some bugs in the kernel
c0ldbyte
c0ldbyte at myrealbox.com
Tue Mar 15 05:41:41 PST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 14 Mar 2005, Ted Unangst wrote:
> These bugs were found using the Coverity Prevent static analysis tool.
>
> Memory Leak
> File: usr/home/tedu/src/sys/geom/geom_bsd.c
> Function: g_bsd_ioctl
> Returning at line 378 leaks the just allocated 'label'.
>
> Buffer Overrun
> File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c
> Function: hpt_default_ioctl
> At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be twice the
> size of pVDevice (MAX_VDEVICE_PER_VBUS).
>
> Buffer Overrun
> File: usr/home/tedu/src/sys/dev/hptmv/entry.c
> Function: SetInquiryData
> At line 2660, loop bound of 20 is greater than size of VendorID.
>
> Memory Leak
> File: usr/home/tedu/src/sys/dev/pci/pci.c
> Function: pci_suspend
> If bus_generic_suspend fails at line 1061, 'devlist' is leaked.
>
> Use After Free, Memory Corruption
> File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c
> Function: mlx_pci_attach
> Calling mlx_free on error at line 218 is dangerous, since mlx_attach also
> called it. Eventually this will double free assorted bus resources.
>
> NULL pointer dereference
> File: usr/home/tedu/src/sys/pci/if_ti.c
> Function: ti_setmulti
> malloc return at 1628 is not checked against NULL.
>
>
> --
> Ted Unangst www.coverity.com Coverity, Inc.
Pretty cool, thanks..
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F
iD8DBQFCNuYQsmFQuvffl58RAqkEAJ41uvoxxZOLoclnAO15d+rlewIXOACeOyRg
PJ48VXqgInEjY3FDOv42Aco=
=RkCW
-----END PGP SIGNATURE-----
More information about the freebsd-hackers
mailing list