Date: Wed, 18 Aug 2004 00:26:22 -0700 From: Ted Unangst <tedu@coverity.com> To: hackers@freebsd.org Subject: too late null checks Message-ID: <4123049E.9000900@coverity.com>
next in thread | raw e-mail | index | archive | help
Bugs found with Coverity's automated analysis. In each case, either the NULL check is unnecessary, or it's too late because the variable was already deref'd. dev/firewire/fwohci.c:dump_db (debugging function) pp can not be null (crash if it is) dev/mpt/mpt_pci.c:mpt_detach a null mpt won't survive mpt_prt netinet/tcp_subr.c:tcp_mtudisc tp has already been dereferenced to obtain isipv6 result usb/dev/urio.c:urio_attach if uaa->device can be null, usbd_devinfo already used it. cam/cam_xpt.c:xptplistperiphfunc check at line 2532 looks wrong. perhaps should be *pdrv == NULL? dev/twe/twe.c:twe_ioctl if you make it to line 552, tr is definitely not null. kern/vfs_subr.c:reassignbufs (4.10) 1408 while (tbp && tbp->b_lblkno < 0) 1409 tdp = TAILQ_PREV(tbp, buflists, b_vnbufs); 1410 TAILQ_INSERT_AFTER(listheadp, tbp, bp, b_vnbufs); if the first while() test fails, tailq insert will crash. i'm not sure where this code went in current. some other bugs of a similar nature have already been fixed or the code removed in current, let me know if you are still interested in 4.10 results.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4123049E.9000900>