Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/lib/libc/gen/getcap.c,v rcsdiff: /ftp/cvs/cvsroot/src/lib/libc/gen/getcap.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.42 retrieving revision 1.46 diff -u -p -r1.42 -r1.46 --- src/lib/libc/gen/getcap.c 2005/11/29 03:11:59 1.42 +++ src/lib/libc/gen/getcap.c 2006/05/29 21:55:41 1.46 @@ -1,4 +1,4 @@ -/* $NetBSD: getcap.c,v 1.42 2005/11/29 03:11:59 christos Exp $ */ +/* $NetBSD: getcap.c,v 1.46 2006/05/29 21:55:41 jnemeth Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)getcap.c 8.3 (Berkeley) 3/25/94"; #else -__RCSID("$NetBSD: getcap.c,v 1.42 2005/11/29 03:11:59 christos Exp $"); +__RCSID("$NetBSD: getcap.c,v 1.46 2006/05/29 21:55:41 jnemeth Exp $"); #endif #endif /* LIBC_SCCS and not lint */ @@ -213,6 +213,7 @@ cgetcap(buf, cap, type) * encountered (couldn't open/read a file, etc.), and -3 if a potential * reference loop is detected. */ +/* coverity[+alloc : arg-*0] */ int cgetent(char **buf, const char * const *db_array, const char *name) { @@ -243,6 +244,7 @@ cgetent(char **buf, const char * const * * names interpolated, a name can't be found, or depth exceeds * MAX_RECURSION. */ +/* coverity[+alloc : arg-*0] */ static int getent(char **cap, size_t *len, const char * const *db_array, int fd, const char *name, int depth, char *nfield) @@ -324,7 +326,11 @@ getent(char **cap, size_t *len, const ch } /* save the data; close frees it */ clen = strlen(record); - cbuf = malloc(clen + 1); + if ((cbuf = malloc(clen + 1)) == NULL) { + (void)capdbp->close(capdbp); + errno = ENOMEM; + return (-2); + } memmove(cbuf, record, clen + 1); if (capdbp->close(capdbp) < 0) { int serrno = errno; @@ -761,10 +767,11 @@ cgetclose(void) * specified by db_array. It returns 0 upon completion of the database, 1 * upon returning an entry with more remaining, and -1 if an error occurs. */ +/* coverity[+alloc : arg-*0] */ int cgetnext(char **bp, const char * const *db_array) { - size_t len; + size_t len = 0; int status, done; char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE]; size_t dummy; @@ -785,7 +792,9 @@ cgetnext(char **bp, const char * const * line = toprec; } else { line = fgetln(pfp, &len); - if (line == NULL && pfp) { + if (line == NULL) { + if (pfp == NULL) + return -1; if (ferror(pfp)) { (void)cgetclose(); return (-1);