From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 16 15:08:12 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC14016A4CE for ; Wed, 16 Mar 2005 15:08:12 +0000 (GMT) Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [195.245.194.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4054043D58 for ; Wed, 16 Mar 2005 15:08:06 +0000 (GMT) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from pm514-9.comsys.ntu-kpi.kiev.ua (pm514-9.comsys.ntu-kpi.kiev.ua [10.18.54.109]) (authenticated bits=0)j2GFAjbj002776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 16 Mar 2005 17:10:46 +0200 (EET) Received: by pm514-9.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1000) id 4520414D; Wed, 16 Mar 2005 17:07:06 +0200 (EET) Date: Wed, 16 Mar 2005 17:07:06 +0200 From: Andrey Simonenko To: Ted Unangst Message-ID: <20050316150706.GA656@pm514-9.comsys.ntu-kpi.kiev.ua> References: <42360141.3080104@coverity.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42360141.3080104@coverity.com> User-Agent: Mutt/1.4.2.1i X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, UPPERCASE_25_50 autolearn=ham version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on comsys.ntu-kpi.kiev.ua X-Virus-Scanned: ClamAV 0.82/761/Thu Mar 10 23:01:48 2005 on comsys.ntu-kpi.kiev.ua X-Virus-Status: Clean cc: hackers@freebsd.org Subject: Re: some bugs in the kernel X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 15:08:12 -0000 On Mon, Mar 14, 2005 at 01:25:21PM -0800, Ted Unangst wrote: > > NULL pointer dereference > File: usr/home/tedu/src/sys/pci/if_ti.c > Function: ti_setmulti > malloc return at 1628 is not checked against NULL. Similar errors (lines numbers from 5.3-RELEASE): i386/i386/bios.c 516 devnodebuf = malloc(bigdev + (sizeof(struct pnp_sysdevargs) - sizeof(struct pnp_sysdev)), 517 M_DEVBUF, M_NOWAIT); pci/if_dc.c 1443 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO); 1482 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO); 1498 m = malloc(sizeof(struct dc_mediainfo), M_DEVBUF, M_NOWAIT | M_ZERO); 1517 sc->dc_srom = malloc(size, M_DEVBUF, M_NOWAIT); 1717 sc->dc_pnic_rx_buf = malloc(DC_RXLEN * 5, M_DEVBUF, M_NOWAIT); pci/if_sk.c 435 sc->sk_vpd_prodname = malloc(res.vr_len + 1, M_DEVBUF, M_NOWAIT); 447 sc->sk_vpd_readonly = malloc(res.vr_len, M_DEVBUF, M_NOWAIT); 1412 port = malloc(sizeof(int), M_DEVBUF, M_NOWAIT); 1417 port = malloc(sizeof(int), M_DEVBUF, M_NOWAIT);