Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Mar 2005 08:41:33 -0500 (EST)
From:      c0ldbyte <c0ldbyte@myrealbox.com>
To:        Ted Unangst <tedu@coverity.com>
Cc:        hackers@freebsd.org
Subject:   Re: some bugs in the kernel
Message-ID:  <20050315084106.U3949@eleanor.us1.wmi.uvac.net>
In-Reply-To: <42360141.3080104@coverity.com>
References:  <42360141.3080104@coverity.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 14 Mar 2005, Ted Unangst wrote:

> These bugs were found using the Coverity Prevent static analysis tool.
>
> Memory Leak
> File: usr/home/tedu/src/sys/geom/geom_bsd.c
> Function: g_bsd_ioctl
> Returning at line 378 leaks the just allocated 'label'.
>
> Buffer Overrun
> File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c
> Function: hpt_default_ioctl
> At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be twice the 
> size of pVDevice (MAX_VDEVICE_PER_VBUS).
>
> Buffer Overrun
> File: usr/home/tedu/src/sys/dev/hptmv/entry.c
> Function: SetInquiryData
> At line 2660, loop bound of 20 is greater than size of VendorID.
>
> Memory Leak
> File: usr/home/tedu/src/sys/dev/pci/pci.c
> Function: pci_suspend
> If bus_generic_suspend fails at line 1061, 'devlist' is leaked.
>
> Use After Free, Memory Corruption
> File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c
> Function: mlx_pci_attach
> Calling mlx_free on error at line 218 is dangerous, since mlx_attach also 
> called it.  Eventually this will double free assorted bus resources.
>
> NULL pointer dereference
> File: usr/home/tedu/src/sys/pci/if_ti.c
> Function: ti_setmulti
> malloc return at 1628 is not checked against NULL.
>
>
> -- 
> Ted Unangst             www.coverity.com             Coverity, Inc.

Pretty cool, thanks..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F

iD8DBQFCNuYQsmFQuvffl58RAqkEAJ41uvoxxZOLoclnAO15d+rlewIXOACeOyRg
PJ48VXqgInEjY3FDOv42Aco=
=RkCW
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050315084106.U3949>