Date: Wed, 16 Mar 2005 17:07:06 +0200 From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> To: Ted Unangst <tedu@coverity.com> Cc: hackers@freebsd.org Subject: Re: some bugs in the kernel Message-ID: <20050316150706.GA656@pm514-9.comsys.ntu-kpi.kiev.ua> In-Reply-To: <42360141.3080104@coverity.com> References: <42360141.3080104@coverity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 14, 2005 at 01:25:21PM -0800, Ted Unangst wrote: > > NULL pointer dereference > File: usr/home/tedu/src/sys/pci/if_ti.c > Function: ti_setmulti > malloc return at 1628 is not checked against NULL. Similar errors (lines numbers from 5.3-RELEASE): i386/i386/bios.c 516 devnodebuf = malloc(bigdev + (sizeof(struct pnp_sysdevargs) - sizeof(struct pnp_sysdev)), 517 M_DEVBUF, M_NOWAIT); pci/if_dc.c 1443 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO); 1482 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO); 1498 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO); 1517 sc->dc_srom = malloc(size, M_DEVBUF, M_NOWAIT); 1717 sc->dc_pnic_rx_buf = malloc(DC_RXLEN * 5, M_DEVBUF, M_NOWAIT); pci/if_sk.c 435 sc->sk_vpd_prodname = malloc(res.vr_len + 1, M_DEVBUF, M_NOWAIT); 447 sc->sk_vpd_readonly = malloc(res.vr_len, M_DEVBUF, M_NOWAIT); 1412 port = malloc(sizeof(int), M_DEVBUF, M_NOWAIT); 1417 port = malloc(sizeof(int), M_DEVBUF, M_NOWAIT);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050316150706.GA656>