On Mon, 14 Mar 2005, Ted Unangst wrote: =>These bugs were found using the Coverity Prevent static analysis tool. => =>Memory Leak =>File: usr/home/tedu/src/sys/geom/geom_bsd.c =>Function: g_bsd_ioctl =>Returning at line 378 leaks the just allocated 'label'. => =>Buffer Overrun =>File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c =>Function: hpt_default_ioctl =>At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be =>twice the size of pVDevice (MAX_VDEVICE_PER_VBUS). => =>Buffer Overrun =>File: usr/home/tedu/src/sys/dev/hptmv/entry.c =>Function: SetInquiryData =>At line 2660, loop bound of 20 is greater than size of VendorID. => =>Memory Leak =>File: usr/home/tedu/src/sys/dev/pci/pci.c =>Function: pci_suspend =>If bus_generic_suspend fails at line 1061, 'devlist' is leaked. => =>Use After Free, Memory Corruption =>File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c =>Function: mlx_pci_attach =>Calling mlx_free on error at line 218 is dangerous, since mlx_attach =>also called it. Eventually this will double free assorted bus resources. => =>NULL pointer dereference =>File: usr/home/tedu/src/sys/pci/if_ti.c =>Function: ti_setmulti =>malloc return at 1628 is not checked against NULL.
Just to make sure it is said again. Thanks! Will -- Will Froning Unix Sys. Admin. [EMAIL PROTECTED] _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
