| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Found by coverity
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Coverity complains about a use after free in here after the
freeing, I can't follow the linked list so well, but whot
says the device can only be on one list once, so break should
fix it.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
This saves us having to make sure we clean it up.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
This is created using XNFstrdup, so it needs to be freed.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Avoids having to free the malloced object.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Pointed out by coverity.
v2: set modifies_failed to NULL at start (whot)
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Otherwise if the VERIFY_SHMSIZE macro fails we leak the drawables
we allocated earlier.
Noticed by coverity scan.
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
These get used at the end of the function in a calculation,
even though the result isn't used its not pretty.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
In the unlikely event of a failure in creating processes, signal
masks will fall from the panels above you. Secure your mask before
telling your child what to do, since it won't exist, and you will
instead cause the server itself to be replaced by a shell running
the target program.
Found by Coverity #53397: Missing break in switch
Execution falls through to the next case statement or default;
this might indicate a common typo.
In System: Missing break statement between cases in switch statement (CWE-484)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
ctx_attribs had room for 3 pairs of attributes, but if both flags & reset
attributes were being returned it was storing 4 pairs in the array.
Found by Coverity #53442: Out-of-bounds write
This could cause an immediate crash or incorrect computations.
In create_driver_context: Out-of-bounds write to a buffer (CWE-119)
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Coverity scan detected that asserts were setting values, not checking them:
CID 53252: Side effect in assertion (ASSERT_SIDE_EFFECT)
assignment_where_comparison_intended: Assignment item->b = i * 2
has a side effect. This code will work differently in a non-debug build.
Did you intend to use a comparison ("==") instead?
CID 53259: Side effect in assertion (ASSERT_SIDE_EFFECT)
assignment_where_comparison_intended: Assignment item->a = i
has a side effect. This code will work differently in a non-debug build.
Did you intend to use a comparison ("==") instead?
CID 53260: Side effect in assertion (ASSERT_SIDE_EFFECT)
assignment_where_comparison_intended: Assignment item->a = i
has a side effect. This code will work differently in a non-debug build.
Did you intend to use a comparison ("==") instead?
CID 53261: Side effect in assertion (ASSERT_SIDE_EFFECT)
assignment_where_comparison_intended: Assignment item->b = i * 2
has a side effect. This code will work differently in a non-debug build.
Did you intend to use a comparison ("==") instead?
Fixing those to be == caused test_nt_list_insert to start failing as
part assumed append order, part assumed insert order, so it had to be
fixed to use consistent ordering.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
This code wasn't allocating enough space and was assigning the NULL
one past the end.
Pointed out by coverity.
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Number of devices is 2 + MAXDEVICES, with index 0 and 1 reserved for
XIAll{Master}Devices. At the current size, PropagateMask would be overrun in
RecalculateDeviceDeliverableEvents().
Found by Coverity.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
|
Don't leak if ti->history is NULL.
Found by coverity.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
|
Found by Coverity.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
|
Pointed out by coverity scan.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
|
|
Pointed out by coverity.
v2: fix swapped as well, as pointed out by Alan
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If the pGCPriv->flags == 2, then we try to assign the freed pGCPriv->XAAOps
avoid this by clearing the flags in to be destroyed pGCPriv.
Reported by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
This code had an off-by-one and would allow writing one past the end of
the callbacks array.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Initialise the pAttr->values to values so if the values allocation
fails it just ends up as free(NULL).
Pointed out by coverity.
v2: use Alan's suggestion.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
This reverts commit 7333dc2969f60af0abcfb28e7182a5fff9918223.
False positive.
|
|
Event alloc_arg: Called allocation function "XIPropToInt" on "ptr" [details]
167 rc = XIPropToInt(val, &nelem, &ptr);
Event leaked_storage: Variable "ptr" goes out of scope
|
|
|
|
Event var_tested_neg: Variable "fd" tested NEGATIVE
At conditional (1): "fd != -1" taking false path
335 if (fd != -1) {
Event negative_returns: Tracked variable "fd" was passed to a negative sink.
347 close(fd);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
'register int n' in loops of ProcXkbGetNames.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
in fbEvenStipple.
|
|
|
|
malloc(0)
|
|
|
|
|
|
|
|
|
|
|
