New Defect found by Coverity Scan based on code change in last 1.5 week

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
New Defect found by Coverity Scan based on code change in last 1.5 week

Defect Summary
________________________________________________________________________
** CID 200075: Free of array-typed value (BAD_FREE.array)
/linux/fs/splice.c: 317
Alexander Viro 

** CID 709210: Self assignment (NO_EFFECT.self_assign)
/linux/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c: 100
Roland Dreier 

** CID 709213: Wrong sizeof argument (SIZEOF_MISMATCH.wrong_sizeof)
/linux/drivers/hid/hid-logitech-dj.c: 442
Jiri Kosina 

** CID 709214: Wrong sizeof argument (SIZEOF_MISMATCH.wrong_sizeof)
/linux/drivers/hid/hid-logitech-dj.c: 459
Jiri Kosina

** CID 709551: Logically dead code (DEADCODE.none)
/linux/drivers/block/mtip32xx/mtip32xx.c: 2660
Jens Axboe 

** CID 709552: Logically dead code (DEADCODE.none)
/linux/drivers/block/mtip32xx/mtip32xx.c: 2588
Jens Axboe 

________________________________________________________________________
Defect Details:
________________________________________________________________________
CID 200075: Free of array-typed value (BAD_FREE.array)

/linux/fs/splice.c: 317 ( array_assign)
   311     struct page *pages[PIPE_DEF_BUFFERS];
   312     struct partial_page partial[PIPE_DEF_BUFFERS];
...
   316     int error, page_nr;
>>> CID 200075: Free of array-typed value (BAD_FREE.array)
>>> Assigning: "spd.pages" = "pages".
   317     struct splice_pipe_desc spd = {
   318      .pages = pages,
   319      .partial = partial,
   320      .nr_pages_max = PIPE_DEF_BUFFERS,
   321      .flags = flags,
  
/linux/fs/splice.c: 503 ( incorrect_free)
   500     if (spd.nr_pages)
   501      error = splice_to_pipe(pipe, &spd);
   502    
>>> "splice_shrink_spd" frees incorrect pointer "spd.pages".
   503     splice_shrink_spd(&spd);
   504     return error;
   505    }
   506    
   507    /**
  
/linux/fs/splice.c: 317 ( array_assign)
   311     struct page *pages[PIPE_DEF_BUFFERS];
   312     struct partial_page partial[PIPE_DEF_BUFFERS];
...
   316     int error, page_nr;
>>> CID 200075: Free of array-typed value (BAD_FREE.array)
>>> Assigning: "spd.partial" = "partial".
   317     struct splice_pipe_desc spd = {
   318      .pages = pages,
   319      .partial = partial,
   320      .nr_pages_max = PIPE_DEF_BUFFERS,
   321      .flags = flags,
  
/linux/fs/splice.c: 503 ( incorrect_free)
   500     if (spd.nr_pages)
   501      error = splice_to_pipe(pipe, &spd);
   502    
>>> "splice_shrink_spd" frees incorrect pointer "spd.partial".
   503     splice_shrink_spd(&spd);
   504     return error;
   505    }
   506    
   507    /**
  
________________________________________________________________________
CID 709210: Self assignment (NO_EFFECT.self_assign)

/linux/drivers/infiniband/hw/ocrdma/ocrdma_verbs.c: 100 ( self_assign)
   97         min(dev->attr.max_ord_per_qp, dev->attr.max_ird_per_qp);
   98     attr->max_qp_init_rd_atom = dev->attr.max_ord_per_qp;
   99     attr->max_srq = (dev->attr.max_qp - 1);
>>> CID 709210: Self assignment (NO_EFFECT.self_assign) Assignment 
>>> operation "attr->max_srq_sge = attr->max_srq_sge" has no effect.
   100     attr->max_srq_sge = attr->max_srq_sge;
   101     attr->max_srq_wr = dev->attr.max_rqe;
   102     attr->local_ca_ack_delay = dev->attr.local_ca_ack_delay;
   103     attr->max_fast_reg_page_list_len = 0;
   104     attr->max_pkeys = 1;
  
________________________________________________________________________
CID 709213: Wrong sizeof argument (SIZEOF_MISMATCH.wrong_sizeof)

/linux/drivers/hid/hid-logitech-dj.c: 442 ( suspicious_sizeof)
   439     struct dj_report *dj_report;
   440     int retval;
   441    
>>> CID 709213: Wrong sizeof argument (SIZEOF_MISMATCH.wrong_sizeof) 
>>> Passing argument "8UL /* sizeof (dj_report) */" to function "kzalloc" and then casting the return value to "struct dj_report *" is suspicious.  
>>> Did you intend to use "sizeof(*dj_report)" instead of "sizeof (dj_report)" ?
   442     dj_report = kzalloc(sizeof(dj_report), GFP_KERNEL);
   443     if (!dj_report)
   444      return -ENOMEM;
   445     dj_report->report_id = REPORT_ID_DJ_SHORT;
   446     dj_report->device_index = 0xFF;
  
________________________________________________________________________
CID 709214: Wrong sizeof argument (SIZEOF_MISMATCH.wrong_sizeof)

/linux/drivers/hid/hid-logitech-dj.c: 459 (suspicious_sizeof)
   456     struct dj_report *dj_report;
   457     int retval;
   458    
>>> CID 709214: Wrong sizeof argument (SIZEOF_MISMATCH.wrong_sizeof) 
>>> Passing argument "8UL /* sizeof (dj_report) */" to function "kzalloc" and then casting the return value to "struct dj_report *" is suspicious.  
>>> Did you intend to use "sizeof(*dj_report)" instead of "sizeof (dj_report)" ?
   459     dj_report = kzalloc(sizeof(dj_report), GFP_KERNEL);
   460     if (!dj_report)
   461      return -ENOMEM;
   462     dj_report->report_id = REPORT_ID_DJ_SHORT;
   463     dj_report->device_index = 0xFF;
  
________________________________________________________________________
CID 709551: Logically dead code (DEADCODE)

/linux/drivers/block/mtip32xx/mtip32xx.c: 2660 
   2657     char buf[MTIP_DFS_MAX_BUF_SIZE];
   2658     int size = *offset;
   2659    
>>> CID 709551: Logically dead code (DEADCODE.none) After this line, the 
>>> value of "size" is equal to 0.
>>> Noticing condition "size".
   2660     if (!len || size)
   2661      return 0;
   2662    
>>> On this path, the condition "size < 0" cannot be true.
   2663     if (size < 0)
>>> Execution cannot reach this statement "return -22L;".
   2664      return -EINVAL;
   2665    
   2666     size += sprintf(&buf[size], "Flag-port : [ %08lX ]\n",
   2667           dd->port->flags);
   2668     size += sprintf(&buf[size], "Flag-dd   : [ %08lX ]\n",
  
________________________________________________________________________
CID 709552: Logically dead code (DEADCODE)

/linux/drivers/block/mtip32xx/mtip32xx.c: 2588 
   2585     int size = *offset;
   2586     int n;
   2587    
>>> CID 709552: Logically dead code (DEADCODE.none) After this line, the 
>>> value of "size" is equal to 0.
>>> Noticing condition "size".
   2588     if (!len || size)
   2589      return 0;
   2590    
>>> On this path, the condition "size < 0" cannot be true.
   2591     if (size < 0)
>>> Execution cannot reach this statement "return -22L;".
   2592      return -EINVAL;
   2593    
   2594     size += sprintf(&buf[size], "H/ S ACTive      : [ 0x");
   2595    
   2596     for (n = dd->slot_groups-1; n >= 0; n--)
  
________________________________________________________________________

Above code snippet provide you details information to know more about the defects.
You can also view the defect in Coverity Scan by visiting, http://scan5.coverity.com:8080  
Your username is usually your first part of your email address.
If you don't have a username, you can request one by emailing:  scan-admin@xxxxxxxxxxxx
________________________________________________________________________

Thanks
SCAN-ADMIN 
Scan-admin@xxxxxxxxxxxx
http://scan.coverity.comÿôèº{.nÇ+?·?®?­?+%?Ëÿ±éݶ;¥?wÿº{.nÇ+?·¥?{±þG«?éÿ?{ayºÊ?Ú?ë,j­¢f£¢·h??ï?êÿ?êçz_è®(­é???Ý¢j"?ú¶m§ÿÿ¾«þG«?éÿ¢¸??¨è­Ú&£ø§~?á¶iO?æ¬z·?vØ^¶m§ÿÿÃÿ¶ìÿ¢¸??I¥

[Other Archives]     [Linux Kernel Newbies]     [Linux Driver Development]     [Linux Kbuild]     [Fedora Kernel]     [Linux Kernel Testers]     [Linux SH]     [Linux Omap]     [Linux Tape]     [Linux Input]     [Linux Kernel Janitors]     [Linux Kernel Packagers]     [Linux Doc]     [Linux Man Pages]     [Linux API]     [Linux Memory Management]     [Linux Modules]     [Linux Standards]     [Kernel Announce]     [Netdev]     [Git]     [Linux PCI]     Linux CAN Development     [Linux I2C]     [Linux RDMA]     [Linux NUMA]     [Netfilter]     [Netfilter Devel]     [SELinux]     [Bugtraq]     [FIO]     [Linux Perf Users]     [Linux Serial]     [Linux PPP]     [Linux ISDN]     [Linux Next]     [Kernel Stable Commits]     [Linux Tip Commits]     [Kernel MM Commits]     [Linux Security Module]     [AutoFS]     [Filesystem Development]     [Ext3 Filesystem]     [Linux bcache]     [Ext4 Filesystem]     [Linux BTRFS]     [Linux CEPH Filesystem]     [Linux XFS]     [XFS]     [Linux NFS]     [Linux CIFS]     [Ecryptfs]     [Linux NILFS]     [Linux Cachefs]     [Reiser FS]     [Initramfs]     [Linux FB Devel]     [Linux OpenGL]     [DRI Devel]     [Fastboot]     [Linux RT Users]     [Linux RT Stable]     [eCos]     [Corosync]     [Linux Clusters]     [LVS Devel]     [Hot Plug]     [Linux Virtualization]     [KVM]     [KVM PPC]     [KVM ia64]     [Linux Containers]     [Linux Hexagon]     [Linux Cgroups]     [Util Linux]     [Wireless]     [Linux Bluetooth]     [Bluez Devel]     [Ethernet Bridging]     [Embedded Linux]     [Barebox]     [Linux MMC]     [Linux IIO]     [Sparse]     [Smatch]     [Linux Arch]     [x86 Platform Driver]     [Linux ACPI]     [Linux IBM ACPI]     [LM Sensors]     [CPU Freq]     [Linux Power Management]     [Linmodems]     [Linux DCCP]     [Linux SCTP]     [ALSA Devel]     [Linux USB]     [Linux PA RISC]     [Linux Samsung SOC]     [MIPS Linux]     [IBM S/390 Linux]     [ARM Linux]     [ARM Kernel]     [ARM MSM]     [Tegra Devel]     [Sparc Linux]     [Linux Security]     [Linux Sound]     [Linux Media]     [Video 4 Linux]     [Linux IRDA Users]     [Linux for the blind]     [Linux RAID]     [Linux ATA RAID]     [Device Mapper]     [Linux SCSI]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Linux IDE]     [Linux SMP]     [Linux AXP]     [Linux Alpha]     [Linux M68K]     [Linux ia64]     [Linux 8086]     [Linux x86_64]     [Linux Config]     [Linux Apps]     [Linux MSDOS]     [Linux X.25]     [Linux Crypto]     [DM Crypt]     [Linux Trace Users]     [Linux Btrace]     [Linux Watchdog]     [Utrace Devel]     [Linux C Programming]     [Linux Assembly]     [Dash]     [DWARVES]     [Hail Devel]     [Linux Kernel Debugger]     [Linux gcc]     [Gcc Help]     [X.Org]     [Wine]

Add to Google Powered by Linux

[Older Kernel Discussion]     [Yosemite National Park Forum]     [Large Format Photos]     [Gimp]     [Yosemite Photos]     [Stuff]