Date: Mon, 14 Mar 2005 13:25:21 -0800 From: Ted Unangst <tedu@coverity.com> To: hackers@freebsd.org Subject: some bugs in the kernel Message-ID: <42360141.3080104@coverity.com>
next in thread | raw e-mail | index | archive | help
These bugs were found using the Coverity Prevent static analysis tool. Memory Leak File: usr/home/tedu/src/sys/geom/geom_bsd.c Function: g_bsd_ioctl Returning at line 378 leaks the just allocated 'label'. Buffer Overrun File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c Function: hpt_default_ioctl At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be twice the size of pVDevice (MAX_VDEVICE_PER_VBUS). Buffer Overrun File: usr/home/tedu/src/sys/dev/hptmv/entry.c Function: SetInquiryData At line 2660, loop bound of 20 is greater than size of VendorID. Memory Leak File: usr/home/tedu/src/sys/dev/pci/pci.c Function: pci_suspend If bus_generic_suspend fails at line 1061, 'devlist' is leaked. Use After Free, Memory Corruption File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c Function: mlx_pci_attach Calling mlx_free on error at line 218 is dangerous, since mlx_attach also called it. Eventually this will double free assorted bus resources. NULL pointer dereference File: usr/home/tedu/src/sys/pci/if_ti.c Function: ti_setmulti malloc return at 1628 is not checked against NULL. -- Ted Unangst www.coverity.com Coverity, Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42360141.3080104>