Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
10 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1373515: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 677 in drmmode_set_scanout_pixmap_cpu()
________________________________________________________________________________________________________
*** CID 1373515: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 677 in drmmode_set_scanout_pixmap_cpu()
671 }
672 ptr = drmmode_map_slave_bo(drmmode, ppriv);
673 ppix->devPrivate.ptr = ptr;
674 DamageRegister(&ppix->drawable, drmmode_crtc->slave_damage);
675
676 if (ppriv->fb_id == 0) {
>>> CID 1373515: Error handling issues (CHECKED_RETURN)
>>> Calling "drmModeAddFB" without checking return value (as is done elsewhere 27 out of 28 times).
677 drmModeAddFB(drmmode->fd, ppix->drawable.width,
678 ppix->drawable.height,
679 ppix->drawable.depth,
680 ppix->drawable.bitsPerPixel,
681 ppix->devKind, ppriv->backing_bo->handle, &ppriv->fb_id);
682 }
** CID 1373516: Control flow issues (MISSING_BREAK)
/usr.sbin/ifwatchd/ifwatchd.c: 376 in invoke_script()
________________________________________________________________________________________________________
*** CID 1373516: Control flow issues (MISSING_BREAK)
/usr.sbin/ifwatchd/ifwatchd.c: 376 in invoke_script()
370
371 sin = (const struct sockaddr_in *)sa;
372 if (sin->sin_addr.s_addr == INADDR_ANY ||
373 sin->sin_addr.s_addr == INADDR_BROADCAST)
374 return;
375 }
>>> CID 1373516: Control flow issues (MISSING_BREAK)
>>> The above case falls through to this one.
376 case AF_INET6:
377 {
378 const struct sockaddr_in6 *sin6;
379
380 sin6 = (const struct sockaddr_in6 *)sa;
381 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))
** CID 1373517: Integer handling issues (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/libXrandr/dist/src/XrrProvider.c: 135 in XRRGetProviderInfo()
________________________________________________________________________________________________________
*** CID 1373517: Integer handling issues (NO_EFFECT)
/home/phil/cov/xsrc/external/mit/libXrandr/dist/src/XrrProvider.c: 135 in XRRGetProviderInfo()
129 SyncHandle ();
130 return NULL;
131 }
132
133 if (rep.length > INT_MAX >> 2 || rep.length < ProviderInfoExtra >> 2)
134 {
>>> CID 1373517: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "rep.length < 0U".
135 if (rep.length < ProviderInfoExtra >> 2)
136 _XEatDataWords (dpy, rep.length);
137 else
138 _XEatDataWords (dpy, rep.length - (ProviderInfoExtra >> 2));
139 UnlockDisplay (dpy);
140 SyncHandle ();
** CID 1373518: Memory - corruptions (OVERRUN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 1372 in parse_path_blob()
________________________________________________________________________________________________________
*** CID 1373518: Memory - corruptions (OVERRUN)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/drmmode_display.c: 1372 in parse_path_blob()
1366 if (!conn)
1367 return -1;
1368 len = conn - (blob_data + 4);
1369 if (len + 1> 5)
1370 return -1;
1371 memcpy(conn_id, blob_data + 4, len);
>>> CID 1373518: Memory - corruptions (OVERRUN)
>>> Overrunning array "conn_id" of 5 bytes at byte offset 5 using index "len + 1" (which evaluates to 5).
1372 conn_id[len + 1] = '\0';
1373 id = strtoul(conn_id, NULL, 10);
1374
1375 *conn_base_id = id;
1376
1377 *path = conn + 1;
** CID 1373520: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 779 in ms_get_drm_master_fd()
________________________________________________________________________________________________________
*** CID 1373520: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 779 in ms_get_drm_master_fd()
773 }
774 if (ms->fd < 0)
775 return FALSE;
776
777 ms_ent->fd = ms->fd;
778 ms_ent->fd_ref = 1;
>>> CID 1373520: Resource leaks (RESOURCE_LEAK)
>>> Variable "BusID" going out of scope leaks the storage it points to.
779 return TRUE;
780 }
781
782 static Bool
783 PreInit(ScrnInfoPtr pScrn, int flags)
784 {
** CID 1373521: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 799 in PreInit()
________________________________________________________________________________________________________
*** CID 1373521: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/driver.c: 799 in PreInit()
793 if (pScrn->numEntities != 1)
794 return FALSE;
795
796 pEnt = xf86GetEntityInfo(pScrn->entityList[0]);
797
798 if (flags & PROBE_DETECT) {
>>> CID 1373521: Resource leaks (RESOURCE_LEAK)
>>> Variable "pEnt" going out of scope leaks the storage it points to.
799 return FALSE;
800 }
801
802 /* Allocate driverPrivate */
803 if (!GetRec(pScrn))
804 return FALSE;
** CID 1373522: (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 753 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 760 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 764 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 768 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 778 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 786 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 793 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 798 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 806 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 811 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 819 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 825 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 831 in parse_reply_call_callback()
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 842 in parse_reply_call_callback()
________________________________________________________________________________________________________
*** CID 1373522: (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 753 in parse_reply_call_callback()
747 * compute the size of this protocol element.
748 */
749 switch (rep->category) {
750 case XRecordFromServer:
751 if (rep->elementHeader&XRecordFromServerTime) {
752 if (current_index + 4 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
753 return Error;
754 EXTRACT_CARD32(rep->clientSwapped,
755 reply->buf+current_index,
756 data->server_time);
757 current_index += 4;
758 }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 760 in parse_reply_call_callback()
754 EXTRACT_CARD32(rep->clientSwapped,
755 reply->buf+current_index,
756 data->server_time);
757 current_index += 4;
758 }
759 if (current_index + 1 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
760 return Error;
761 switch (reply->buf[current_index]) {
762 case X_Reply: /* reply */
763 if (current_index + 8 > rep->length << 2)
764 return Error;
765 EXTRACT_CARD32(rep->clientSwapped,
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 764 in parse_reply_call_callback()
758 }
759 if (current_index + 1 > rep->length << 2)
760 return Error;
761 switch (reply->buf[current_index]) {
762 case X_Reply: /* reply */
763 if (current_index + 8 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
764 return Error;
765 EXTRACT_CARD32(rep->clientSwapped,
766 reply->buf+current_index+4, datum_bytes);
767 if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
768 return Error;
769 datum_bytes = (datum_bytes+8) << 2;
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 768 in parse_reply_call_callback()
762 case X_Reply: /* reply */
763 if (current_index + 8 > rep->length << 2)
764 return Error;
765 EXTRACT_CARD32(rep->clientSwapped,
766 reply->buf+current_index+4, datum_bytes);
767 if (datum_bytes < 0 || datum_bytes > ((INT_MAX >> 2) - 8))
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
768 return Error;
769 datum_bytes = (datum_bytes+8) << 2;
770 break;
771 default: /* error or event */
772 datum_bytes = 32;
773 }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 778 in parse_reply_call_callback()
772 datum_bytes = 32;
773 }
774 break;
775 case XRecordFromClient:
776 if (rep->elementHeader&XRecordFromClientTime) {
777 if (current_index + 4 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
778 return Error;
779 EXTRACT_CARD32(rep->clientSwapped,
780 reply->buf+current_index,
781 data->server_time);
782 current_index += 4;
783 }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 786 in parse_reply_call_callback()
780 reply->buf+current_index,
781 data->server_time);
782 current_index += 4;
783 }
784 if (rep->elementHeader&XRecordFromClientSequence) {
785 if (current_index + 4 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
786 return Error;
787 EXTRACT_CARD32(rep->clientSwapped,
788 reply->buf+current_index,
789 data->client_seq);
790 current_index += 4;
791 }
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 793 in parse_reply_call_callback()
787 EXTRACT_CARD32(rep->clientSwapped,
788 reply->buf+current_index,
789 data->client_seq);
790 current_index += 4;
791 }
792 if (current_index + 4 > rep->length<<2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
793 return Error;
794 if (reply->buf[current_index+2] == 0
795 && reply->buf[current_index+3] == 0) /* needn't swap 0 */
796 { /* BIG-REQUESTS */
797 if (current_index + 8 > rep->length << 2)
798 return Error;
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 798 in parse_reply_call_callback()
792 if (current_index + 4 > rep->length<<2)
793 return Error;
794 if (reply->buf[current_index+2] == 0
795 && reply->buf[current_index+3] == 0) /* needn't swap 0 */
796 { /* BIG-REQUESTS */
797 if (current_index + 8 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
798 return Error;
799 EXTRACT_CARD32(rep->clientSwapped,
800 reply->buf+current_index+4, datum_bytes);
801 } else {
802 EXTRACT_CARD16(rep->clientSwapped,
803 reply->buf+current_index+2, datum_bytes);
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 806 in parse_reply_call_callback()
800 reply->buf+current_index+4, datum_bytes);
801 } else {
802 EXTRACT_CARD16(rep->clientSwapped,
803 reply->buf+current_index+2, datum_bytes);
804 }
805 if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
806 return Error;
807 datum_bytes <<= 2;
808 break;
809 case XRecordClientStarted:
810 if (current_index + 8 > rep->length << 2)
811 return Error;
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 811 in parse_reply_call_callback()
805 if (datum_bytes < 0 || datum_bytes > INT_MAX >> 2)
806 return Error;
807 datum_bytes <<= 2;
808 break;
809 case XRecordClientStarted:
810 if (current_index + 8 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
811 return Error;
812 EXTRACT_CARD16(rep->clientSwapped,
813 reply->buf+current_index+6, datum_bytes);
814 datum_bytes = (datum_bytes+2) << 2;
815 break;
816 case XRecordClientDied:
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 819 in parse_reply_call_callback()
813 reply->buf+current_index+6, datum_bytes);
814 datum_bytes = (datum_bytes+2) << 2;
815 break;
816 case XRecordClientDied:
817 if (rep->elementHeader&XRecordFromClientSequence) {
818 if (current_index + 4 > rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
819 return Error;
820 EXTRACT_CARD32(rep->clientSwapped,
821 reply->buf+current_index,
822 data->client_seq);
823 current_index += 4;
824 } else if (current_index < rep->length << 2)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 825 in parse_reply_call_callback()
819 return Error;
820 EXTRACT_CARD32(rep->clientSwapped,
821 reply->buf+current_index,
822 data->client_seq);
823 current_index += 4;
824 } else if (current_index < rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
825 return Error;
826 datum_bytes = 0;
827 break;
828 case XRecordStartOfData:
829 case XRecordEndOfData:
830 if (current_index < rep->length << 2)
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 831 in parse_reply_call_callback()
825 return Error;
826 datum_bytes = 0;
827 break;
828 case XRecordStartOfData:
829 case XRecordEndOfData:
830 if (current_index < rep->length << 2)
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
831 return Error;
832 datum_bytes = 0;
833 break;
834 }
835
836 if (datum_bytes > 0) {
/home/phil/cov/xsrc/external/mit/libXtst/dist/src/XRecord.c: 842 in parse_reply_call_callback()
836 if (datum_bytes > 0) {
837 if (INT_MAX - datum_bytes < (rep->length << 2) - current_index) {
838 fprintf(stderr,
839 "XRecord: %lu-byte reply claims %d-byte element (seq %lu)\n",
840 (unsigned long)rep->length << 2, current_index + datum_bytes,
841 dpy->last_request_read);
>>> CID 1373522: (RESOURCE_LEAK)
>>> Variable "data" going out of scope leaks the storage it points to.
842 return Error;
843 }
844 /*
845 * This assignment (and indeed the whole buffer sharing
846 * scheme) assumes arbitrary 4-byte boundaries are
847 * addressable.
** CID 1373523: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()
________________________________________________________________________________________________________
*** CID 1373523: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()
137 }
138 error:
139 UnlockDisplay(dpy);
140 error_unlocked:
141 SyncHandle();
142 *ndevices_return = -1;
>>> CID 1373523: Resource leaks (RESOURCE_LEAK)
>>> Variable "ptr" going out of scope leaks the storage it points to.
143 return NULL;
144 }
145
146 void
147 XIFreeDeviceInfo(XIDeviceInfo* info)
148 {
** CID 1373524: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()
________________________________________________________________________________________________________
*** CID 1373524: Resource leaks (RESOURCE_LEAK)
/home/phil/cov/xsrc/external/mit/libXi/dist/src/XIQueryDevice.c: 143 in XIQueryDevice()
137 }
138 error:
139 UnlockDisplay(dpy);
140 error_unlocked:
141 SyncHandle();
142 *ndevices_return = -1;
>>> CID 1373524: Resource leaks (RESOURCE_LEAK)
>>> Variable "info" going out of scope leaks the storage it points to.
143 return NULL;
144 }
145
146 void
147 XIFreeDeviceInfo(XIDeviceInfo* info)
148 {
** CID 1373525: Null pointer dereferences (REVERSE_INULL)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/vblank.c: 254 in ms_drm_wakeup_handler()
________________________________________________________________________________________________________
*** CID 1373525: Null pointer dereferences (REVERSE_INULL)
/home/phil/cov/xsrc/external/mit/xorg-server/dist/hw/xfree86/drivers/modesetting/vblank.c: 254 in ms_drm_wakeup_handler()
248 {
249 ScreenPtr screen = data;
250 ScrnInfoPtr scrn = xf86ScreenToScrn(screen);
251 modesettingPtr ms = modesettingPTR(scrn);
252 fd_set *read_mask = mask;
253
>>> CID 1373525: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
254 if (data == NULL || err < 0)
255 return;
256
257 if (FD_ISSET(ms->fd, read_mask))
258 drmHandleEvent(ms->fd, &ms->event_context);
259 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjWas0CuiLQxeHDPm0bvVkx3qGSbylcqhUWgyuH34f4u8-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05VF7NHqjBJnVBuLS65tjGIf2jph7H-2Fum6vmwWrvtnCyr4qF15r2553flIDukVSHpevv7ff2c92OPqqLmSJL7VXSVIW3bV2XuaqDL0xhcZ0jPuYXpCHtH20m0SynZ32sNVds2GM9ukD1MQikp4YipWsohBh8A3SInhMGgFrW8YFdQRVxciyKoXZhFmJZRK2guRw-3D
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05VF7NHqjBJnVBuLS65tjGIf2jph7H-2Fum6vmwWrvtnCyr1z6NXJ4DWDWmclJYETecrL7H-2FZk96wlPgDQ55ghFQ9-2FRldQXNcYtLV91-2Byh9ubrqcuIUFEgkmlspRzfqpPuUtBwIsPZbs5Yqmpm5UGDRZHF28g7Iry2dL-2FF-2BeuR9GpSjyYCYhBhtePGWPAdPOZ6VMo-3D
Home |
Main Index |
Thread Index |
Old Index