Hi, Please find the latest report on new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan. 6 new defect(s) introduced to NetBSD-amd64-kernel found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s) ** CID 1362902: Null pointer dereferences (FORWARD_NULL) /sys/dev/dksubr.c: 686 in dk_ioctl() ________________________________________________________________________________________________________ *** CID 1362902: Null pointer dereferences (FORWARD_NULL) /sys/dev/dksubr.c: 686 in dk_ioctl() 680 error = bufq_alloc(&new, dks->dks_name, 681 BUFQ_EXACT|BUFQ_SORT_RAWBLOCK); 682 if (error) { 683 return error; 684 } 685 mutex_enter(&dksc->sc_iolock); >>> CID 1362902: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "old" = "dksc->sc_bufq". 686 old = dksc->sc_bufq; 687 bufq_move(new, old); 688 dksc->sc_bufq = new; 689 mutex_exit(&dksc->sc_iolock); 690 bufq_free(old); 691 } ** CID 1362905: Memory - illegal accesses (UNINIT) /sys/netinet6/ip6_output.c: 166 in ip6_output() ________________________________________________________________________________________________________ *** CID 1362905: Memory - illegal accesses (UNINIT) /sys/netinet6/ip6_output.c: 166 in ip6_output() 160 struct ip6_moptions *im6o, 161 struct socket *so, 162 struct ifnet **ifpp /* XXX: just for statistics */ 163 ) 164 { 165 struct ip6_hdr *ip6, *mhip6; >>> CID 1362905: Memory - illegal accesses (UNINIT) >>> Declaring variable "ifp" without initializer. 166 struct ifnet *ifp, *origifp = NULL; 167 struct mbuf *m = m0; 168 int hlen, tlen, len, off; 169 bool tso; 170 struct route ip6route; 171 struct rtentry *rt = NULL; ** CID 1362906: Code maintainability issues (UNUSED_VALUE) /sys/dev/dksubr.c: 665 in dk_ioctl() ________________________________________________________________________________________________________ *** CID 1362906: Code maintainability issues (UNUSED_VALUE) /sys/dev/dksubr.c: 665 in dk_ioctl() 659 660 mutex_enter(&dksc->sc_iolock); 661 if (dksc->sc_bufq != NULL) 662 strlcpy(dks->dks_name, bufq_getstrategyname(dksc->sc_bufq), 663 sizeof(dks->dks_name)); 664 else >>> CID 1362906: Code maintainability issues (UNUSED_VALUE) >>> Assigning value "22" to "error" here, but that stored value is overwritten before it can be used. 665 error = EINVAL; 666 mutex_exit(&dksc->sc_iolock); 667 dks->dks_paramlen = 0; 668 } 669 670 case DIOCSSTRATEGY: ** CID 1362931: Insecure data handling (INTEGER_OVERFLOW) /sys/kern/core_elf32.c: 439 in coredump_note_auxv() ________________________________________________________________________________________________________ *** CID 1362931: Insecure data handling (INTEGER_OVERFLOW) /sys/kern/core_elf32.c: 439 in coredump_note_auxv() 433 if (error == 0) { 434 ELFNAMEEND(coredump_savenote)(ns, ELF_NOTE_NETBSD_CORE_AUXV, 435 ELF_NOTE_NETBSD_CORE_NAME, kauxv, len); 436 } 437 438 kmem_free(kauxv, len); >>> CID 1362931: Insecure data handling (INTEGER_OVERFLOW) >>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "error" used as return value. 439 return error; 440 } 441 442 static int 443 ELFNAMEEND(coredump_notes)(struct lwp *l, struct note_state *ns) 444 { ** CID 1362932: Control flow issues (MISSING_BREAK) /sys/dev/dksubr.c: 670 in dk_ioctl() ________________________________________________________________________________________________________ *** CID 1362932: Control flow issues (MISSING_BREAK) /sys/dev/dksubr.c: 670 in dk_ioctl() 664 else 665 error = EINVAL; 666 mutex_exit(&dksc->sc_iolock); 667 dks->dks_paramlen = 0; 668 } 669 >>> CID 1362932: Control flow issues (MISSING_BREAK) >>> The above case falls through to this one. 670 case DIOCSSTRATEGY: 671 { 672 struct disk_strategy *dks = (void *)data; 673 struct bufq_state *new; 674 struct bufq_state *old; 675 ** CID 1362933: Control flow issues (MISSING_BREAK) /sys/dev/dksubr.c: 693 in dk_ioctl() ________________________________________________________________________________________________________ *** CID 1362933: Control flow issues (MISSING_BREAK) /sys/dev/dksubr.c: 693 in dk_ioctl() 687 bufq_move(new, old); 688 dksc->sc_bufq = new; 689 mutex_exit(&dksc->sc_iolock); 690 bufq_free(old); 691 } 692 >>> CID 1362933: Control flow issues (MISSING_BREAK) >>> The above case falls through to this one. 693 default: 694 error = ENOTTY; 695 } 696 697 return error; 698 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/netbsd-amd64-kernel?tab=overview To manage Coverity Scan email notifications for "coverity-updates%netbsd.org@localhost", click https://scan.coverity.com/subscriptions/edit?email=coverity-updates%40netbsd.org&token=487286ca1a9a4f4bd485d16f66b5e782