Date: Tue, 15 Mar 2005 08:41:33 -0500 (EST) From: c0ldbyte <c0ldbyte@myrealbox.com> To: Ted Unangst <tedu@coverity.com> Cc: hackers@freebsd.org Subject: Re: some bugs in the kernel Message-ID: <20050315084106.U3949@eleanor.us1.wmi.uvac.net> In-Reply-To: <42360141.3080104@coverity.com> References: <42360141.3080104@coverity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 14 Mar 2005, Ted Unangst wrote: > These bugs were found using the Coverity Prevent static analysis tool. > > Memory Leak > File: usr/home/tedu/src/sys/geom/geom_bsd.c > Function: g_bsd_ioctl > Returning at line 378 leaks the just allocated 'label'. > > Buffer Overrun > File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c > Function: hpt_default_ioctl > At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be twice the > size of pVDevice (MAX_VDEVICE_PER_VBUS). > > Buffer Overrun > File: usr/home/tedu/src/sys/dev/hptmv/entry.c > Function: SetInquiryData > At line 2660, loop bound of 20 is greater than size of VendorID. > > Memory Leak > File: usr/home/tedu/src/sys/dev/pci/pci.c > Function: pci_suspend > If bus_generic_suspend fails at line 1061, 'devlist' is leaked. > > Use After Free, Memory Corruption > File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c > Function: mlx_pci_attach > Calling mlx_free on error at line 218 is dangerous, since mlx_attach also > called it. Eventually this will double free assorted bus resources. > > NULL pointer dereference > File: usr/home/tedu/src/sys/pci/if_ti.c > Function: ti_setmulti > malloc return at 1628 is not checked against NULL. > > > -- > Ted Unangst www.coverity.com Coverity, Inc. Pretty cool, thanks.. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F iD8DBQFCNuYQsmFQuvffl58RAqkEAJ41uvoxxZOLoclnAO15d+rlewIXOACeOyRg PJ48VXqgInEjY3FDOv42Aco= =RkCW -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050315084106.U3949>