[coreboot] New Defects reported by Coverity Scan for coreboot

[scan-admin--- via coreboot]

Hi,

Please find the latest report on new defect(s) introduced to coreboot found 
with Coverity Scan.

3 new defect(s) introduced to coreboot found with Coverity Scan.
35 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1498916:    (STRING_OVERFLOW)


________________________________________________________________________________________________________
*** CID 1498916:    (STRING_OVERFLOW)
/src/arch/x86/smbios.c: 1068 in smbios_write_type28()
1062                            u32 oem,
1063                            u16 nominal_value)
1064     {
1065            struct smbios_type28 *t = smbios_carve_table(*current, 
SMBIOS_TEMPERATURE_PROBE,
1066                                                         sizeof(*t), 
*handle);
1067     
>>>     CID 1498916:    (STRING_OVERFLOW)
>>>     You might overrun the 2-character fixed-size string "t->eos" by copying 
>>> "name" without checking the length.
1068            t->description = smbios_add_string(t->eos, name ? name : 
"Temperature");
1069            t->location_and_status = location | (status << 5);
1070            t->maximum_value = max_value;
1071            t->minimum_value = min_value;
1072            t->resolution = resolution;
1073            t->tolerance = tolerance;
/src/arch/x86/smbios.c: 1068 in smbios_write_type28()
1062                            u32 oem,
1063                            u16 nominal_value)
1064     {
1065            struct smbios_type28 *t = smbios_carve_table(*current, 
SMBIOS_TEMPERATURE_PROBE,
1066                                                         sizeof(*t), 
*handle);
1067     
>>>     CID 1498916:    (STRING_OVERFLOW)
>>>     You might overrun the 2-character destination string "t->eos" by 
>>> writing 12 characters from ""Temperature"".
1068            t->description = smbios_add_string(t->eos, name ? name : 
"Temperature");
1069            t->location_and_status = location | (status << 5);
1070            t->maximum_value = max_value;
1071            t->minimum_value = min_value;
1072            t->resolution = resolution;
1073            t->tolerance = tolerance;

** CID 1498915:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file()


________________________________________________________________________________________________________
*** CID 1498915:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file()
596                     bytes = write(fd, buf + total_bytes, buf_size - 
total_bytes);
597                     if (bytes < 0 && errno == EAGAIN)
598                             bytes = 0;
599     
600                     if (bytes < 0) {
601                             fprintf(stderr, "Write failure %s\n", 
strerror(errno));
>>>     CID 1498915:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "lseek(fd, 1L, -total_bytes)" without checking return value. 
>>> This library function may fail and return an error code.
602                             lseek(fd, SEEK_CUR, -total_bytes);
603                             return bytes;
604                     }
605     
606                     total_bytes += bytes;
607             } while (total_bytes < buf_size);

** CID 1498914:  Security best practices violations  (STRING_OVERFLOW)


________________________________________________________________________________________________________
*** CID 1498914:  Security best practices violations  (STRING_OVERFLOW)
/src/arch/x86/smbios.c: 1155 in smbios_write_type43()
1149            t->major_spec_ver = major_spec_ver;
1150            t->minor_spec_ver = minor_spec_ver;
1151            t->fw_ver1 = fw_ver1;
1152            t->fw_ver2 = fw_ver2;
1153            t->characteristics = characteristics;
1154            t->oem_defined = oem_defined;
>>>     CID 1498914:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 2-character fixed-size string "t->eos" by copying 
>>> "description" without checking the length.
1155            t->description = smbios_add_string(t->eos, description);
1156     
1157            const int len = smbios_full_table_len(&t->header, t->eos);
1158            *current += len;
1159            *handle += 1;
1160            return len;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dt2qA_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3L8EkrFCAlWeWzKkiHgiRtGwiuYAiBOYrxktlH-2F5ba58-2BeHqyGznYn04mvBtj4d8B44W3IoPDTgbjOQ87Qgo5C14SLOxSex1m-2FEo9kCl-2F-2BE6cEOouD4pMM-2FyZ5jd17HuFTW9RPyfHrvUFJ8Th6qBgqxT6GRFJh8k-2FIjFDTCBUqFQ-3D-3D

_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org