Date: Wed, 18 Aug 2004 00:26:22 -0700 From: Ted Unangst <tedu@coverity.com> To: hackers@freebsd.org Subject: too late null checks Message-ID: <4123049E.9000900@coverity.com>
index | next in thread | raw e-mail
Bugs found with Coverity's automated analysis. In each case, either the NULL check is unnecessary, or it's too late because the variable was already deref'd. dev/firewire/fwohci.c:dump_db (debugging function) pp can not be null (crash if it is) dev/mpt/mpt_pci.c:mpt_detach a null mpt won't survive mpt_prt netinet/tcp_subr.c:tcp_mtudisc tp has already been dereferenced to obtain isipv6 result usb/dev/urio.c:urio_attach if uaa->device can be null, usbd_devinfo already used it. cam/cam_xpt.c:xptplistperiphfunc check at line 2532 looks wrong. perhaps should be *pdrv == NULL? dev/twe/twe.c:twe_ioctl if you make it to line 552, tr is definitely not null. kern/vfs_subr.c:reassignbufs (4.10) 1408 while (tbp && tbp->b_lblkno < 0) 1409 tdp = TAILQ_PREV(tbp, buflists, b_vnbufs); 1410 TAILQ_INSERT_AFTER(listheadp, tbp, bp, b_vnbufs); if the first while() test fails, tailq insert will crash. i'm not sure where this code went in current. some other bugs of a similar nature have already been fixed or the code removed in current, let me know if you are still interested in 4.10 results.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4123049E.9000900>