some bugs in the kernel
Will Froning
wfroning at angui.sh
Wed Mar 16 09:09:07 PST 2005
On Mon, 14 Mar 2005, Ted Unangst wrote:
=>These bugs were found using the Coverity Prevent static analysis tool.
=>
=>Memory Leak
=>File: usr/home/tedu/src/sys/geom/geom_bsd.c
=>Function: g_bsd_ioctl
=>Returning at line 378 leaks the just allocated 'label'.
=>
=>Buffer Overrun
=>File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c
=>Function: hpt_default_ioctl
=>At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be
=>twice the size of pVDevice (MAX_VDEVICE_PER_VBUS).
=>
=>Buffer Overrun
=>File: usr/home/tedu/src/sys/dev/hptmv/entry.c
=>Function: SetInquiryData
=>At line 2660, loop bound of 20 is greater than size of VendorID.
=>
=>Memory Leak
=>File: usr/home/tedu/src/sys/dev/pci/pci.c
=>Function: pci_suspend
=>If bus_generic_suspend fails at line 1061, 'devlist' is leaked.
=>
=>Use After Free, Memory Corruption
=>File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c
=>Function: mlx_pci_attach
=>Calling mlx_free on error at line 218 is dangerous, since mlx_attach
=>also called it. Eventually this will double free assorted bus resources.
=>
=>NULL pointer dereference
=>File: usr/home/tedu/src/sys/pci/if_ti.c
=>Function: ti_setmulti
=>malloc return at 1628 is not checked against NULL.
Just to make sure it is said again. Thanks!
Will
--
Will Froning
Unix Sys. Admin.
wfroning at angui.sh
More information about the freebsd-hackers
mailing list