-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 14 Mar 2005, Ted Unangst wrote:
These bugs were found using the Coverity Prevent static analysis tool.
Memory Leak File: usr/home/tedu/src/sys/geom/geom_bsd.c Function: g_bsd_ioctl Returning at line 378 leaks the just allocated 'label'.
Buffer Overrun
File: usr/home/tedu/src/sys/dev/hptmv/gui_lib.c
Function: hpt_default_ioctl
At line 1262, the loop bound of MAX_ARRAY_PER_VBUS is defined to be twice the size of pVDevice (MAX_VDEVICE_PER_VBUS).
Buffer Overrun File: usr/home/tedu/src/sys/dev/hptmv/entry.c Function: SetInquiryData At line 2660, loop bound of 20 is greater than size of VendorID.
Memory Leak File: usr/home/tedu/src/sys/dev/pci/pci.c Function: pci_suspend If bus_generic_suspend fails at line 1061, 'devlist' is leaked.
Use After Free, Memory Corruption
File: usr/home/tedu/src/sys/dev/mlx/mlx_pci.c
Function: mlx_pci_attach
Calling mlx_free on error at line 218 is dangerous, since mlx_attach also called it. Eventually this will double free assorted bus resources.
NULL pointer dereference File: usr/home/tedu/src/sys/pci/if_ti.c Function: ti_setmulti malloc return at 1628 is not checked against NULL.
-- Ted Unangst www.coverity.com Coverity, Inc.
Pretty cool, thanks.. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F
iD8DBQFCNuYQsmFQuvffl58RAqkEAJ41uvoxxZOLoclnAO15d+rlewIXOACeOyRg PJ48VXqgInEjY3FDOv42Aco= =RkCW -----END PGP SIGNATURE----- _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
