Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user



Hi,

Please find the latest report on new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.

10 new defect(s) introduced to NetBSD-i386-user found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)


** CID 1373515:  Error handling issues  (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 677 in drmmode_set_scanout_pixmap_cpu()


________________________________________________________________________________________________________
*** CID 1373515:  Error handling issues  (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 677 in drmmode_set_scanout_pixmap_cpu()
671         }
672         ptr = drmmode_map_slave_bo(drmmode, ppriv);
673         ppix->devPrivate.ptr = ptr;
674         DamageRegister(&ppix->drawable, drmmode_crtc->slave_damage);
675     
676         if (ppriv->fb_id == 0) {
>>>     CID 1373515:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "drmModeAddFB" without checking return value (as is done elsewhere 27 out of 28 times).
677             drmModeAddFB(drmmode->fd, ppix->drawable.width,
678                          ppix->drawable.height,
679                          ppix->drawable.depth,
680                          ppix->drawable.bitsPerPixel,
681                          ppix->devKind, ppriv->backing_bo->handle, &ppriv->fb_id);
682         }

** CID 1373516:  Control flow issues  (MISSING_BREAK)
/usr.sbin/ifwatchd/ifwatchd.c: 376 in invoke_script()


________________________________________________________________________________________________________
*** CID 1373516:  Control flow issues  (MISSING_BREAK)
/usr.sbin/ifwatchd/ifwatchd.c: 376 in invoke_script()
370     
371     			sin = (const struct sockaddr_in *)sa;
372     			if (sin->sin_addr.s_addr == INADDR_ANY ||
373     			    sin->sin_addr.s_addr == INADDR_BROADCAST)
374     				return;
375     		}
>>>     CID 1373516:  Control flow issues  (MISSING_BREAK)
>>>     The above case falls through to this one.
376     		case AF_INET6:
377     		{
378     			const struct sockaddr_in6 *sin6;
379     
380     			sin6 = (const struct sockaddr_in6 *)sa;
381     			if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))

** CID 1373517:  Integer handling issues  (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/libXrandr/dist/src/XrrProvider.c: 135 in XRRGetProviderInfo()


________________________________________________________________________________________________________
*** CID 1373517:  Integer handling issues  (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/libXrandr/dist/src/XrrProvider.c: 135 in XRRGetProviderInfo()
129     	SyncHandle ();
130     	return NULL;
131         }
132     
133         if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
134         {
>>>     CID 1373517:  Integer handling issues  (NO_EFFECT)
>>>     This less-than-zero comparison of an unsigned value is never true. "rep.length < 0UL".
135     	if (rep.length < ProviderInfoExtra >> 2)
136     	    _XEatDataWords (dpy, rep.length);
137     	else
138     	    _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
139     	UnlockDisplay (dpy);
140     	SyncHandle ();

** CID 1373518:  Memory - corruptions  (OVERRUN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 1372 in parse_path_blob()


________________________________________________________________________________________________________
*** CID 1373518:  Memory - corruptions  (OVERRUN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 1372 in parse_path_blob()
1366         if (!conn)
1367             return -1;
1368         len = conn - (blob_data + 4);
1369         if (len + 1> 5)
1370             return -1;
1371         memcpy(conn_id, blob_data + 4, len);
>>>     CID 1373518:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "conn_id" of 5 bytes at byte offset 5 using index "len + 1" (which evaluates to 5).
1372         conn_id[len + 1] = '\0';
1373         id = strtoul(conn_id, NULL, 10);
1374     
1375         *conn_base_id = id;
1376     
1377         *path = conn + 1;

** CID 1373520:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 779 in ms_get_drm_master_fd()


________________________________________________________________________________________________________
*** CID 1373520:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 779 in ms_get_drm_master_fd()
773         }
774         if (ms->fd < 0)
775             return FALSE;
776     
777         ms_ent->fd = ms->fd;
778         ms_ent->fd_ref = 1;
>>>     CID 1373520:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "BusID" going out of scope leaks the storage it points to.
779         return TRUE;
780     }
781     
782     static Bool
783     PreInit(ScrnInfoPtr pScrn, int flags)
784     {

** CID 1373521:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 799 in PreInit()


________________________________________________________________________________________________________
*** CID 1373521:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 799 in PreInit()
793         if (pScrn->numEntities != 1)
794             return FALSE;
795     
796         pEnt = xf86GetEntityInfo(pScrn->entityList[0]);
797     
798         if (flags & PROBE_DETECT) {
>>>     CID 1373521:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "pEnt" going out of scope leaks the storage it points to.
799             return FALSE;
800         }
801     
802         /* Allocate driverPrivate */
803         if (!GetRec(pScrn))
804             return FALSE;

** CID 1373522:    (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 753 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 760 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 764 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 768 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 778 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 786 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 793 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 798 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 806 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 811 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 819 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 825 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 831 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 842 in parse_reply_call_callback()


________________________________________________________________________________________________________
*** CID 1373522:    (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 753 in parse_reply_call_callback()
747     	 * compute the size of this protocol element.
748     	 */
749     	switch (rep->category) {
750     	case XRecordFromServer:
751     	    if (rep->elementHeader&XRecordFromServerTime) {
752     		if (current_index + 4 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
753     		    return Error;
754     		EXTRACT_CARD32(rep->clientSwapped,
755     			       reply->buf+current_index,
756     			       data->server_time);
757     		current_index += 4;
758     	    }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 760 in parse_reply_call_callback()
754     		EXTRACT_CARD32(rep->clientSwapped,
755     			       reply->buf+current_index,
756     			       data->server_time);
757     		current_index += 4;
758     	    }
759     	    if (current_index + 1 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
760     		return Error;
761     	    switch (reply->buf[current_index]) {
762     	    case X_Reply: /* reply */
763     		if (current_index + 8 > rep->length << 2)
764     		    return Error;
765     		EXTRACT_CARD32(rep->clientSwapped,
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 764 in parse_reply_call_callback()
758     	    }
759     	    if (current_index + 1 > rep->length << 2)
760     		return Error;
761     	    switch (reply->buf[current_index]) {
762     	    case X_Reply: /* reply */
763     		if (current_index + 8 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
764     		    return Error;
765     		EXTRACT_CARD32(rep->clientSwapped,
766     			       reply->buf+current_index+4, datum_bytes);
767     		if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
768     		    return Error;
769     		datum_bytes = (datum_bytes+8) << 2;
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 768 in parse_reply_call_callback()
762     	    case X_Reply: /* reply */
763     		if (current_index + 8 > rep->length << 2)
764     		    return Error;
765     		EXTRACT_CARD32(rep->clientSwapped,
766     			       reply->buf+current_index+4, datum_bytes);
767     		if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
768     		    return Error;
769     		datum_bytes = (datum_bytes+8) << 2;
770     		break;
771     	    default: /* error or event */
772     		datum_bytes = 32;
773     	    }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 778 in parse_reply_call_callback()
772     		datum_bytes = 32;
773     	    }
774     	    break;
775     	case XRecordFromClient:
776     	    if (rep->elementHeader&XRecordFromClientTime) {
777     		if (current_index + 4 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
778     		    return Error;
779     		EXTRACT_CARD32(rep->clientSwapped,
780     			       reply->buf+current_index,
781     			       data->server_time);
782     		current_index += 4;
783     	    }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 786 in parse_reply_call_callback()
780     			       reply->buf+current_index,
781     			       data->server_time);
782     		current_index += 4;
783     	    }
784     	    if (rep->elementHeader&XRecordFromClientSequence) {
785     		if (current_index + 4 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
786     		    return Error;
787     		EXTRACT_CARD32(rep->clientSwapped,
788     			       reply->buf+current_index,
789     			       data->client_seq);
790     		current_index += 4;
791     	    }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 793 in parse_reply_call_callback()
787     		EXTRACT_CARD32(rep->clientSwapped,
788     			       reply->buf+current_index,
789     			       data->client_seq);
790     		current_index += 4;
791     	    }
792     	    if (current_index + 4 > rep->length<<2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
793     		return Error;
794     	    if (reply->buf[current_index+2] == 0
795     		&& reply->buf[current_index+3] == 0) /* needn't swap 0 */
796     	    {	/* BIG-REQUESTS */
797     		if (current_index + 8 > rep->length << 2)
798     		    return Error;
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 798 in parse_reply_call_callback()
792     	    if (current_index + 4 > rep->length<<2)
793     		return Error;
794     	    if (reply->buf[current_index+2] == 0
795     		&& reply->buf[current_index+3] == 0) /* needn't swap 0 */
796     	    {	/* BIG-REQUESTS */
797     		if (current_index + 8 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
798     		    return Error;
799     		EXTRACT_CARD32(rep->clientSwapped,
800     			       reply->buf+current_index+4, datum_bytes);
801     	    } else {
802     		EXTRACT_CARD16(rep->clientSwapped,
803     			       reply->buf+current_index+2, datum_bytes);
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 806 in parse_reply_call_callback()
800     			       reply->buf+current_index+4, datum_bytes);
801     	    } else {
802     		EXTRACT_CARD16(rep->clientSwapped,
803     			       reply->buf+current_index+2, datum_bytes);
804     	    }
805     	    if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
806     		return Error;
807     	    datum_bytes <<= 2;
808     	    break;
809     	case XRecordClientStarted:
810     	    if (current_index + 8 > rep->length << 2)
811     		return Error;
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 811 in parse_reply_call_callback()
805     	    if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
806     		return Error;
807     	    datum_bytes <<= 2;
808     	    break;
809     	case XRecordClientStarted:
810     	    if (current_index + 8 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
811     		return Error;
812     	    EXTRACT_CARD16(rep->clientSwapped,
813     			   reply->buf+current_index+6, datum_bytes);
814     	    datum_bytes = (datum_bytes+2) << 2;
815     	    break;
816     	case XRecordClientDied:
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 819 in parse_reply_call_callback()
813     			   reply->buf+current_index+6, datum_bytes);
814     	    datum_bytes = (datum_bytes+2) << 2;
815     	    break;
816     	case XRecordClientDied:
817     	    if (rep->elementHeader&XRecordFromClientSequence) {
818     		if (current_index + 4 > rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
819     		    return Error;
820     		EXTRACT_CARD32(rep->clientSwapped,
821     			       reply->buf+current_index,
822     			       data->client_seq);
823     		current_index += 4;
824     	    } else if (current_index < rep->length << 2)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 825 in parse_reply_call_callback()
819     		    return Error;
820     		EXTRACT_CARD32(rep->clientSwapped,
821     			       reply->buf+current_index,
822     			       data->client_seq);
823     		current_index += 4;
824     	    } else if (current_index < rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
825     		return Error;
826     	    datum_bytes = 0;
827     	    break;
828     	case XRecordStartOfData:
829     	case XRecordEndOfData:
830     	    if (current_index < rep->length << 2)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 831 in parse_reply_call_callback()
825     		return Error;
826     	    datum_bytes = 0;
827     	    break;
828     	case XRecordStartOfData:
829     	case XRecordEndOfData:
830     	    if (current_index < rep->length << 2)
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
831     		return Error;
832     	    datum_bytes = 0;
833     	    break;
834     	}
835     
836     	if (datum_bytes > 0) {
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 842 in parse_reply_call_callback()
836     	if (datum_bytes > 0) {
837     	    if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) {
838     		fprintf(stderr,
839     			"XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n",
840     			(unsigned long)rep->length << 2, current_index + datum_bytes,
841     			dpy->last_request_read);
>>>     CID 1373522:    (RESOURCE_LEAK)
>>>     Variable "data" going out of scope leaks the storage it points to.
842     		return Error;
843     	    }
844     	    /*
845     	     * This assignment (and indeed the whole buffer sharing
846     	     * scheme) assumes arbitrary 4-byte boundaries are
847     	     * addressable.

** CID 1373523:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()


________________________________________________________________________________________________________
*** CID 1373523:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()
137         }
138     error:
139         UnlockDisplay(dpy);
140     error_unlocked:
141         SyncHandle();
142         *ndevices_return = -1;
>>>     CID 1373523:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "ptr" going out of scope leaks the storage it points to.
143         return NULL;
144     }
145     
146     void
147     XIFreeDeviceInfo(XIDeviceInfo* info)
148     {

** CID 1373524:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()


________________________________________________________________________________________________________
*** CID 1373524:  Resource leaks  (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()
137         }
138     error:
139         UnlockDisplay(dpy);
140     error_unlocked:
141         SyncHandle();
142         *ndevices_return = -1;
>>>     CID 1373524:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "info" going out of scope leaks the storage it points to.
143         return NULL;
144     }
145     
146     void
147     XIFreeDeviceInfo(XIDeviceInfo* info)
148     {

** CID 1373525:  Null pointer dereferences  (REVERSE_INULL)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/vblank.c: 254 in ms_drm_wakeup_handler()


________________________________________________________________________________________________________
*** CID 1373525:  Null pointer dereferences  (REVERSE_INULL)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/vblank.c: 254 in ms_drm_wakeup_handler()
248     {
249         ScreenPtr screen = data;
250         ScrnInfoPtr scrn = xf86ScreenToScrn(screen);
251         modesettingPtr ms = modesettingPTR(scrn);
252         fd_set *read_mask = mask;
253     
>>>     CID 1373525:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
254         if (data == NULL || err < 0)
255             return;
256     
257         if (FD_ISSET(ms->fd, read_mask))
258             drmHandleEvent(ms->fd, &ms->event_context);
259     }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjZiXDg7WCnKqBB1q-2FtZ4dvE2p1AmNMmYII14NbCr9wIc-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05V6rB2VmyER3NN-2FJwRB6okZSc776n8vRAPj9ulNe3V9R79ntvLP6xqAUNPiAUwWXH9qwUCyYXLB91ZXn1vl-2FhUmxLgNHTkJrulNwbHzEjHMOv1RWJwR3yH8R8N3BDZFrtTTyz0VUS69QCmxmTAI-2F1Vafub9M3Lo-2BlHeCYx5nOP2K-2B95OVhULbV-2F9VhVg91Rwps-3D

To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05V6rB2VmyER3NN-2FJwRB6okZSc776n8vRAPj9ulNe3V9R54XRW-2FmPumiMn0NiUN4nHzEq8zBePAnnacFf0IQCfPz7uFfsqalzewlE9ns-2FJF-2FfTc0HSSl5RI9Z1mscbGSAhChrNNKXexaIq27TYjDu-2BY3pkwwlyDswUVvOv-2BLRGj252LXUYT26rrbsoa5OKuGnFY-3D



Home | Main Index | Thread Index | Old Index