New Defects reported by Coverity Scan for NetBSD-i386-kernel

[scan-admin%coverity.com@localhost]

Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.

4 new defect(s) introduced to NetBSD-i386-kernel found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1364756:  Control flow issues  (DEADCODE)
/sys/arch/x86/x86/pmap.c: 4264 in pmap_alloc_level()


________________________________________________________________________________________________________
*** CID 1364756:  Control flow issues  (DEADCODE)
/sys/arch/x86/x86/pmap.c: 4264 in pmap_alloc_level()
4258     #endif
4259     
4260     	for (level = PTP_LEVELS; level > 1; level--) {
4261     		if (level == PTP_LEVELS)
4262     			pdep = pmap_kernel()->pm_pdir;
4263     		else
>>>     CID 1364756:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "pdep = normal_pdes[level - 2];".
4264     			pdep = normal_pdes[level - 2];
4265     		index = pl_i_roundup(kva, level);
4266     		endindex = index + needed_ptps[level - 1] - 1;
4267     
4268     		for (i = index; i <= endindex; i++) {
4269     			pt_entry_t pte;

** CID 1364757:  Incorrect expression  (IDENTICAL_BRANCHES)
/sys/netinet6/in6.c: 488 in in6_control1()


________________________________________________________________________________________________________
*** CID 1364757:  Incorrect expression  (IDENTICAL_BRANCHES)
/sys/netinet6/in6.c: 488 in in6_control1()
482     	}
483     
484     	switch (cmd) {
485     
486     	case SIOCGIFADDR_IN6:
487     		ifr->ifr_addr = ia->ia_addr;
>>>     CID 1364757:  Incorrect expression  (IDENTICAL_BRANCHES)
>>>     The same code is executed when the condition "(error = sa6_recoverscope(&ifr->ifr_ifru.ifru_addr)) != 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
488     		if ((error = sa6_recoverscope(&ifr->ifr_addr)) != 0)
489     			break;
490     		break;
491     
492     	case SIOCGIFDSTADDR_IN6:
493     		if ((ifp->if_flags & IFF_POINTOPOINT) == 0) {

** CID 1364758:  Integer handling issues  (SIGN_EXTENSION)
/sys/dev/ata/wd.c: 397 in wdattach()


________________________________________________________________________________________________________
*** CID 1364758:  Integer handling issues  (SIGN_EXTENSION)
/sys/dev/ata/wd.c: 397 in wdattach()
391     		    wd->sc_params.atap_heads *
392     		    wd->sc_params.atap_sectors;
393     	}
394     	if ((wd->sc_params.atap_secsz & ATA_SECSZ_VALID_MASK) == ATA_SECSZ_VALID
395     	    && ((wd->sc_params.atap_secsz & ATA_SECSZ_LLS) != 0)) {
396     		wd->sc_blksize = 2ULL *
>>>     CID 1364758:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "wd->sc_params.atap_lls_secsz[1]" with type "unsigned short" (16 bits, unsigned) is promoted in "(wd->sc_params.atap_lls_secsz[1] << 16) | (wd->sc_params.atap_lls_secsz[0] << 0)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned).  If "(wd->sc_params.atap_lls_secsz[1] << 16) | (wd->sc_params.atap_lls_secsz[0] << 0)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
397     		    (wd->sc_params.atap_lls_secsz[1] << 16 |
398     		     wd->sc_params.atap_lls_secsz[0] <<  0);
399     	} else {
400     		wd->sc_blksize = 512;
401     	}
402     	wd->sc_capacity512 = (wd->sc_capacity * wd->sc_blksize) / DEV_BSIZE;

** CID 1364759:  Memory - illegal accesses  (UNINIT)
/sys/net/route.c: 781 in rt_getifa()


________________________________________________________________________________________________________
*** CID 1364759:  Memory - illegal accesses  (UNINIT)
/sys/net/route.c: 781 in rt_getifa()
775     	if (sa != NULL && info->rti_ifp != NULL)
776     		ifa = ifaof_ifpforaddr_psref(sa, info->rti_ifp, psref);
777     	else if (dst != NULL && gateway != NULL)
778     		ifa = ifa_ifwithroute_psref(flags, dst, gateway, psref);
779     	else if (sa != NULL)
780     		ifa = ifa_ifwithroute_psref(flags, sa, sa, psref);
>>>     CID 1364759:  Memory - illegal accesses  (UNINIT)
>>>     Using uninitialized value "ifa".
781     	if (ifa == NULL)
782     		return NULL;
783     got:
784     	if (ifa->ifa_getifa != NULL) {
785     		/* FIXME NOMPSAFE */
786     		ifa = (*ifa->ifa_getifa)(ifa, dst);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjEGdxS-2FDDouPkeZ4HbDca3C30UoLW748TLKQM-2BXRpGRc-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UTOvyZK4Gbc7ix6TU7-2FtqpF01aoXiJGtjDJiO2HmVJRcJpaTEj44hf6TVjczFSLX2-2B5J4HXt2yplGfbhy7FWDYFnoT2DUuF7zuKJNHnNp33blPP66mOLlRo83STYz4B2VzjkYJZDoN7FTPqi1wDQsS-2BgtiUEkwZewbLQ6WOd7MoQBxY22QumVBxgaQIqYgX04-3D

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05UTOvyZK4Gbc7ix6TU7-2FtqpF01aoXiJGtjDJiO2HmVJRYxv-2FvzTzaLF6Sp7tFUBuoNmoocIR4WHL6DOct4ZtlitCXRZStNl7Bc14CWpUee0x-2FuTCrvwYnIbdbWwQEaYZry9xc-2BRhLI2ybwMks9QuWynQJdOsXdBGyeKP9yIDXiyqVPpqphSjICSrjHXK98Z3hQ-3D