Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan. 35 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1498916: (STRING_OVERFLOW) ________________________________________________________________________________________________________ *** CID 1498916: (STRING_OVERFLOW) /src/arch/x86/smbios.c: 1068 in smbios_write_type28() 1062 u32 oem, 1063 u16 nominal_value) 1064 { 1065 struct smbios_type28 *t = smbios_carve_table(*current, SMBIOS_TEMPERATURE_PROBE, 1066 sizeof(*t), *handle); 1067 >>> CID 1498916: (STRING_OVERFLOW) >>> You might overrun the 2-character fixed-size string "t->eos" by copying >>> "name" without checking the length. 1068 t->description = smbios_add_string(t->eos, name ? name : "Temperature"); 1069 t->location_and_status = location | (status << 5); 1070 t->maximum_value = max_value; 1071 t->minimum_value = min_value; 1072 t->resolution = resolution; 1073 t->tolerance = tolerance; /src/arch/x86/smbios.c: 1068 in smbios_write_type28() 1062 u32 oem, 1063 u16 nominal_value) 1064 { 1065 struct smbios_type28 *t = smbios_carve_table(*current, SMBIOS_TEMPERATURE_PROBE, 1066 sizeof(*t), *handle); 1067 >>> CID 1498916: (STRING_OVERFLOW) >>> You might overrun the 2-character destination string "t->eos" by >>> writing 12 characters from ""Temperature"". 1068 t->description = smbios_add_string(t->eos, name ? name : "Temperature"); 1069 t->location_and_status = location | (status << 5); 1070 t->maximum_value = max_value; 1071 t->minimum_value = min_value; 1072 t->resolution = resolution; 1073 t->tolerance = tolerance; ** CID 1498915: Error handling issues (CHECKED_RETURN) /util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file() ________________________________________________________________________________________________________ *** CID 1498915: Error handling issues (CHECKED_RETURN) /util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file() 596 bytes = write(fd, buf + total_bytes, buf_size - total_bytes); 597 if (bytes < 0 && errno == EAGAIN) 598 bytes = 0; 599 600 if (bytes < 0) { 601 fprintf(stderr, "Write failure %s\n", strerror(errno)); >>> CID 1498915: Error handling issues (CHECKED_RETURN) >>> Calling "lseek(fd, 1L, -total_bytes)" without checking return value. >>> This library function may fail and return an error code. 602 lseek(fd, SEEK_CUR, -total_bytes); 603 return bytes; 604 } 605 606 total_bytes += bytes; 607 } while (total_bytes < buf_size); ** CID 1498914: Security best practices violations (STRING_OVERFLOW) ________________________________________________________________________________________________________ *** CID 1498914: Security best practices violations (STRING_OVERFLOW) /src/arch/x86/smbios.c: 1155 in smbios_write_type43() 1149 t->major_spec_ver = major_spec_ver; 1150 t->minor_spec_ver = minor_spec_ver; 1151 t->fw_ver1 = fw_ver1; 1152 t->fw_ver2 = fw_ver2; 1153 t->characteristics = characteristics; 1154 t->oem_defined = oem_defined; >>> CID 1498914: Security best practices violations (STRING_OVERFLOW) >>> You might overrun the 2-character fixed-size string "t->eos" by copying >>> "description" without checking the length. 1155 t->description = smbios_add_string(t->eos, description); 1156 1157 const int len = smbios_full_table_len(&t->header, t->eos); 1158 *current += len; 1159 *handle += 1; 1160 return len; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dt2qA_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3L8EkrFCAlWeWzKkiHgiRtGwiuYAiBOYrxktlH-2F5ba58-2BeHqyGznYn04mvBtj4d8B44W3IoPDTgbjOQ87Qgo5C14SLOxSex1m-2FEo9kCl-2F-2BE6cEOouD4pMM-2FyZ5jd17HuFTW9RPyfHrvUFJ8Th6qBgqxT6GRFJh8k-2FIjFDTCBUqFQ-3D-3D _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org