Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
Hi,
Please find the latest report on new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
65 new defect(s) introduced to NetBSD-amd64-user found with Coverity Scan.
10331 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 65 defect(s)
** CID 30345: (NULL_RETURNS)
/external/gpl3/gcc/dist/libiberty/make-relative-prefix.c: 111 in save_string()
/external/gpl3/gcc/dist/libiberty/make-relative-prefix.c: 112 in save_string()
________________________________________________________________________________________________________
*** CID 30345: (NULL_RETURNS)
/external/gpl3/gcc/dist/libiberty/make-relative-prefix.c: 111 in save_string()
105
106 static char *
107 save_string (const char *s, int len)
108 {
109 char *result = (char *) malloc (len + 1);
110
>>> CID 30345: (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "result" when calling "memcpy".
111 memcpy (result, s, len);
112 result[len] = 0;
113 return result;
114 }
115
116 /* Split a filename into component directories. */
/external/gpl3/gcc/dist/libiberty/make-relative-prefix.c: 112 in save_string()
106 static char *
107 save_string (const char *s, int len)
108 {
109 char *result = (char *) malloc (len + 1);
110
111 memcpy (result, s, len);
>>> CID 30345: (NULL_RETURNS)
>>> Dereferencing a null pointer "result".
112 result[len] = 0;
113 return result;
114 }
115
116 /* Split a filename into component directories. */
117
** CID 1102760: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/gpl3/gcc/dist/libiberty/md5.c: 296 in md5_process_block()
________________________________________________________________________________________________________
*** CID 1102760: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/gpl3/gcc/dist/libiberty/md5.c: 296 in md5_process_block()
290 md5_uint32 D = ctx->D;
291
292 /* First increment the byte count. RFC 1321 specifies the possible
293 length of the file up to 2^64 bits. Here we only compute the
294 number of bytes. Do a double word increment. */
295 ctx->total[0] += len;
>>> CID 1102760: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "len >> 31 >> 1" is 0 regardless of the values of its operands. This occurs as a value.
296 ctx->total[1] += ((len >> 31) >> 1) + (ctx->total[0] < len);
297
298 /* Process all bytes in the buffer with 64 bytes in each round of
299 the loop. */
300 while (words < endp)
301 {
** CID 1102761: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/gpl3/gcc/dist/libiberty/sha1.c: 303 in sha1_process_block()
________________________________________________________________________________________________________
*** CID 1102761: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/external/gpl3/gcc/dist/libiberty/sha1.c: 303 in sha1_process_block()
297 sha1_uint32 e = ctx->E;
298
299 /* First increment the byte count. RFC 1321 specifies the possible
300 length of the file up to 2^64 bits. Here we only compute the
301 number of bytes. Do a double word increment. */
302 ctx->total[0] += len;
>>> CID 1102761: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "len >> 31 >> 1" is 0 regardless of the values of its operands. This occurs as a value.
303 ctx->total[1] += ((len >> 31) >> 1) + (ctx->total[0] < len);
304
305 #define rol(x, n) (((x) << (n)) | ((sha1_uint32) (x) >> (32 - (n))))
306
307 #define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
308 ^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
** CID 1286925: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 162 in require(int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 162 in require(int)()
________________________________________________________________________________________________________
*** CID 1286925: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 162 in require(int)()
156 require (int t)
157 {
158 int u = token ();
159 const char *v = advance ();
160 if (u != t)
161 {
>>> CID 1286925: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t, NULL)" leaks it.
162 parse_error ("expected %s, have %s",
163 print_token (t, 0), print_token (u, v));
164 return 0;
165 }
166 return v;
167 }
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 162 in require(int)()
156 require (int t)
157 {
158 int u = token ();
159 const char *v = advance ();
160 if (u != t)
161 {
>>> CID 1286925: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(u, v)" leaks it.
162 parse_error ("expected %s, have %s",
163 print_token (t, 0), print_token (u, v));
164 return 0;
165 }
166 return v;
167 }
** CID 1286926: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
________________________________________________________________________________________________________
*** CID 1286926: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
204 require4 (int t1, int t2, int t3, int t4)
205 {
206 int u = token ();
207 const char *v = advance ();
208 if (u != t1 && u != t2 && u != t3 && u != t4)
209 {
>>> CID 1286926: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t1, NULL)" leaks it.
210 parse_error ("expected %s, %s, %s or %s, have %s",
211 print_token (t1, 0), print_token (t2, 0),
212 print_token (t3, 0), print_token (t4, 0),
213 print_token (u, v));
214 return 0;
215 }
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
204 require4 (int t1, int t2, int t3, int t4)
205 {
206 int u = token ();
207 const char *v = advance ();
208 if (u != t1 && u != t2 && u != t3 && u != t4)
209 {
>>> CID 1286926: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t2, NULL)" leaks it.
210 parse_error ("expected %s, %s, %s or %s, have %s",
211 print_token (t1, 0), print_token (t2, 0),
212 print_token (t3, 0), print_token (t4, 0),
213 print_token (u, v));
214 return 0;
215 }
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
204 require4 (int t1, int t2, int t3, int t4)
205 {
206 int u = token ();
207 const char *v = advance ();
208 if (u != t1 && u != t2 && u != t3 && u != t4)
209 {
>>> CID 1286926: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t3, NULL)" leaks it.
210 parse_error ("expected %s, %s, %s or %s, have %s",
211 print_token (t1, 0), print_token (t2, 0),
212 print_token (t3, 0), print_token (t4, 0),
213 print_token (u, v));
214 return 0;
215 }
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
204 require4 (int t1, int t2, int t3, int t4)
205 {
206 int u = token ();
207 const char *v = advance ();
208 if (u != t1 && u != t2 && u != t3 && u != t4)
209 {
>>> CID 1286926: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t4, NULL)" leaks it.
210 parse_error ("expected %s, %s, %s or %s, have %s",
211 print_token (t1, 0), print_token (t2, 0),
212 print_token (t3, 0), print_token (t4, 0),
213 print_token (u, v));
214 return 0;
215 }
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 210 in require4(int, int, int, int)()
204 require4 (int t1, int t2, int t3, int t4)
205 {
206 int u = token ();
207 const char *v = advance ();
208 if (u != t1 && u != t2 && u != t3 && u != t4)
209 {
>>> CID 1286926: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(u, v)" leaks it.
210 parse_error ("expected %s, %s, %s or %s, have %s",
211 print_token (t1, 0), print_token (t2, 0),
212 print_token (t3, 0), print_token (t4, 0),
213 print_token (u, v));
214 return 0;
215 }
** CID 1286927: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 449 in consume_until_comma_or_eos()()
________________________________________________________________________________________________________
*** CID 1286927: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 449 in consume_until_comma_or_eos()()
443 consume_balanced ('[', ']');
444 break;
445
446 case '}':
447 case ']':
448 case ')':
>>> CID 1286927: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_cur_token()" leaks it.
449 parse_error ("unmatched '%s' while scanning for ',' or ';'",
450 print_cur_token ());
451 return false;
452
453 case EOF_TOKEN:
454 parse_error ("unexpected end of file while scanning for ',' or ';'");
** CID 1286929: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 1052 in type(options **, bool)()
________________________________________________________________________________________________________
*** CID 1286929: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 1052 in type(options **, bool)()
1046 "with automatic GTY markers. Use GTY((user)) to mark "
1047 "this structure.");
1048 advance ();
1049 return NULL;
1050 }
1051
>>> CID 1286929: Resource leaks (RESOURCE_LEAK)
>>> Variable "s" going out of scope leaks the storage it points to.
1052 return create_scalar_type (s);
1053
1054 default:
1055 parse_error ("expected a type specifier, have %s", print_cur_token ());
1056 advance ();
1057 return create_scalar_type ("erroneous type");
** CID 1286930: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 177 in require_without_advance(int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 177 in require_without_advance(int)()
________________________________________________________________________________________________________
*** CID 1286930: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 177 in require_without_advance(int)()
171 require_without_advance (int t)
172 {
173 int u = token ();
174 const char *v = T.value;
175 if (u != t)
176 {
>>> CID 1286930: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t, NULL)" leaks it.
177 parse_error ("expected %s, have %s",
178 print_token (t, 0), print_token (u, v));
179 return 0;
180 }
181 return v;
182 }
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 177 in require_without_advance(int)()
171 require_without_advance (int t)
172 {
173 int u = token ();
174 const char *v = T.value;
175 if (u != t)
176 {
>>> CID 1286930: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(u, v)" leaks it.
177 parse_error ("expected %s, have %s",
178 print_token (t, 0), print_token (u, v));
179 return 0;
180 }
181 return v;
182 }
** CID 1286931: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 1055 in type(options **, bool)()
________________________________________________________________________________________________________
*** CID 1286931: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 1055 in type(options **, bool)()
1049 return NULL;
1050 }
1051
1052 return create_scalar_type (s);
1053
1054 default:
>>> CID 1286931: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_cur_token()" leaks it.
1055 parse_error ("expected a type specifier, have %s", print_cur_token ());
1056 advance ();
1057 return create_scalar_type ("erroneous type");
1058 }
1059 }
1060 �
** CID 1286932: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 707 in direct_declarator(type *, const char **, options **, bool)()
________________________________________________________________________________________________________
*** CID 1286932: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 707 in direct_declarator(type *, const char **, options **, bool)()
701 case IGNORABLE_CXX_KEYWORD:
702 /* Any C++ keyword like 'operator' means that we are not looking
703 at a regular data declarator. */
704 return NULL;
705
706 default:
>>> CID 1286932: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_cur_token()" leaks it.
707 parse_error ("expected '(', ')', 'GTY', or an identifier, have %s",
708 print_cur_token ());
709 /* Do _not_ advance if what we have is a close squiggle brace, as
710 we will get much better error recovery that way. */
711 if (token () != '}')
712 advance ();
** CID 1286933: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 564 in option(options *)()
________________________________________________________________________________________________________
*** CID 1286933: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 564 in option(options *)()
558
559 case USER_GTY:
560 advance ();
561 return create_string_option (prev, "user", "");
562
563 default:
>>> CID 1286933: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_cur_token()" leaks it.
564 parse_error ("expected an option keyword, have %s", print_cur_token ());
565 advance ();
566 return create_string_option (prev, "", "");
567 }
568 }
569
** CID 1286934: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 1174 in parse_file(const char *)()
________________________________________________________________________________________________________
*** CID 1286934: Resource leaks (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 1174 in parse_file(const char *)()
1168 break;
1169
1170 case EOF_TOKEN:
1171 goto eof;
1172
1173 default:
>>> CID 1286934: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_cur_token()" leaks it.
1174 parse_error ("unexpected top level token, %s", print_cur_token ());
1175 goto eof;
1176 }
1177 lexer_toplevel_done = 1;
1178 }
1179
1180 eof:
1181 advance ();
1182 yyend ();
** CID 1286935: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 193 in require2(int, int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 193 in require2(int, int)()
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 193 in require2(int, int)()
________________________________________________________________________________________________________
*** CID 1286935: (RESOURCE_LEAK)
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 193 in require2(int, int)()
187 require2 (int t1, int t2)
188 {
189 int u = token ();
190 const char *v = advance ();
191 if (u != t1 && u != t2)
192 {
>>> CID 1286935: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t1, NULL)" leaks it.
193 parse_error ("expected %s or %s, have %s",
194 print_token (t1, 0), print_token (t2, 0),
195 print_token (u, v));
196 return 0;
197 }
198 return v;
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 193 in require2(int, int)()
187 require2 (int t1, int t2)
188 {
189 int u = token ();
190 const char *v = advance ();
191 if (u != t1 && u != t2)
192 {
>>> CID 1286935: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(t2, NULL)" leaks it.
193 parse_error ("expected %s or %s, have %s",
194 print_token (t1, 0), print_token (t2, 0),
195 print_token (u, v));
196 return 0;
197 }
198 return v;
/external/gpl3/gcc/dist/gcc/gengtype-parse.c: 193 in require2(int, int)()
187 require2 (int t1, int t2)
188 {
189 int u = token ();
190 const char *v = advance ();
191 if (u != t1 && u != t2)
192 {
>>> CID 1286935: (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "print_token(u, v)" leaks it.
193 parse_error ("expected %s or %s, have %s",
194 print_token (t1, 0), print_token (t2, 0),
195 print_token (u, v));
196 return 0;
197 }
198 return v;
** CID 1298982: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/fontconfig/dist/src/fcstr.c: 851 in FcStrBufDoneStatic()
________________________________________________________________________________________________________
*** CID 1298982: Error handling issues (CHECKED_RETURN)
/home/phil/cov/xsrc/external/mit/fontconfig/dist/src/fcstr.c: 851 in FcStrBufDoneStatic()
845 return ret;
846 }
847
848 FcChar8 *
849 FcStrBufDoneStatic (FcStrBuf *buf)
850 {
>>> CID 1298982: Error handling issues (CHECKED_RETURN)
>>> Calling "FcStrBufChar" without checking return value (as is done elsewhere 8 out of 10 times).
851 FcStrBufChar (buf, '\0');
852
853 if (buf->failed)
854 return NULL;
855
856 return buf->buf;
** CID 1400592: Resource leaks (CTOR_DTOR_LEAK)
/external/gpl3/gcc/dist/gcc/genmatch.c: 1180 in decision_tree::decision_tree()()
________________________________________________________________________________________________________
*** CID 1400592: Resource leaks (CTOR_DTOR_LEAK)
/external/gpl3/gcc/dist/gcc/genmatch.c: 1180 in decision_tree::decision_tree()()
1174
1175 void insert (struct simplify *, unsigned);
1176 void gen_gimple (FILE *f = stderr);
1177 void gen_generic (FILE *f = stderr);
1178 void print (FILE *f = stderr);
1179
>>> CID 1400592: Resource leaks (CTOR_DTOR_LEAK)
>>> The constructor allocates field "root" of "decision_tree" but there is no destructor.
1180 decision_tree () { root = new dt_node (dt_node::DT_NODE); }
1181
1182 static dt_node *insert_operand (dt_node *, operand *, dt_operand **indexes,
1183 unsigned pos = 0, dt_node *parent = 0);
1184 static dt_node *find_node (vec<dt_node *>&, dt_node *);
1185 static bool cmp_node (dt_node *, dt_node *);
** CID 1400593: Integer handling issues (DIVIDE_BY_ZERO)
/external/gpl3/gcc/dist/gcc/genmatch.c: 1039 in lower_for(simplify *, vec<simplify *, va_heap, vl_ptr> &)()
________________________________________________________________________________________________________
*** CID 1400593: Integer handling issues (DIVIDE_BY_ZERO)
/external/gpl3/gcc/dist/gcc/genmatch.c: 1039 in lower_for(simplify *, vec<simplify *, va_heap, vl_ptr> &)()
1033 operand *result_op = s->result;
1034 vec<if_or_with> ifexpr_vec = s->ifexpr_vec.copy ();
1035
1036 for (unsigned i = 0; i < n_ids; ++i)
1037 {
1038 user_id *id = ids[i];
>>> CID 1400593: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "j % id->substitutes.length()", modulo by expression "id->substitutes.length()" which may be zero has undefined behavior.
1039 id_base *oper = id->substitutes[j % id->substitutes.length ()];
1040 match_op = replace_id (match_op, id, oper);
1041 if (result_op)
1042 result_op = replace_id (result_op, id, oper);
1043 for (unsigned k = 0; k < s->ifexpr_vec.length (); ++k)
1044 ifexpr_vec[k].cexpr = replace_id (ifexpr_vec[k].cexpr,
** CID 1400594: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/sfnt/ttpost.c: 195 in load_format_20()
________________________________________________________________________________________________________
*** CID 1400594: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/sfnt/ttpost.c: 195 in load_format_20()
189
190 if ( FT_NEW_ARRAY ( glyph_indices, num_glyphs ) ||
191 FT_FRAME_ENTER( num_glyphs * 2L ) )
192 goto Fail;
193
194 for ( n = 0; n < num_glyphs; n++ )
>>> CID 1400594: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "glyph_indices".
195 glyph_indices[n] = FT_GET_USHORT();
196
197 FT_FRAME_EXIT();
198 }
199
200 /* compute number of names stored in table */
** CID 1400595: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/truetype/ttgxvar.c: 1434 in tt_face_vary_cvt()
________________________________________________________________________________________________________
*** CID 1400595: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/truetype/ttgxvar.c: 1434 in tt_face_vary_cvt()
1428 /* There is no provision here for a global tuple coordinate section, */
1429 /* so John says. There are no tuple indices, just embedded tuples. */
1430
1431 if ( tupleIndex & GX_TI_EMBEDDED_TUPLE_COORD )
1432 {
1433 for ( j = 0; j < blend->num_axis; j++ )
>>> CID 1400595: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "tuple_coords".
1434 tuple_coords[j] = FT_GET_SHORT() * 4; /* convert from */
1435 /* short frac to fixed */
1436 }
1437 else
1438 {
1439 /* skip this tuple; it makes no sense */
** CID 1400596: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/pshinter/pshalgo.c: 1192 in psh_glyph_init()
________________________________________________________________________________________________________
*** CID 1400596: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/pshinter/pshalgo.c: 1192 in psh_glyph_init()
1186 PSH_Point point;
1187
1188
1189 next = (FT_UInt)outline->contours[n] + 1;
1190 count = next - first;
1191
>>> CID 1400596: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "contour".
1192 contour->start = points + first;
1193 contour->count = count;
1194
1195 if ( count > 0 )
1196 {
1197 point = points + first;
** CID 1400597: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/truetype/ttgxvar.c: 379 in ft_var_load_avar()
________________________________________________________________________________________________________
*** CID 1400597: Null pointer dereferences (FORWARD_NULL)
/home/phil/cov/xsrc/external/mit/freetype/dist/src/truetype/ttgxvar.c: 379 in ft_var_load_avar()
373 goto Exit;
374 }
375
376 for ( j = 0; j < segment->pairCount; j++ )
377 {
378 /* convert to Fixed */
>>> CID 1400597: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "segment->correspondence".
379 segment->correspondence[j].fromCoord = FT_GET_SHORT() * 4;
380 segment->correspondence[j].toCoord = FT_GET_SHORT() * 4;
381
382 FT_TRACE5(( " mapping %.4f to %.4f\n",
383 segment->correspondence[j].fromCoord / 65536.0,
384 segment->correspondence[j].toCoord / 65536.0 ));
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRb2JZfDAOAZcqzsy8LMBKBjWas0CuiLQxeHDPm0bvVkx3qGSbylcqhUWgyuH34f4u8-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05XwvynuWjarokTYOg8eDXgncyWR-2BCMeueOxl79CluZHJYhEqX7aH3ikmLNL2kEfo18-2BC7ZUeX63hTLhnRWFk1S8gQa4wKjlcseQVjh3lrYh6YCsydtJyWHKPl-2F3anA8xksYzFMMyJfnqapEX5M87VXff5NKs-2B-2F4HdSbBumqtIAMuzCX4d0L8d9zSMGB-2BydzLWg-3D
To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4m7U7Yoel-2F6MYPxol7ToiLwYIjoNbVQOCAwEeTNJofEDwTlN0JRhKMyijhpnAObR-2FlLVG-2Fr3EBKWgiICNdX1HPA6Ws0-2F1wHBf2tG9AnMDB8g-3D_XWm3CUIFU8ffmjzuNhQ8cIHoQgXzXkm61Fmjr59D05XwvynuWjarokTYOg8eDXgncyWR-2BCMeueOxl79CluZHJS71drWziZWfjczAM0GQWo6f6mBmNBg2tmQW0dbIn-2B5jeh1qOI2cPwU3UBvr4hgOoKqR-2FRUoiGO2WxqbTQCaFBJxtn46zDT-2B4PP5Yl4Y0xXutMBg5XOS06gM1H98I0NsNgGPpTCfwjpYQ5j0gg-2Bju1k-3D
Home |
Main Index |
Thread Index |
Old Index