO:
60 if ((hn->flags & NODE_BUILTIN)
61 && (!pfile->cb.user_builtin_macro
62 || !pfile->cb.user_builtin_macro (pfile, hn)))
63 return 1;
64
** CID 722294: (NEGATIVE_RETURNS)
/external/gpl3/gcc/dist/libcpp/files.c: 770 in read_file(cpp_reader *, _cpp_file *)()
/external/gpl3/gcc/dist/libcpp/files.c: 763 in read_file(cpp_reader *, _cpp_file *)()
________________________________________________________________________________________________________
*** CID 722294: (NEGATIVE_RETURNS)
/external/gpl3/gcc/dist/libcpp/files.c: 770 in read_file(cpp_reader *, _cpp_file *)()
764 {
765 open_file_failed (pfile, file, 0);
766 return false;
767 }
768
769 file->dont_read = !read_file_guts (pfile, file);
>>> CID 722294: (NEGATIVE_RETURNS)
>>> "file->fd" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
770 close (file->fd);
771 file->fd = -1;
772
773 return !file->dont_read;
774 }
775
/external/gpl3/gcc/dist/libcpp/files.c: 763 in read_file(cpp_reader *, _cpp_file *)()
757 return true;
758
759 /* If an earlier read failed for some reason don't try again. */
760 if (file->dont_read || file->err_no)
761 return false;
762
>>> CID 722294: (NEGATIVE_RETURNS)
>>> Variable "file->fd" tests negative.
763 if (file->fd == -1 && !open_file (file))
764 {
765 open_file_failed (pfile, file, 0);
766 return false;
767 }
768
** CID 724488: Memory - illegal accesses (OVERRUN)
/external/gpl3/gcc/dist/libcpp/files.c: 342 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()
________________________________________________________________________________________________________
*** CID 724488: Memory - illegal accesses (OVERRUN)
/external/gpl3/gcc/dist/libcpp/files.c: 342 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()
336 continue;
337 if (dlen + plen > len)
338 {
339 len += dlen + 64;
340 pchname = XRESIZEVEC (char, pchname, len);
341 }
>>> CID 724488: Memory - illegal accesses (OVERRUN)
>>> Overrunning dynamic array "pchname" at offset corresponding to index variable "plen" through dereference in call to "memcpy".
342 memcpy (pchname + plen, d->d_name, dlen);
343 valid = validate_pch (pfile, file, pchname);
344 if (valid)
345 break;
346 }
347 closedir (pchdir);
** CID 724489: Memory - illegal accesses (OVERRUN)
/external/gpl3/gcc/dist/libcpp/lex.c: 2970 in cpp_avoid_paste(cpp_reader *, const cpp_token *, const cpp_token *)()
________________________________________________________________________________________________________
*** CID 724489: Memory - illegal accesses (OVERRUN)
/external/gpl3/gcc/dist/libcpp/lex.c: 2970 in cpp_avoid_paste(cpp_reader *, const cpp_token *, const cpp_token *)()
2964 a = CPP_NAME;
2965 if (token2->flags & NAMED_OP)
2966 b = CPP_NAME;
2967
2968 c = EOF;
2969 if (token2->flags & DIGRAPH)
>>> CID 724489: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "digraph_spellings" of 6 4-byte elements at element index 16 (byte offset 64) using index "(int)b - 37" (which evaluates to 16).
2970 c = digraph_spellings[(int) b - (int) CPP_FIRST_DIGRAPH][0];
2971 else if (token_spellings[b].category == SPELL_OPERATOR)
2972 c = token_spellings[b].name[0];
2973
2974 /* Quickly get everything that can paste with an '='. */
2975 if ((int) a <= (int) CPP_LAST_EQ && c == '=')
** CID 726815: (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/pch.c: 609 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 666 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 590 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 605 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
________________________________________________________________________________________________________
*** CID 726815: (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/pch.c: 609 in cpp_valid_state(cpp_reader *, const char *, int)()
603 {
604 free (namebuf);
605 namebufsz = m.definition_length + 256;
606 namebuf = XNEWVEC (unsigned char, namebufsz);
607 }
608
>>> CID 726815: (TAINTED_SCALAR)
>>> Passing tainted variable "m.definition_length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
609 if ((size_t)read (fd, namebuf, m.definition_length)
610 != m.definition_length)
611 goto error;
612
613 h = cpp_lookup (r, namebuf, m.name_length);
614 if (m.flags & NODE_POISONED
/external/gpl3/gcc/dist/libcpp/pch.c: 666 in cpp_valid_state(cpp_reader *, const char *, int)()
660 free (namebuf);
661 namebuf = NULL;
662
663 /* Read in the list of identifiers that must not be defined.
664 Check that they really aren't. */
665 undeftab = XNEWVEC (unsigned char, m.definition_length);
>>> CID 726815: (TAINTED_SCALAR)
>>> Passing tainted variable "m.definition_length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
666 if ((size_t) read (fd, undeftab, m.definition_length) != m.definition_length)
667 goto error;
668
669 /* Collect identifiers from the current hash table. */
670 nl.n_defs = 0;
671 nl.asize = 10;
/external/gpl3/gcc/dist/libcpp/pch.c: 590 in cpp_valid_state(cpp_reader *, const char *, int)()
584 cpp_hashnode *h;
585 const unsigned char *newdefn;
586
587 if (read (fd, &m, sizeof (m)) != sizeof (m))
588 goto error;
589
>>> CID 726815: (TAINTED_SCALAR)
>>> Casting narrower unsigned "m.name_length" to wider signed type "int" effectively tests its lower bound.
590 if (m.name_length == 0)
591 break;
592
593 /* If this file is already preprocessed, there won't be any
594 macros defined, and that's OK. */
595 if (CPP_OPTION (r, preprocessed))
/external/gpl3/gcc/dist/libcpp/pch.c: 605 in cpp_valid_state(cpp_reader *, const char *, int)()
599 continue;
600 }
601
602 if (m.definition_length > namebufsz)
603 {
604 free (namebuf);
>>> CID 726815: (TAINTED_SCALAR)
>>> Assigning: "namebufsz" = "m.definition_length + 256U". Both are now tainted.
605 namebufsz = m.definition_length + 256;
606 namebuf = XNEWVEC (unsigned char, namebufsz);
607 }
608
609 if ((size_t)read (fd, namebuf, m.definition_length)
610 != m.definition_length)
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
581 Check that they are defined in the same way. */
582 for (;;)
583 {
584 cpp_hashnode *h;
585 const unsigned char *newdefn;
586
>>> CID 726815: (TAINTED_SCALAR)
>>> Calling function "read" taints argument "m". [Note: The source code implementation of the function has been overridden by a builtin model.]
587 if (read (fd, &m, sizeof (m)) != sizeof (m))
588 goto error;
589
590 if (m.name_length == 0)
591 break;
592
/external/gpl3/gcc/dist/libcpp/pch.c: 587 in cpp_valid_state(cpp_reader *, const char *, int)()
581 Check that they are defined in the same way. */
582 for (;;)
583 {
584 cpp_hashnode *h;
585 const unsigned char *newdefn;
586
>>> CID 726815: (TAINTED_SCALAR)
>>> Calling function "read" taints argument "m". [Note: The source code implementation of the function has been overridden by a builtin model.]
587 if (read (fd, &m, sizeof (m)) != sizeof (m))
588 goto error;
589
590 if (m.name_length == 0)
591 break;
592
** CID 726820: Security best practices violations (TOCTOU)
/external/gpl3/gcc/dist/libcpp/files.c: 328 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()
________________________________________________________________________________________________________
*** CID 726820: Security best practices violations (TOCTOU)
/external/gpl3/gcc/dist/libcpp/files.c: 328 in pch_open_file(cpp_reader *, _cpp_file *, bool *)()
322 DIR *pchdir;
323 struct dirent *d;
324 size_t dlen, plen = len;
325
326 if (!S_ISDIR (st.st_mode))
327 valid = validate_pch (pfile, file, pchname);
>>> CID 726820: Security best practices violations (TOCTOU)
>>> Calling function "opendir" that uses "pchname" after a check function. This can cause a time-of-check, time-of-use race condition.
328 else if ((pchdir = opendir (pchname)) != NULL)
329 {
330 pchname[plen - 1] = '/';
331 while ((d = readdir (pchdir)) != NULL)
332 {
333 dlen = strlen (d->d_name) + 1;
** CID 730099: Uninitialized variables (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1565 in do_pragma_pop_macro(cpp_reader *)()
________________________________________________________________________________________________________
*** CID 730099: Uninitialized variables (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1565 in do_pragma_pop_macro(cpp_reader *)()
1559 *dest = 0;
1560 check_eol (pfile, false);
1561 skip_rest_of_line (pfile);
1562
1563 while (c != NULL)
1564 {
>>> CID 730099: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*macroname" when calling "strcmp".
1565 if (!strcmp (c->name, macroname))
1566 {
1567 if (!l)
1568 pfile->pushed_macros = c->next;
1569 else
1570 l->next = c->next;
** CID 730100: Uninitialized variables (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1509 in do_pragma_push_macro(cpp_reader *)()
________________________________________________________________________________________________________
*** CID 730100: Uninitialized variables (UNINIT)
/external/gpl3/gcc/dist/libcpp/directives.c: 1509 in do_pragma_push_macro(cpp_reader *)()
1503 }
1504 *dest = 0;
1505 check_eol (pfile, false);
1506 skip_rest_of_line (pfile);
1507 c = XNEW (struct def_pragma_macro);
1508 memset (c, 0, sizeof (struct def_pragma_macro));
>>> CID 730100: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*macroname" when calling "strlen".
1509 c->name = XNEWVAR (char, strlen (macroname) + 1);
1510 strcpy (c->name, macroname);
1511 c->next = pfile->pushed_macros;
1512 node = _cpp_lex_identifier (pfile, c->name);
1513 if (node->type == NT_VOID)
1514 c->is_undef = 1;
** CID 976361: Insecure data handling (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1897 in _cpp_read_file_entries()
________________________________________________________________________________________________________
*** CID 976361: Insecure data handling (INTEGER_OVERFLOW)
/external/gpl3/gcc/dist/libcpp/files.c: 1897 in _cpp_read_file_entries()
1891 struct pchf_data d;
1892
1893 if (fread (&d, sizeof (struct pchf_data) - sizeof (struct pchf_entry), 1, f)
1894 != 1)
1895 return false;
1896
>>> CID 976361: Insecure data handling (INTEGER_OVERFLOW)
>>> Add operation overflows on operands "36U" and "28U * (d.count - 1U)". Example value for operand: "28U * (d.count - 1U)" = 4294967264.
1897 pchf = XNEWVAR (struct pchf_data, sizeof (struct pchf_data)
1898 + sizeof (struct pchf_entry) * (d.count - 1));
1899 memcpy (pchf, &d, sizeof (struct pchf_data) - sizeof (struct pchf_entry));
1900 if (fread (pchf->entries, sizeof (struct pchf_entry), d.count, f)
1901 != d.count)
1902 return false;
** CID 978990: (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/files.c: 1900 in _cpp_read_file_entries()
/external/gpl3/gcc/dist/libcpp/files.c: 1893 in _cpp_read_file_entries()
________________________________________________________________________________________________________
*** CID 978990: (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libcpp/files.c: 1900 in _cpp_read_file_entries()
1894 != 1)
1895 return false;
1896
1897 pchf = XNEWVAR (struct pchf_data, sizeof (struct pchf_data)
1898 + sizeof (struct pchf_entry) * (d.count - 1));
1899 memcpy (pchf, &d, sizeof (struct pchf_data) - sizeof (struct pchf_entry));
>>> CID 978990: (TAINTED_SCALAR)
>>> Passing tainted variable "d.count" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
1900 if (fread (pchf->entries, sizeof (struct pchf_entry), d.count, f)
1901 != d.count)
1902 return false;
1903 return true;
1904 }
1905
/external/gpl3/gcc/dist/libcpp/files.c: 1893 in _cpp_read_file_entries()
1887
1888 bool
1889 _cpp_read_file_entries (cpp_reader *pfile ATTRIBUTE_UNUSED, FILE *f)
1890 {
1891 struct pchf_data d;
1892
>>> CID 978990: (TAINTED_SCALAR)
>>> Calling function "fread" taints argument "d". [Note: The source code implementation of the function has been overridden by a builtin model.]
1893 if (fread (&d, sizeof (struct pchf_data) - sizeof (struct pchf_entry), 1, f)
1894 != 1)
1895 return false;
1896
1897 pchf = XNEWVAR (struct pchf_data, sizeof (struct pchf_data)
1898 + sizeof (struct pchf_entry) * (d.count - 1));
** CID 1126634: (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libgomp/env.c: 565 in parse_places_var()
/external/gpl3/gcc/dist/libgomp/env.c: 588 in parse_places_var()
/external/gpl3/gcc/dist/libgomp/env.c: 594 in parse_places_var()
/external/gpl3/gcc/dist/libgomp/env.c: 620 in parse_places_var()
________________________________________________________________________________________________________
*** CID 1126634: (TAINTED_SCALAR)
/external/gpl3/gcc/dist/libgomp/env.c: 565 in parse_places_var()
559 bool any_negate = false;
560 int level = 0;
561 unsigned long count = 0;
562 if (env == NULL)
563 return false;
564
>>> CID 1126634: (TAINTED_SCALAR)
>>> Using tainted variable "(unsigned char)*env" as an index to pointer "_ctype_tab_ + 1".
565 while (isspace ((unsigned char) *env))
566 ++env;
567 if (*env == '\0')
568 goto invalid;
569
570 if (strncasecmp (env, "threads", 7) == 0)
/external/gpl3/gcc/dist/libgomp/env.c: 588 in parse_places_var()
582 env += 7;
583 level = 3;
584 }
585 if (level)
586 {
587 count = ULONG_MAX;
>>> CID 1126634: (TAINTED_SCALAR)
>>> Using tainted variable "(unsigned char)*env" as an index to pointer "_ctype_tab_ + 1".
588 while (isspace ((unsigned char) *env))
589 ++env;
590 if (*env != '\0')
591 {
592 if (*env++ != '(')
593 goto invalid;
/external/gpl3/gcc/dist/libgomp/env.c: 594 in parse_places_var()
588 while (isspace ((unsigned char) *env))
589 ++env;
590 if (*env != '\0')
591 {
592 if (*env++ != '(')
593 goto invalid;
>>> CID 1126634: (TAINTED_SCALAR)
>>> Using tainted variable "(unsigned char)*env" as an index to pointer "_ctype_tab_ + 1".
594 while (isspace ((unsigned char) *env))
595 ++env;
596
597 errno = 0;
598 count = strtoul (env, &end, 10);
599 if (errno)
/external/gpl3/gcc/dist/libgomp/env.c: 620 in parse_places_var()
614 return false;
615
616 return gomp_affinity_init_level (level, count, false);
617 }
618
619 count = 0;
>>> CID 1126634: (TAINTED_SCALAR)
>>> Assigning: "end" = "env". Both are now tainted.
620 end = env;
621 do
622 {
623 bool negate;
624 unsigned long len;
625 long stride;
** CID 1152560: (UNINIT_CTOR)
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<state *, (unsigned int)150>::auto_vec()()
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<alt_state *, (unsigned int)150>::auto_vec()()
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<ainsn *, (unsigned int)150>::auto_vec()()
________________________________________________________________________________________________________
*** CID 1152560: (UNINIT_CTOR)
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<state *, (unsigned int)150>::auto_vec()()
1250 {
1251 public:
1252 auto_vec ()
1253 {
1254 m_auto.embedded_init (MAX (N, 2), 0, 1);
1255 this->m_vec = &m_auto;
>>> CID 1152560: (UNINIT_CTOR)
>>> Non-static class member "m_data" is not initialized in this constructor nor in any functions that it calls.
1256 }
1257
1258 ~auto_vec ()
1259 {
1260 this->release ();
1261 }
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<alt_state *, (unsigned int)150>::auto_vec()()
1250 {
1251 public:
1252 auto_vec ()
1253 {
1254 m_auto.embedded_init (MAX (N, 2), 0, 1);
1255 this->m_vec = &m_auto;
>>> CID 1152560: (UNINIT_CTOR)
>>> Non-static class member "m_data" is not initialized in this constructor nor in any functions that it calls.
1256 }
1257
1258 ~auto_vec ()
1259 {
1260 this->release ();
1261 }
/external/gpl3/gcc/dist/gcc/vec.h: 1256 in auto_vec<ainsn *, (unsigned int)150>::auto_vec()()
1250 {
1251 public:
1252 auto_vec ()
1253 {
1254 m_auto.embedded_init (MAX (N, 2), 0, 1);
1255 this->m_vec = &m_auto;
>>> CID 1152560: (UNINIT_CTOR)
>>> Non-static class member "m_data" is not initialized in this constructor nor in any functions that it calls.
1256 }
1257
1258 ~auto_vec ()
1259 {
1260 this->release ();
1261 }
** CID 1186274: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/drivers/dri/i965/gen8_depth_state.c: 285 in gen8_hiz_exec()
________________________________________________________________________________________________________
*** CID 1186274: Control flow issues (DEADCODE)
/home/phil/cov/xsrc/external/mit/MesaLib/dist/src/mesa/drivers/dri/i965/gen8_depth_state.c: 285 in gen8_hiz_exec()
279 case GEN6_HIZ_OP_HIZ_RESOLVE:
280 dw1 |= GEN8_WM_HZ_HIZ_RESOLVE;
281 break;
282 case GEN6_HIZ_OP_DEPTH_CLEAR:
283 dw1 |= GEN8_WM_HZ_DEPTH_CLEAR;
284 break;
>>> CID 1186274: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "case GEN6_HIZ_OP_NONE:".
285 case GEN6_HIZ_OP_NONE:
286 unreachable("Should not get here.");
287 }
288
289 if (mt->num_samples > 0)
290 dw1 |= SET_FIELD(ffs(mt->num_samples) - 1, GEN8_WM_HZ_NUM_SAMPLES);
** CID 1199236: Integer handling issues (DIVIDE_BY_ZERO)
/external/gpl3/gcc/dist/libgcc/libgcc2.c: 1042 in __udivmodti4()
________________________________________________________________________________________________________
*** CID 1199236: Integer handling issues (DIVIDE_BY_ZERO)
/external/gpl3/gcc/dist/libgcc/libgcc2.c: 1042 in __udivmodti4()
1036 }
1037 else
1038 {
1039 /* qq = NN / 0d */
1040
1041 if (d0 == 0)
>>> CID 1199236: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "1UL / d0", division by expression "d0" which may be zero has undefined behavior.
1042 d0 = 1 / d0; /* Divide intentionally by zero. */
1043
1044 udiv_qrnnd (q1, n1, 0, n1, d0);
1045 udiv_qrnnd (q0, n0, n1, n0, d0);
1046
1047 /* Remainder in n0. */
** CID 1261486: Control flow issues (MISSING_BREAK)
/external/mit/xorg/lib/dri/obj/i965_intel_mipmap_tree.c: 1020 in intel_miptree_get_tile_masks()
________________________________________________________________________________________________________
*** CID 1261486: Control flow issues (MISSING_BREAK)
/external/mit/xorg/lib/dri/obj/i965_intel_mipmap_tree.c: 1020 in intel_miptree_get_tile_masks()
1014 if (map_stencil_as_y_tiled)
1015 tiling = I915_TILING_Y;
1016
1017 switch (tiling) {
1018 default:
1019 unreachable("not reached");
>>> CID 1261486: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
1020 case I915_TILING_NONE:
1021 *mask_x = *mask_y = 0;
1022 break;
1023 case I915_TILING_X:
1024 *mask_x = 512 / cpp - 1;
1025 *mask_y = 7;
** CID 1261488: Uninitialized variables (MISSING_RETURN)
/external/mit/xorg/lib/dri/obj/i965_intel_blit.c: 90 in br13_for_cpp()
________________________________________________________________________________________________________
*** CID 1261488: Uninitialized variables (MISSING_RETURN)
/external/mit/xorg/lib/dri/obj/i965_intel_blit.c: 90 in br13_for_cpp()
84 case 1:
85 return BR13_8;
86 break;
87 default:
88 unreachable("not reached");
89 }
>>> CID 1261488: Uninitialized variables (MISSING_RETURN)
>>> Arriving at the end of a function without returning a value.
90 }
91
92 /**
93 * Emits the packet for switching the blitter from X to Y tiled or back.
94 *
95 * This has to be called in a single BEGIN_BATCH_BLT_TILED() /
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-user?tab=overview
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782
Home |
Main Index |
Thread Index |
Old Index