some bugs in the kernel
tedu at coverity.com
Mon Mar 14 13:25:26 PST 2005
These bugs were found using the Coverity Prevent static analysis tool.
Returning at line 378 leaks the just allocated 'label'.
At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be
twice the size of pVDevice (MAX_VDEVICE_PER_VBUS).
At line 2660, loop bound of 20 is greater than size of VendorID.
If bus_generic_suspend fails at line 1061, 'devlist' is leaked.
Use After Free, Memory Corruption
Calling mlx_free on error at line 218 is dangerous, since mlx_attach
also called it. Eventually this will double free assorted bus resources.
NULL pointer dereference
malloc return at 1628 is not checked against NULL.
Ted Unangst www.coverity.com Coverity, Inc.
More information about the freebsd-hackers