[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1544382: Null pointer dereferences (REVERSE_INULL)
/src/drivers/i2c/rt5645/rt5645.c: 30 in rt5645_fill_ssdt()
*** CID 1544382: Null pointer dereferences (REVERSE_INULL)
/src/drivers/i2c/rt5645/rt5645.c: 30 in rt5645_fill_ssdt()
24 .speed = config->bus_speed ? : I2C_SPEED_FAST,
25 .resource = scope,
26 };
27 struct acpi_dp *dp;
28 int curr_index = 0;
29
>>> CID 1544382: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "config" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
30 if (!config)
31 return;
32
33 const char *name = acpi_device_name(dev);
34 if (!scope || !name)
35 return;
** CID 1544381: Integer handling issues (DIVIDE_BY_ZERO)
/src/mainboard/dell/optiplex_9020/mainboard.c: 310 in get_pkg_power()
*** CID 1544381: Integer handling issues (DIVIDE_BY_ZERO)
/src/mainboard/dell/optiplex_9020/mainboard.c: 310 in get_pkg_power()
304 static uint16_t get_pkg_power(void)
305 {
306 uint8_t rapl_power_unit = rdmsr(0x606).lo & 0xf;
307 if (rapl_power_unit)
308 rapl_power_unit = 2 << (rapl_power_unit - 1);
309 uint16_t pkg_power_info = rdmsr(0x614).lo & 0x7fff;
>>> CID 1544381: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "pkg_power_info / rapl_power_unit", division by
>>> expression "rapl_power_unit" which may be zero has undefined behavior.
310 if (pkg_power_info / rapl_power_unit > 0x41)
311 return 32;
312 else
313 return 16;
314 }
315
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu5RTlgzSxHNU8YEiZyg63VT4oV0wHomK1tUxgwyYstzK0M2Ed2Cv7gFreqR3FCBLpU-3DVg8s_3AAg4m2Qo6X8uGGmBm-2BJP2cELf0dkUfIv8-2BPwY7td4r9Jgz-2FXYe-2B7X4gdTCESXd679KQWQnL7MTJlQCe04ibt-2F-2BAqkhnBFuL9fipLXW-2FcOzqJ0RI1vYe-2FABWtFAaVM0fcpt3lpPYoKw1lwtgMe2rxbMPdHKm011M9JxGaF8nhGvZJMbf9Cz4ZoJp4dV0iVCGf9pIP7qsgmmtl4dlHgE4IQ-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 15 new defect(s) introduced to coreboot found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 15 of 15 defect(s) ** CID 1518916: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() *** CID 1518916: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); >>> CID 1518916: Memory - corruptions (OVERRUN) >>> Overrunning array "params->PchPseHsuartEnable" of 4 bytes by passing it >>> to a function which accesses it at byte offset 15 using argument "16UL". >>> [Note: The source code implementation of the function has been overridden >>> by a builtin model.] 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); ** CID 1518915:(TAINTED_SCALAR) /src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init() /src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init() /src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init() *** CID 1518915:(TAINTED_SCALAR) /src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init() 149 (hdr->fw_version & 0xFF << 150 FW_REV_VERSION_SHFT); 151 write32(>se_s_fw_revision, reg_value); 152 153 assert(hdr->fw_size_in_items <= SIZE_GENI_FW_RAM); 154 >>> CID 1518915:(TAINTED_SCALAR) >>> Passing tainted expression "hdr->fw_size_in_items * 4UL" to "memcpy", >>> which uses it as an offset. [Note: The source code implementation of the >>> function has been overridden by a builtin model.] 155 memcpy((>se_geni_cfg_ramn), fw_val_arr, 156hdr->fw_size_in_items * sizeof(uint32_t)); 157 158 /* HPG section 3.1.7.12 */ 159 write32(>geni_force_default_reg, 0x1); 160 setbits_le32(>geni_cgc_ctrl, GENI_CGC_CTRL_PROG_RAM_SCLK_OFF_BMSK /src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init() 77 write32(>geni_cgc_ctrl, DEFAULT_CGC_EN); 78 79 /* HPG section 3.1.7.4 */ 80 write32(>geni_init_cfg_revision, hdr->cfg_version); 81 write32(>geni_s_init_cfg_revision, hdr->cfg_version); 82 >>> CID 1518915:(TAINTED_SCALAR) >>> Using tainted variable "hdr->cfg_size_in_items - 1" as an index to >>> pointer "cfg_idx_arr". 83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <= 84 MAX_OFFSET_CFG_REG); 85 86 for (i = 0; i < hdr->cfg_size_in_items; i++) 87 write32(>geni_cfg_reg0 + cfg_idx_arr[i], 88 cfg_val_arr[i]); /src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init() 80 write32(>geni_init_cfg_revision, hdr->cfg_version); 81 write32(>geni_s_init_cfg_revision, hdr->cfg_version); 82 83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <= 84 MAX_OFFSET_CFG_REG); 85 >>> CID 1518915:(TAINTED_SCALAR) >>> Using tainted variable "hdr->cfg_size_in_items" as a loop boundary. 86 for (i = 0; i < hdr->cfg_size_in_items; i++) 87 write32(>geni_cfg_reg0 + cfg_idx_arr[i], 88 cfg_val_arr[i]); 89 90 /* HPG section 3.1.7.9 */ 91 /* non-UART configuration, UART driver can configure as desired for UART ** CID 1518914: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() *** CID 1518914:
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1518657:(OVERRUN)
*** CID 1518657:(OVERRUN)
/src/soc/mediatek/common/i2c.c: 514 in mtk_i2c_speed_init()
508 for (clk_div = 1; clk_div <= max_clk_div; clk_div++) {
509 clk_src = I2C_CLK_HZ / clk_div;
510 bus_ctrl->ac_timing.inter_clk_div = clk_div - 1;
511
512 if (speed > I2C_SPEED_FAST_PLUS) {
513 /* Set master code speed register */
>>> CID 1518657:(OVERRUN)
>>> Overrunning callee's array of size 7 by passing argument "bus" (which
>>> evaluates to 7) in call to "mtk_i2c_calculate_speed".
514 if (mtk_i2c_calculate_speed(bus, clk_src,
I2C_SPEED_FAST,
515 _step_cnt,
_sample_cnt))
516 continue;
517
518 /* Set the high speed mode register */
519 if (mtk_i2c_calculate_speed(bus, clk_src, speed,
/src/soc/mediatek/common/i2c.c: 525 in mtk_i2c_speed_init()
519 if (mtk_i2c_calculate_speed(bus, clk_src, speed,
520 _cnt,
_cnt))
521 continue;
522
523 bus_ctrl->ac_timing.inter_clk_div = (clk_div -
1) << 8 | (clk_div - 1);
524 } else {
>>> CID 1518657:(OVERRUN)
>>> Overrunning callee's array of size 7 by passing argument "bus" (which
>>> evaluates to 7) in call to "mtk_i2c_calculate_speed".
525 if (mtk_i2c_calculate_speed(bus, clk_src, speed,
526 _step_cnt,
_sample_cnt))
527 continue;
528
529 /* Disable the high speed transaction */
530 bus_ctrl->ac_timing.hs = I2C_TIME_CLR_VALUE;
** CID 1518656: Memory - corruptions (OVERRUN)
/src/soc/mediatek/common/i2c.c: 510 in mtk_i2c_speed_init()
*** CID 1518656: Memory - corruptions (OVERRUN)
/src/soc/mediatek/common/i2c.c: 510 in mtk_i2c_speed_init()
504 }
505
506 bus_ctrl = _i2c_bus_controller[bus];
507
508 for (clk_div = 1; clk_div <= max_clk_div; clk_div++) {
509 clk_src = I2C_CLK_HZ / clk_div;
>>> CID 1518656: Memory - corruptions (OVERRUN)
>>> Overrunning array of 280 bytes at byte offset 280 by dereferencing
>>> pointer "bus_ctrl".
510 bus_ctrl->ac_timing.inter_clk_div = clk_div - 1;
511
512 if (speed > I2C_SPEED_FAST_PLUS) {
513 /* Set master code speed register */
514 if (mtk_i2c_calculate_speed(bus, clk_src,
I2C_SPEED_FAST,
515 _step_cnt,
_sample_cnt))
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D7pCr_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0G53kRiTjYpIlUQ7CqSxocmaUdC7Lesy6DmauLNbGdPvKgI5iZ8u6o9WVCT9N59MgAPbIlsuAP92RODIvYIortKTnzTXrE-2FQ-2FjyTvOWWCCq1-2FMhk-2F4GEzOCCqOKQVQNaakmAeCtNpXYeg4exWaNDaDOfTmHFErTzgzJJV4Xn1HXw-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1518442: Resource leaks (RESOURCE_LEAK)
/3rdparty/vboot/futility/file_type_bios.c: 215 in ft_show_bios()
*** CID 1518442: Resource leaks (RESOURCE_LEAK)
/3rdparty/vboot/futility/file_type_bios.c: 215 in ft_show_bios()
209 if (fmap_find_by_name(buf, len, fmap, fmap_name[c],
)) {
210 /* But the file might be truncated */
211 fmap_limit_area(ah, len);
212 if (asprintf((char **)_print_header,
"bios::%s",
213 fmap_name[c]) <= 0) {
214 ERROR("Failed to allocate buffer for
FT_PRINT");
>>> CID 1518442: Resource leaks (RESOURCE_LEAK)
>>> Variable "buf" going out of scope leaks the storage it points to.
215 return 1;
216 }
217
218 /* Update the state we're passing around */
219 state.c = c;
220 state.area[c].offset = ah->area_offset;
** CID 1518441: Resource leaks (RESOURCE_LEAK)
/3rdparty/vboot/futility/file_type_bios.c: 215 in ft_show_bios()
*** CID 1518441: Resource leaks (RESOURCE_LEAK)
/3rdparty/vboot/futility/file_type_bios.c: 215 in ft_show_bios()
209 if (fmap_find_by_name(buf, len, fmap, fmap_name[c],
)) {
210 /* But the file might be truncated */
211 fmap_limit_area(ah, len);
212 if (asprintf((char **)_print_header,
"bios::%s",
213 fmap_name[c]) <= 0) {
214 ERROR("Failed to allocate buffer for
FT_PRINT");
>>> CID 1518441: Resource leaks (RESOURCE_LEAK)
>>> Handle variable "fd" going out of scope leaks the handle.
215 return 1;
216 }
217
218 /* Update the state we're passing around */
219 state.c = c;
220 state.area[c].offset = ah->area_offset;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DP22h_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2qkCbkt0Vygxfn9HGMcZpLTCgnUKzih6faQWYFlEohXo0iegIQjbe4KN5veAQV-2BaAZwDuwhaGew0wwGNdLm8wKBvKtQGsCiqg9c19KdmWO1xFAMh7c-2FNDmpltfSFS-2BF-2BwZyTQvmKvp04GLayeb3NzsYuUyfzKy7LwZ9yNBpo6-2B5A-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1518331: Memory - illegal accesses (UNINIT) *** CID 1518331: Memory - illegal accesses (UNINIT) /src/lib/libgcov.c: 255 in buffer_fn_data() 249 return _buffer->next; 250 251 fail: 252 fprintf(stderr, "profiling:%s:Function %u %s %u\n", filename, fn_ix, 253 len ? "cannot allocate" : "counter mismatch", len ? len : ix); 254 >>> CID 1518331: Memory - illegal accesses (UNINIT) >>> Using uninitialized value "fn_buffer->info.ctrs[0].values" when calling >>> "free_fn_data". 255 return (struct gcov_fn_buffer **)free_fn_data(gi_ptr, fn_buffer, ix); 256 } 257 258 /* Add an unsigned value to the current crc */ 259 260 static gcov_unsigned_t To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DmEtL_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2Y-2BBn8q7UBoAIpJUSnwFWXZQvn9qg-2FEmeJe3-2FFLZbaWLzkeP1osVKwJzlTBKE8GKzJIkTbwbX6J7nxcjqw6MlXDoJ7-2B3MSqjypbtDkN7mBRWoHmV11QQ12cdhGkbE-2Berd5eAYpGNCy4IWerYA4UDqKoQ7xpJyljgZCOc2LOE7l1w-3D-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1518044: API usage errors (SWAPPED_ARGUMENTS)
*** CID 1518044: API usage errors (SWAPPED_ARGUMENTS)
/src/northbridge/intel/ironlake/northbridge.c: 125 in mc_read_resources()
119 pci_read_config32(pcidev_on_root(0, 0), IGD_BASE);
120 gtt_base =
121 pci_read_config32(pcidev_on_root(0, 0), GTT_BASE);
122 if (gtt_base > tseg_end) {
123 /* Reserve the gap. MMIO doesn't work in this range.
Keep
124it uncacheable, though, for easier MTRR allocation.
*/
>>> CID 1518044: API usage errors (SWAPPED_ARGUMENTS)
>>> The positions of arguments in the call to "mmio_from_to" do not match
>>> the ordering of the parameters:
* "tseg_end" is passed to "base".
* "gtt_base" is passed to "end".
125 mmio_from_to(dev, index++, tseg_end, gtt_base);
126 }
127 mmio_range(dev, index++, gtt_base, uma_size_gtt * MiB);
128 mmio_range(dev, index++, igd_base, uma_size_igd * MiB);
129
130 upper_ram_end(dev, index++, touud * MiB);
** CID 1518043: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/northbridge/intel/ironlake/northbridge.c: 128 in mc_read_resources()
*** CID 1518043: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/northbridge/intel/ironlake/northbridge.c: 128 in mc_read_resources()
122 if (gtt_base > tseg_end) {
123 /* Reserve the gap. MMIO doesn't work in this range.
Keep
124it uncacheable, though, for easier MTRR allocation.
*/
125 mmio_from_to(dev, index++, tseg_end, gtt_base);
126 }
127 mmio_range(dev, index++, gtt_base, uma_size_gtt * MiB);
>>> CID 1518043: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "uma_size_igd * 1048576" with type
>>> "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
>>> in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
128 mmio_range(dev, index++, igd_base, uma_size_igd * MiB);
129
130 upper_ram_end(dev, index++, touud * MiB);
131
132 /* This memory is not DMA-capable. */
133 if (touud >= 8192 - 64)
** CID 1518042: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/northbridge/intel/ironlake/northbridge.c: 127 in mc_read_resources()
*** CID 1518042: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/northbridge/intel/ironlake/northbridge.c: 127 in mc_read_resources()
121 pci_read_config32(pcidev_on_root(0, 0), GTT_BASE);
122 if (gtt_base > tseg_end) {
123 /* Reserve the gap. MMIO doesn't work in this range.
Keep
124it uncacheable, though, for easier MTRR allocation.
*/
125 mmio_from_to(dev, index++, tseg_end, gtt_base);
126 }
>>> CID 1518042: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "uma_size_gtt * 1048576" with type
>>> "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
>>> in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
127 mmio_range(dev, index++, gtt_base, uma_size_gtt * MiB);
128 mmio_range(dev, index++, igd_base, uma_size_igd * MiB);
129
130 upper_ram_end(dev, index++, touud * MiB);
131
132 /* This memory is not DMA-capable. */
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DL_BD_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0n7HhIJzg4orgfdSk-2FHhxaKSgeJvCNPWmnn62R76bqAKE9z3stMVL2lXjqRsXVuHGsW36eOQKJ1LdwoIuzbUu3MzOYbh3c5bFBTdYUpF6EIsNMmX8MuIqajlDGZLXFS2w-2B-2F-2BR1Ujhwsg6Z7tbTZ-2Bww0yfCxG-2B7g4-2FfaidSbupF-2BA-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1517819: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/common/block/systemagent/systemagent.c: 243 in imr_resource()
*** CID 1517819: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/common/block/systemagent/systemagent.c: 243 in imr_resource()
237 size_k = ((~mask & 0x0fff) + 1);
238 /*
239 * IMRs sit in lower DRAM. Mark them cacheable, otherwise we run
240 * out of MTRRs. Memory reserved by IMRs is not usable for host
241 * so mark it reserved.
242 */
>>> CID 1517819: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "base_k * 1024U" with type "unsigned
>>> int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
243 reserved_ram_range(dev, idx, base_k * KiB, size_k * KiB);
244 }
245
246 /*
247 * Add IMR ranges that hang off the host bridge/memory
248 * controller device in case CONFIG(SA_ENABLE_IMR) is selected by SoC.
** CID 1517818: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/northbridge/intel/i440bx/northbridge.c: 65 in
i440bx_domain_read_resources()
*** CID 1517818: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/northbridge/intel/i440bx/northbridge.c: 65 in
i440bx_domain_read_resources()
59 tolmk = tomk;
60 }
61
62 /* Report the memory regions. */
63 idx = 10;
64 ram_range(dev, idx++, 0, 0xa);
>>> CID 1517818: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "tolmk * 1024UL" with type "unsigned
>>> long" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
65 ram_from_to(dev, idx++, 0xc, tolmk * KiB);
66 }
67 }
68
69 static struct device_operations pci_domain_ops = {
70 .read_resources = i440bx_domain_read_resources,
** CID 1517817: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-riscv/mainboard.c: 17 in mainboard_enable()
*** CID 1517817: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-riscv/mainboard.c: 17 in mainboard_enable()
11
12 if (!dev) {
13 die("No dev0; die\n");
14 }
15
16 dram_mb_detected = probe_ramsize((uintptr_t)_dram, CONFIG_DRAM_SIZE_MB);
>>> CID 1517817: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "dram_mb_detected * 1048576U" with
>>> type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit
>>> arithmetic, and then used in a context that expects an expression of type
>>> "uint64_t" (64 bits, unsigned).
17 ram_range(dev, 0, (uintptr_t)_dram, dram_mb_detected * MiB);
18 }
19
20 struct chip_operations mainboard_ops = {
21 .enable_dev = mainboard_enable,
** CID 1517816: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/common/block/systemagent/systemagent.c: 243 in imr_resource()
*** CID 1517816: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/common/block/systemagent/systemagent.c: 243 in imr_resource()
237 size_k = ((~mask & 0x0fff) + 1);
238 /*
239 * IMRs sit in lower DRAM. Mark them cacheable, otherwise we run
240 * out of MTRRs. Memory reserved by IMRs is not usable for host
241 * so mark it reserved.
242 */
>>> CID 1517816: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "size_k * 1024U" with type "unsigned
>>> int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
243 reserved_ram_range(dev, idx, base_k * KiB, size_k * KiB);
244 }
245
246 /*
247 * Add IMR ranges that hang off the host bridge/memory
248 *
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1516782:(TAINTED_SCALAR)
*** CID 1516782:(TAINTED_SCALAR)
/util/cbmem/cbmem.c: 1051 in dump_tpm_std_log()
1045
1046tcg_spec_entry = event_log;
1047if (!strcmp((const char *)tcg_spec_entry->signature,
TCG_EFI_SPEC_ID_EVENT_SIGNATURE)) {
1048if (tcg_spec_entry->spec_version_major == 2 &&
1049tcg_spec_entry->spec_version_minor == 0 &&
1050le32toh(tcg_spec_entry->event_type) ==
EV_NO_ACTION) {
>>> CID 1516782:(TAINTED_SCALAR)
>>> Passing tainted expression "tcg_spec_entry->num_of_algorithms" to
>>> "parse_tpm2_log", which uses it as an offset.
1051parse_tpm2_log(tcg_spec_entry);
1052} else {
1053fprintf(stderr, "Unknown TPM2 log
specification.\n");
1054}
1055unmap_memory(_mapping);
1056return;
/util/cbmem/cbmem.c: 1051 in dump_tpm_std_log()
1045
1046tcg_spec_entry = event_log;
1047if (!strcmp((const char *)tcg_spec_entry->signature,
TCG_EFI_SPEC_ID_EVENT_SIGNATURE)) {
1048if (tcg_spec_entry->spec_version_major == 2 &&
1049tcg_spec_entry->spec_version_minor == 0 &&
1050le32toh(tcg_spec_entry->event_type) ==
EV_NO_ACTION) {
>>> CID 1516782:(TAINTED_SCALAR)
>>> Passing tainted expression "tcg_spec_entry->digest_sizes" to
>>> "parse_tpm2_log", which uses it as a loop boundary.
1051parse_tpm2_log(tcg_spec_entry);
1052} else {
1053fprintf(stderr, "Unknown TPM2 log
specification.\n");
1054}
1055unmap_memory(_mapping);
1056return;
/util/cbmem/cbmem.c: 1038 in dump_tpm_std_log()
1032tspec_entry = event_log;
1033if (!strcmp((const char *)tspec_entry->signature,
TCPA_SPEC_ID_EVENT_SIGNATURE)) {
1034if (tspec_entry->spec_version_major == 1 &&
1035tspec_entry->spec_version_minor == 2 &&
1036tspec_entry->spec_errata >= 1 &&
1037le32toh(tspec_entry->entry.event_type) ==
EV_NO_ACTION) {
>>> CID 1516782:(TAINTED_SCALAR)
>>> Passing tainted expression "tspec_entry->vendor_info_size" to
>>> "parse_tpm12_log", which uses it as an offset.
1038parse_tpm12_log(tspec_entry);
1039} else {
1040fprintf(stderr, "Unknown TPM1.2 log
specification\n");
1041}
1042unmap_memory(_mapping);
1043return;
/util/cbmem/cbmem.c: 1038 in dump_tpm_std_log()
1032tspec_entry = event_log;
1033if (!strcmp((const char *)tspec_entry->signature,
TCPA_SPEC_ID_EVENT_SIGNATURE)) {
1034if (tspec_entry->spec_version_major == 1 &&
1035tspec_entry->spec_version_minor == 2 &&
1036tspec_entry->spec_errata >= 1 &&
1037le32toh(tspec_entry->entry.event_type) ==
EV_NO_ACTION) {
>>> CID 1516782:(TAINTED_SCALAR)
>>> Passing tainted expression "tspec_entry->vendor_info" to
>>> "parse_tpm12_log", which uses it as a loop boundary.
1038parse_tpm12_log(tspec_entry);
1039} else {
1040fprintf(stderr, "Unknown TPM1.2 log
specification\n");
1041}
1042unmap_memory(_mapping);
1043return;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DREJO_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3M8lgThQpu6smGKwilZs-2Fe5HNtls9mVAhNeodW5bHfjdVDAlMs3EwafqV81AFNXKYKHJnfZ7uslITVI3mwdMWZGVIYeFViHS9EXTaGEyIu6FDcdMHxA1ihZgneG1CHkS0jLkV1cPQXLIWkU0qwwIfoLn7iTIDWdds0qPg1it-2B7SQ-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
35 new defect(s) introduced to coreboot found with Coverity Scan.
45 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 35 defect(s)
** CID 1513104: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/arch/riscv/trap_handler.c: 114 in trap_handler()
*** CID 1513104: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/arch/riscv/trap_handler.c: 114 in trap_handler()
108 break;
109 }
110 }
111 void trap_handler(trapframe *tf)
112 {
113 write_csr(mscratch, tf);
>>> CID 1513104: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "tf->cause & 0x8000ULL" is always 0 regardless of the
>>> values of its operands. This occurs as the logical operand of "if".
114 if (tf->cause & 0x8000ULL) {
115 interrupt_handler(tf);
116 return;
117 }
118
119 switch (tf->cause) {
** CID 1513103: Insecure data handling (TAINTED_SCALAR)
*** CID 1513103: Insecure data handling (TAINTED_SCALAR)
/src/security/tpm/tspi/crtm.c: 223 in recover_tpm_log()
217
218 if (ram_log == NULL) {
219 printk(BIOS_WARNING, "TPM LOG: CBMEM not available,
something went wrong\n");
220 return;
221 }
222
>>> CID 1513103: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "ram_log->vendor" to "tpm_log_copy_entries",
>>> which uses it as an offset.
223 tpm_log_copy_entries(_tpm_log, ram_log);
224 }
225 CBMEM_CREATION_HOOK(recover_tpm_log);
226 #endif
227
** CID 1513102: Memory - corruptions (OVERRUN)
*** CID 1513102: Memory - corruptions (OVERRUN)
/src/mainboard/ti/beaglebone/sd_media.c: 109 in boot_device_init()
103 if (init_done)
104 return;
105
106 sd_host.sd_clock_hz = 9600;
107 sd_host.reg = (void *)MMCHS0_BASE;
108 am335x_mmc_init_storage(_host);
>>> CID 1513102: Memory - corruptions (OVERRUN)
>>> Overrunning struct type storage_media of 152 bytes by passing it to a
>>> function which accesses it at byte offset 159.
109 storage_setup_media(, _host.sd_mmc_ctrlr);
110 storage_display_setup();
111
112 init_done = true;
113 }
114
115 const struct region_device *boot_device_ro(void)
116 {
117 return _mdev.rdev;
** CID 1513101: Memory - corruptions (OVERRUN)
/util/cbfstool/flashmap/fmap.c: 571 in fmap_find_test()
*** CID 1513101: Memory - corruptions (OVERRUN)
/util/cbfstool/flashmap/fmap.c: 571 in fmap_find_test()
565 printf("FAILURE: bsearch returned false positive\n");
566 goto fmap_find_test_exit;
567 }
568
569 /* simple test case: fmap at (total_size / 2) + 1 */
570 offset = (total_size / 2) + 1;
>>> CID 1513101: Memory - corruptions (OVERRUN)
>>> Calling "memcpy" with "fmap" and "fmap_size(fmap)" is suspicious
>>> because of the very large index, 18446744073709551615. The index may be due
>>> to a negative parameter being interpreted as unsigned. [Note: The source
>>> code implementation of the function has been overridden by a builtin model.]
571 memcpy([offset], fmap, fmap_size(fmap));
572
573 if ((unsigned)fmap_find(buf, total_size - 1) != offset) {
574 printf("FAILURE: lsearch failed to find fmap\n");
575 goto fmap_find_test_exit;
576 }
** CID 1513100: Insecure data handling (TAINTED_SCALAR)
/src/soc/intel/xeon_sp/spr/soc_acpi.c: 561 in acpi_fill_cedt()
*** CID 1513100: Insecure data handling (TAINTED_SCALAR)
/src/soc/intel/xeon_sp/spr/soc_acpi.c: 561 in acpi_fill_cedt()
555 u32 cxl_ver;
556 u64 base;
557
558 cxl_uid.byte0 = 'C';
559 cxl_uid.byte1 = 'X';
560 /* Loop through all sockets and stacks, add CHBS for each CXL
IIO stack */
>>> CID 1513100: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "hob->PlatformData.numofIIO" as a loop boundary.
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
6 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1504475:(PRINTF_ARGS)
*** CID 1504475:(PRINTF_ARGS)
/util/cbfstool/eventlog.c: 492 in eventlog_print_data()
486 [ELOG_TYPE_FW_VBOOT_INFO] = sizeof(uint16_t),
487 [ELOG_TYPE_FW_EARLY_SOL]= sizeof(uint8_t),
488 [0xff] = 0,
489 };
490
491 if (event->length <= sizeof(*event) +
elog_type_to_min_size[event->type]) {
>>> CID 1504475:(PRINTF_ARGS)
>>> Argument "event->length - 8UL" to format specifier "%u" was expected to
>>> have type "unsigned int" but has type "unsigned long".
492 eventlog_printf("INVALID DATA (length = %u)",
event->length - sizeof(*event));
493 return 0;
494 }
495
496 switch (event->type) {
497 case ELOG_TYPE_LOG_CLEAR: {
/util/cbfstool/eventlog.c: 626 in eventlog_print_data()
620 eventlog_printf("boot_mode=%s",
vb2_boot_mode_string(info->boot_mode));
621
622 if (info->boot_mode == VB2_BOOT_MODE_BROKEN_SCREEN ||
623 info->boot_mode == VB2_BOOT_MODE_MANUAL_RECOVERY) {
624 if (event->length <= sizeof(*event) +
sizeof(*info))
625 eventlog_printf("INVALID DATA (length =
%u)",
>>> CID 1504475:(PRINTF_ARGS)
>>> Argument "event->length - 8UL" to format specifier "%u" was expected to
>>> have type "unsigned int" but has type "unsigned long".
626 event->length - sizeof(*event));
627 else
628
eventlog_printf("recovery_reason=%#x/%#x (%s)",
629 info->recovery_reason,
info->recovery_subcode,
630
vb2_get_recovery_reason_string(info->recovery_reason));
631 }
** CID 1451331: Null pointer dereferences (NULL_RETURNS)
/util/goswid/vendor/gopkg.in/yaml.v3/parserc.go: 925 in
yaml.v3.yaml_parser_parse_flow_sequence_entry(*yaml.v3.yaml_parser_t,
*yaml.v3.yaml_event_t, bool)bool()
*** CID 1451331: Null pointer dereferences (NULL_RETURNS)
/util/goswid/vendor/gopkg.in/yaml.v3/parserc.go: 925 in
yaml.v3.yaml_parser_parse_flow_sequence_entry(*yaml.v3.yaml_parser_t,
*yaml.v3.yaml_event_t, bool)bool()
919 // flow_sequence_entry ::= flow_node | KEY flow_node? (VALUE
flow_node?)?
920 // *
921 //
922 func yaml_parser_parse_flow_sequence_entry(parser *yaml_parser_t, event
*yaml_event_t, first bool) bool {
923 if first {
924 token := peek_token(parser)
>>> CID 1451331: Null pointer dereferences (NULL_RETURNS)
>>> Accessing field of null object "token".
925 parser.marks = append(parser.marks, token.start_mark)
926 skip_token(parser)
927 }
928 token := peek_token(parser)
929 if token == nil {
930 return false
** CID 1451317: Null pointer dereferences (NULL_RETURNS)
/util/goswid/vendor/gopkg.in/yaml.v3/parserc.go: 816 in
yaml.v3.yaml_parser_parse_block_mapping_key(*yaml.v3.yaml_parser_t,
*yaml.v3.yaml_event_t, bool)bool()
*** CID 1451317: Null pointer dereferences (NULL_RETURNS)
/util/goswid/vendor/gopkg.in/yaml.v3/parserc.go: 816 in
yaml.v3.yaml_parser_parse_block_mapping_key(*yaml.v3.yaml_parser_t,
*yaml.v3.yaml_event_t, bool)bool()
810 // BLOCK-END
811 // *
812 //
813 func yaml_parser_parse_block_mapping_key(parser *yaml_parser_t, event
*yaml_event_t, first bool) bool {
814 if first {
815 token := peek_token(parser)
>>> CID 1451317: Null pointer dereferences (NULL_RETURNS)
>>> Accessing field of null object "token".
816 parser.marks = append(parser.marks, token.start_mark)
817 skip_token(parser)
818 }
819
820 token := peek_token(parser)
821 if token == nil {
** CID 1451316: Null pointer dereferences (NULL_RETURNS)
/util/goswid/vendor/gopkg.in/yaml.v3/parserc.go: 789 in
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1502248:(CHECKED_RETURN)
/payloads/libpayload/build/tests/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-F1Mpp0/CheckFunctionExists.c:
17 in main()
/build/coverage/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-f4hRas/CheckFunctionExists.c:
17 in main()
*** CID 1502248:(CHECKED_RETURN)
/payloads/libpayload/build/tests/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-F1Mpp0/CheckFunctionExists.c:
17 in main()
11 int ac;
12 char* av[];
13 # else
14 int main(int ac, char* av[])
15 {
16 # endif
>>> CID 1502248:(CHECKED_RETURN)
>>> Calling "strcmp" without checking return value (as is done elsewhere 5
>>> out of 6 times).
17 CHECK_FUNCTION_EXISTS();
18 if (ac > 1000) {
19 return *av[0];
20 }
21 return 0;
22 }
/build/coverage/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-f4hRas/CheckFunctionExists.c:
17 in main()
11 int ac;
12 char* av[];
13 # else
14 int main(int ac, char* av[])
15 {
16 # endif
>>> CID 1502248:(CHECKED_RETURN)
>>> Calling "strcmp" without checking return value (as is done elsewhere
>>> 240 out of 244 times).
17 CHECK_FUNCTION_EXISTS();
18 if (ac > 1000) {
19 return *av[0];
20 }
21 return 0;
22 }
** CID 1502247:(PARSE_ERROR)
/payloads/libpayload/build/tests/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-4b1HwR/CheckIncludeFile.c:
1 in ()
/build/coverage/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-4l7sqY/CheckIncludeFile.c:
1 in ()
*** CID 1502247:(PARSE_ERROR)
/payloads/libpayload/build/tests/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-4b1HwR/CheckIncludeFile.c:
1 in ()
>>> CID 1502247:(PARSE_ERROR)
>>> cannot open source file "io.h"
1 #include
2
3 #ifdef __CLASSIC_C__
4 int main()
5 {
6 return 0;
/build/coverage/util/cmocka/CMakeFiles/CMakeScratch/TryCompile-4l7sqY/CheckIncludeFile.c:
1 in ()
>>> CID 1502247:(PARSE_ERROR)
>>> cannot open source file "io.h"
1 #include
2
3 #ifdef __CLASSIC_C__
4 int main()
5 {
6 return 0;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DlPUx_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1JGKc0KutKixg0pKAu-2BrCzb4wBw-2B2lZavNjxZv8JIzbEGGnes71BAvwzVxFbFMHf0JBuscfP3E5uUXikXW4IKDLZAXkBC0I-2B-2Bag0XcXxT7ZCFGkG9jVlxlictg3JJEUV9R-2Bi6QuoQNCCDX3CU6vkhKWzYI6uJhng5yvvMa841DaQ-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1499913: Integer handling issues (NO_EFFECT)
/3rdparty/arm-trusted-firmware/drivers/arm/gic/v3/gicv3_main.c: 1109 in
gicv3_raise_sgi()
*** CID 1499913: Integer handling issues (NO_EFFECT)
/3rdparty/arm-trusted-firmware/drivers/arm/gic/v3/gicv3_main.c: 1109 in
gicv3_raise_sgi()
1103u_register_t target)
1104 {
1105unsigned int tgt, aff3, aff2, aff1, aff0;
1106uint64_t sgi_val;
1107
1108/* Verify interrupt number is in the SGI range */
>>> CID 1499913: Integer handling issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is
>>> always true. "sgi_num >= 0U".
1109assert((sgi_num >= MIN_SGI_ID) && (sgi_num < MIN_PPI_ID));
1110
/* Extract affinity fields from target */
1112aff0 = MPIDR_AFFLVL0_VAL(target);
1113aff1 = MPIDR_AFFLVL1_VAL(target);
1114aff2 = MPIDR_AFFLVL2_VAL(target);
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DDR1a_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3v-2FRt5n9-2B08WoukR9D08i6AYZqLEc8jCdD0VDk4a0a9ietuhjivPxLkcHlMi2QyK07Ia21jKIYwXalWI59Xm0Fh0MBlWciqwytx0-2BDszXz6e-2B-2BVGknRiT7uj-2FvrVU9-2Fy75FtIPgdYr9UY5TH7VCxtyKgNn8jSYkNiuTqnbHBBowA-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1498959:(STRING_OVERFLOW)
/src/mainboard/prodrive/hermes/mainboard.c: 183 in format_pn()
/src/mainboard/prodrive/hermes/mainboard.c: 182 in format_pn()
*** CID 1498959:(STRING_OVERFLOW)
/src/mainboard/prodrive/hermes/mainboard.c: 183 in format_pn()
177 static char buffer[32 + HERMES_SN_PN_LENGTH] = { 0 };
178
179 const char *part_num = eeprom_read_serial(offset, "N/A");
180
181 memset(buffer, 0, sizeof(buffer));
182 strcpy(buffer, prefix);
>>> CID 1498959:(STRING_OVERFLOW)
>>> You might overrun the 64-character fixed-size string "buffer +
>>> strlen(prefix)" by copying "part_num" without checking the length.
183 strcpy(buffer + strlen(prefix), part_num);
184
185 return buffer;
186 }
187
188 static void mainboard_smbios_strings(struct device *dev, struct
smbios_type11 *t)
/src/mainboard/prodrive/hermes/mainboard.c: 182 in format_pn()
176 {
177 static char buffer[32 + HERMES_SN_PN_LENGTH] = { 0 };
178
179 const char *part_num = eeprom_read_serial(offset, "N/A");
180
181 memset(buffer, 0, sizeof(buffer));
>>> CID 1498959:(STRING_OVERFLOW)
>>> You might overrun the 64-character fixed-size string "buffer" by
>>> copying "prefix" without checking the length.
182 strcpy(buffer, prefix);
183 strcpy(buffer + strlen(prefix), part_num);
184
185 return buffer;
186 }
187
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dc0zX_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0O8XnxtguZSOi4NfDRwpauwwdMzsG3vr2IJiLAI-2Bt7F9f-2BnG8ItElihfyrdkiaj1JXx9eWYpks8KeukejOsafy8blQ-2FRrEmprsfwicJf75TtFFEEaVNMgTeLblgnd-2BXk2XkvmVv5Kb2THogsIFh4qfEfwHK9MkIyc7qKBYuu8dxg-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
35 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1498916:(STRING_OVERFLOW)
*** CID 1498916:(STRING_OVERFLOW)
/src/arch/x86/smbios.c: 1068 in smbios_write_type28()
1062u32 oem,
1063u16 nominal_value)
1064 {
1065struct smbios_type28 *t = smbios_carve_table(*current,
SMBIOS_TEMPERATURE_PROBE,
1066 sizeof(*t),
*handle);
1067
>>> CID 1498916:(STRING_OVERFLOW)
>>> You might overrun the 2-character fixed-size string "t->eos" by copying
>>> "name" without checking the length.
1068t->description = smbios_add_string(t->eos, name ? name :
"Temperature");
1069t->location_and_status = location | (status << 5);
1070t->maximum_value = max_value;
1071t->minimum_value = min_value;
1072t->resolution = resolution;
1073t->tolerance = tolerance;
/src/arch/x86/smbios.c: 1068 in smbios_write_type28()
1062u32 oem,
1063u16 nominal_value)
1064 {
1065struct smbios_type28 *t = smbios_carve_table(*current,
SMBIOS_TEMPERATURE_PROBE,
1066 sizeof(*t),
*handle);
1067
>>> CID 1498916:(STRING_OVERFLOW)
>>> You might overrun the 2-character destination string "t->eos" by
>>> writing 12 characters from ""Temperature"".
1068t->description = smbios_add_string(t->eos, name ? name :
"Temperature");
1069t->location_and_status = location | (status << 5);
1070t->maximum_value = max_value;
1071t->minimum_value = min_value;
1072t->resolution = resolution;
1073t->tolerance = tolerance;
** CID 1498915: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file()
*** CID 1498915: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file()
596 bytes = write(fd, buf + total_bytes, buf_size -
total_bytes);
597 if (bytes < 0 && errno == EAGAIN)
598 bytes = 0;
599
600 if (bytes < 0) {
601 fprintf(stderr, "Write failure %s\n",
strerror(errno));
>>> CID 1498915: Error handling issues (CHECKED_RETURN)
>>> Calling "lseek(fd, 1L, -total_bytes)" without checking return value.
>>> This library function may fail and return an error code.
602 lseek(fd, SEEK_CUR, -total_bytes);
603 return bytes;
604 }
605
606 total_bytes += bytes;
607 } while (total_bytes < buf_size);
** CID 1498914: Security best practices violations (STRING_OVERFLOW)
*** CID 1498914: Security best practices violations (STRING_OVERFLOW)
/src/arch/x86/smbios.c: 1155 in smbios_write_type43()
1149t->major_spec_ver = major_spec_ver;
1150t->minor_spec_ver = minor_spec_ver;
1151t->fw_ver1 = fw_ver1;
1152t->fw_ver2 = fw_ver2;
1153t->characteristics = characteristics;
1154t->oem_defined = oem_defined;
>>> CID 1498914: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 2-character fixed-size string "t->eos" by copying
>>> "description" without checking the length.
1155t->description = smbios_add_string(t->eos, description);
1156
1157const int len = smbios_full_table_len(>header, t->eos);
1158*current += len;
1159*handle += 1;
1160return len;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dt2qA_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3L8EkrFCAlWeWzKkiHgiRtGwiuYAiBOYrxktlH-2F5ba58-2BeHqyGznYn04mvBtj4d8B44W3IoPDTgbjOQ87Qgo5C14SLOxSex1m-2FEo9kCl-2F-2BE6cEOouD4pMM-2FyZ5jd17HuFTW9RPyfHrvUFJ8Th6qBgqxT6GRFJh8k-2FIjFDTCBUqFQ-3D-3D
___
coreboot
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1498391:(TAINTED_SCALAR)
/src/commonlib/fsp_relocate.c: 229 in pe_relocate()
/src/commonlib/fsp_relocate.c: 256 in pe_relocate()
*** CID 1498391:(TAINTED_SCALAR)
/src/commonlib/fsp_relocate.c: 229 in pe_relocate()
223 rsize =
read_le32(>DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);
224 roffset =
read_le32(>DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
225 printk(FSP_DBG_LVL, "relocation table at offset-%x,size=%x\n",
roffset, rsize);
226 // TODO - add support for PE32+ also
227
228 offset = roffset;
>>> CID 1498391:(TAINTED_SCALAR)
>>> Using tainted variable "roffset + rsize" as a loop boundary.
229 while (offset < (roffset + rsize)) {
230 uint32_t vaddr;
231 uint32_t rlen, rnum;
232 uint16_t *rdata;
233 uint32_t i;
234 EFI_IMAGE_DATA_DIRECTORY *relocd;
/src/commonlib/fsp_relocate.c: 256 in pe_relocate()
250 printk(FSP_DBG_LVL, "\t\treloc type %x offset
%x aoff %x, base-0x%x\n",
251 rtype, roff, aoff,
img_base_off);
252 switch (rtype) {
253 case EFI_IMAGE_REL_BASED_ABSOLUTE:
254 continue;
255 case EFI_IMAGE_REL_BASED_HIGHLOW:
>>> CID 1498391:(TAINTED_SCALAR)
>>> Using tainted variable "aoff" as an index to pointer "pe_base".
256 val = read_le32(_base[aoff]);
257 printk(FSP_DBG_LVL, "Adjusting %p %x ->
%x\n",
258 _base[aoff], val, val +
delta);
259 write_le32(_base[aoff], val + delta);
260 break;
261 case EFI_IMAGE_REL_BASED_DIR64:
** CID 1498390: Null pointer dereferences (FORWARD_NULL)
/src/commonlib/fsp_relocate.c: 650 in relocate_fvh()
*** CID 1498390: Null pointer dereferences (FORWARD_NULL)
/src/commonlib/fsp_relocate.c: 650 in relocate_fvh()
644 printk(FSP_DBG_LVL, "TE image at offset
%zx\n",
645 section_offset);
646 te_relocate(section_addr, section_data);
647 } else if (read_le8(>Type) ==
EFI_SECTION_PE32) {
648 printk(FSP_DBG_LVL, "PE32 image at
offset %zx\n",
649 section_offset);
>>> CID 1498390: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "fih_offset".
650 pe_relocate(new_addr, section_data,
fsp, *fih_offset);
651 }
652
653 offset += data_size + data_offset;
654 /* Sections are aligned to 4 bytes. */
655 offset = ALIGN_UP(offset, 4);
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DEAqJ_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1709i6BtFAMY7VNil93KAmEaYZ9N1NKECHCPlboZ9suiFRBPdmiXO-2FiNSiovxoGh9a6zVcwBnUjznsKbZ2HjCT1oUTP602gF7hQul-2FDqSeW1htjHKbwU1LX1-2FplkbRPA-2BlQEYEoE35V4VwVBvbMOpp3i542ulx-2B5M2dmudrU7dzg-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1487474: Uninitialized variables (UNINIT)
*** CID 1487474: Uninitialized variables (UNINIT)
/src/soc/intel/apollolake/cse.c: 82 in read_cse_file()
76 msg.flags = flags;
77 msg.data_size = *size;
78 msg.offset = offset;
79
80 reply_size = sizeof(rmsg);
81
>>> CID 1487474: Uninitialized variables (UNINIT)
>>> Using uninitialized value "msg". Field "msg.hdr.is_resp" is
>>> uninitialized when calling "heci_send_receive".
82 if (heci_send_receive(, sizeof(msg), , _size,
HECI_MKHI_ADDR)) {
83 printk(BIOS_ERR, "HECI: Failed to read file\n");
84 return 0;
85 }
86
87 if (rmsg.data_size > *size) {
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DIEth_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0itco-2FLL4-2FBVhxn-2FbzHvQkCahGpXtyR1wZGZRWcdswP2MqzQIf25dBAomsfVxqhmW-2FegY1PTedV3mRfGMGCwScFzpbTjPSSc29-2BOEc1rvvsDi-2Fx417fxMBAewhr-2F8PDSYp4FDTl-2FahVEBB0rOwmb76oFD3b56LMafGEzZ57J2Ctg-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
17 new defect(s) introduced to coreboot found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 1498234: Memory - corruptions (ARRAY_VS_SINGLETON)
*** CID 1498234: Memory - corruptions (ARRAY_VS_SINGLETON)
/3rdparty/opensbi/lib/sbi/sbi_pmu.c: 329 in pmu_ctr_start_hw()
323
324 /*
325 * Some of the hardware may not support mcountinhibit but perf
stat
326 * still can work if supervisor mode programs the initial value.
327 */
328 mctr_inhbt = csr_read(CSR_MCOUNTINHIBIT);
>>> CID 1498234: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "_inhbt" to function "__test_bit" which uses it as an
>>> array. This might corrupt or misinterpret adjacent memory locations.
329 if (!__test_bit(cidx, _inhbt))
330 return SBI_EALREADY_STARTED;
331
332 __clear_bit(cidx, _inhbt);
333
334 if (sbi_hart_has_extension(scratch, SBI_HART_EXT_SSCOFPMF))
** CID 1498233: Memory - corruptions (ARRAY_VS_SINGLETON)
*** CID 1498233: Memory - corruptions (ARRAY_VS_SINGLETON)
/3rdparty/opensbi/lib/sbi/sbi_pmu.c: 413 in pmu_ctr_stop_hw()
407 mctr_inhbt = csr_read(CSR_MCOUNTINHIBIT);
408
409 /* Make sure the counter index lies within the range and is not
TM bit */
410 if (cidx >= num_hw_ctrs || cidx == 1)
411 return SBI_EINVAL;
412
>>> CID 1498233: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "_inhbt" to function "__test_bit" which uses it as an
>>> array. This might corrupt or misinterpret adjacent memory locations.
413 if (!__test_bit(cidx, _inhbt)) {
414 __set_bit(cidx, _inhbt);
415 csr_write(CSR_MCOUNTINHIBIT, mctr_inhbt);
416 return 0;
417 } else
418 return SBI_EALREADY_STOPPED;
** CID 1498232: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/drivers/uart/util.c: 64 in uart_bitbang_tx_byte()
*** CID 1498232: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/drivers/uart/util.c: 64 in uart_bitbang_tx_byte()
58 stopwatch_tick();
59
60 /* 'i' counts the total bits sent at the end of the loop */
61 for (i = 2; i < 10; i++) {
62 set_tx(data & 1);
63 data >>= 1;
>>> CID 1498232: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "i * 100" with type "int" (32
>>> bits, signed) is evaluated using 32-bit arithmetic, and then used in a
>>> context that expects an expression of type "int64_t" (64 bits, signed).
64 while (stopwatch_duration_usecs() < i * MHz / baud_rate)
65 stopwatch_tick();
66 }
67
68 /* Send stop bit */
69 set_tx(1);
70 while (stopwatch_duration_usecs() < i * MHz / baud_rate)
71 stopwatch_tick();
** CID 1498231: Error handling issues (CHECKED_RETURN)
/3rdparty/opensbi/lib/utils/reset/fdt_reset_htif.c: 25 in htif_reset_init()
*** CID 1498231: Error handling issues (CHECKED_RETURN)
/3rdparty/opensbi/lib/utils/reset/fdt_reset_htif.c: 25 in htif_reset_init()
19
20 if (!fdt_get_node_addr_size(fdt, nodeoff, 0, _addr, NULL)) {
21 custom = true;
22 tohost_addr = fromhost_addr + sizeof(uint64_t);
23 }
24
>>> CID 1498231: Error handling issues (CHECKED_RETURN)
>>> Calling "fdt_get_node_addr_size" without checking return value (as is
>>> done elsewhere 16 out of 18 times).
25 fdt_get_node_addr_size(fdt, nodeoff, 1, _addr, NULL);
26
27 return htif_system_reset_init(custom, fromhost_addr, tohost_addr);
28 }
29
30 static const struct fdt_match htif_reset_match[] = {
** CID 1498230:(ARRAY_VS_SINGLETON)
*** CID 1498230:(ARRAY_VS_SINGLETON)
/3rdparty/opensbi/lib/sbi/sbi_pmu.c: 465 in sbi_pmu_ctr_stop()
459 uint32_t event_code;
460 int i, cidx;
461
462 if ((cbase + sbi_fls(cmask)) >= total_ctrs)
463 return SBI_EINVAL;
464
>>> CID 1498230:(ARRAY_VS_SINGLETON)
>>>
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1497908:(UNINIT) /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1219 in edp_ctrl_calc_tu() /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1218 in edp_ctrl_calc_tu() /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1221 in edp_ctrl_calc_tu() /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1220 in edp_ctrl_calc_tu() /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1163 in edp_ctrl_calc_tu() *** CID 1497908:(UNINIT) /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1219 in edp_ctrl_calc_tu() 1213tu.delay_start_time_fp = (tu.delay_start_link * f) / tu.lclk; 1214 1215/* OUTPUTS */ 1216tu_table->valid_boundary_link = tu.valid_boundary_link; 1217tu_table->delay_start_link = tu.delay_start_link; 1218tu_table->boundary_moderation_en= tu.boundary_moderation_en; >>> CID 1497908:(UNINIT) >>> Using uninitialized value "tu.valid_lower_boundary_link". 1219tu_table->valid_lower_boundary_link = tu.valid_lower_boundary_link; 1220tu_table->upper_boundary_count = tu.upper_boundary_count; 1221tu_table->lower_boundary_count = tu.lower_boundary_count; 1222tu_table->tu_size_minus1= tu.tu_size_minus1; 1223 1224printk(BIOS_INFO, "TU: valid_boundary_link: %d\n", /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1218 in edp_ctrl_calc_tu() 1212 1213tu.delay_start_time_fp = (tu.delay_start_link * f) / tu.lclk; 1214 1215/* OUTPUTS */ 1216tu_table->valid_boundary_link = tu.valid_boundary_link; 1217tu_table->delay_start_link = tu.delay_start_link; >>> CID 1497908:(UNINIT) >>> Using uninitialized value "tu.boundary_moderation_en". 1218tu_table->boundary_moderation_en= tu.boundary_moderation_en; 1219tu_table->valid_lower_boundary_link = tu.valid_lower_boundary_link; 1220tu_table->upper_boundary_count = tu.upper_boundary_count; 1221tu_table->lower_boundary_count = tu.lower_boundary_count; 1222tu_table->tu_size_minus1= tu.tu_size_minus1; 1223 /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1221 in edp_ctrl_calc_tu() 1215/* OUTPUTS */ 1216tu_table->valid_boundary_link = tu.valid_boundary_link; 1217tu_table->delay_start_link = tu.delay_start_link; 1218tu_table->boundary_moderation_en= tu.boundary_moderation_en; 1219tu_table->valid_lower_boundary_link = tu.valid_lower_boundary_link; 1220tu_table->upper_boundary_count = tu.upper_boundary_count; >>> CID 1497908:(UNINIT) >>> Using uninitialized value "tu.lower_boundary_count". 1221tu_table->lower_boundary_count = tu.lower_boundary_count; 1222tu_table->tu_size_minus1= tu.tu_size_minus1; 1223 1224printk(BIOS_INFO, "TU: valid_boundary_link: %d\n", 1225 tu_table->valid_boundary_link); 1226printk(BIOS_INFO, "TU: delay_start_link: %d\n", /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1220 in edp_ctrl_calc_tu() 1214 1215/* OUTPUTS */ 1216tu_table->valid_boundary_link = tu.valid_boundary_link; 1217tu_table->delay_start_link = tu.delay_start_link; 1218tu_table->boundary_moderation_en= tu.boundary_moderation_en; 1219tu_table->valid_lower_boundary_link = tu.valid_lower_boundary_link; >>> CID 1497908:(UNINIT) >>> Using uninitialized value "tu.upper_boundary_count". 1220tu_table->upper_boundary_count = tu.upper_boundary_count; 1221tu_table->lower_boundary_count = tu.lower_boundary_count; 1222tu_table->tu_size_minus1= tu.tu_size_minus1; 1223 1224printk(BIOS_INFO, "TU: valid_boundary_link: %d\n", 1225 tu_table->valid_boundary_link); /src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1163 in edp_ctrl_calc_tu() 1157tu.delay_start_link_extra_pclk = EXTRA_PIXCLK_CYCLE_DELAY; 1158tu.diff_abs_fp = tu.resulting_valid_fp - tu.ratio_by_tu_fp; 1159if (tu.diff_abs_fp < 0) 1160tu.diff_abs_fp = tu.diff_abs_fp * -1; 1161 1162tu.boundary_mod_lower_err = 0; >>> CID 1497908:(UNINIT) >>> Using uninitialized value "tu.min_hblank_violated". 1163if ((tu.diff_abs_fp != 0 &&
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 2 new defect(s) introduced to coreboot found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1497845: Memory - corruptions (USE_AFTER_FREE) /3rdparty/vboot/futility/file_type_bios.c: 282 in write_new_preamble() *** CID 1497845: Memory - corruptions (USE_AFTER_FREE) /3rdparty/vboot/futility/file_type_bios.c: 282 in write_new_preamble() 276 /* and the new preamble */ 277 memcpy(vblock->buf + more, preamble, preamble->preamble_size); 278 retval = 0; 279 280 end: 281 free(preamble); >>> CID 1497845: Memory - corruptions (USE_AFTER_FREE) >>> Calling "free" frees pointer "body_sig" which has already been freed. >>> [Note: The source code implementation of the function has been overridden >>> by a builtin model.] 282 free(body_sig); 283 284 return retval; 285 } 286 287 static int write_loem(const char *ab, struct bios_area_s *vblock) ** CID 1497844: Memory - corruptions (USE_AFTER_FREE) /3rdparty/vboot/futility/cmd_sign.c: 307 in ft_sign_raw_firmware() *** CID 1497844: Memory - corruptions (USE_AFTER_FREE) /3rdparty/vboot/futility/cmd_sign.c: 307 in ft_sign_raw_firmware() 301 sign_option.keyblock->keyblock_size, 302 preamble, preamble->preamble_size); 303 304 done: 305 futil_unmap_and_close_file(fd, FILE_MODE_SIGN(sign_option), buf, len); 306 free(preamble); >>> CID 1497844: Memory - corruptions (USE_AFTER_FREE) >>> Calling "free" frees pointer "body_sig" which has already been freed. >>> [Note: The source code implementation of the function has been overridden >>> by a builtin model.] 307 free(body_sig); 308 309 return rv; 310 } 311 312 static int load_keyset(void) To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DIzmk_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2nuql2Qi8yQkrP8UkShUmiF6yy9jiiX6wQZG8h-2FMRvalrwVYPh5dV3ki06XmsztOQK4ew64NjMASOZ86HsEyfqlrGN-2Fx34rAPdvBnAliG6pVR-2FokPAfWPZ3tYKxmUsdfo0N-2FVjPrGPb8mk3oU-2F-2B-2FmASJA263-2BycM5GigdVHQusAQ-3D-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1493415: Null pointer dereferences (REVERSE_INULL)
/src/soc/intel/alderlake/hsphy.c: 71 in heci_get_hsphy_payload()
*** CID 1493415: Null pointer dereferences (REVERSE_INULL)
/src/soc/intel/alderlake/hsphy.c: 71 in heci_get_hsphy_payload()
65 uint32_t reserved[2];
66 uint32_t status;
67 uint8_t hash_type;
68 uint8_t hash[MAX_HASH_SIZE];
69 } __packed reply;
70
>>> CID 1493415: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "buf_size" suggests that it may be null, but it has
>>> already been dereferenced on all paths leading to the check.
71 if (!buf || !buf_size || !hash_buf || !hash_alg) {
72 printk(BIOS_ERR, "%s: Invalid parameters\n", __func__);
73 return -1;
74 }
75
76 reply_size = sizeof(reply);
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dj7KF_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2tO7dwCJQIedDwOk6oCmKYOHuIoz3rh6dMh61dphTFe2seVhKT3v-2FSP0UFGav-2FhPBC6Xu8nFqsctWRmp1tp6BW-2Bsm5B8kAAxkIMuMZpReF68-2FrIAnLaI77nFSWF6-2BQDr9BUKP8thGdSXgl4tfyagG0inyybkEUlu1G21v3klGHSg-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1490983: Control flow issues (DEADCODE)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1210 in edp_ctrl_calc_tu()
*** CID 1490983: Control flow issues (DEADCODE)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1210 in edp_ctrl_calc_tu()
1204temp_fp = LCLK_FAST_SKEW_fp * tu->lwidth;
1205temp = DIV_ROUND_UP(temp_fp, f);
1206temp_fp = ((tu->bpp * f / 8) / (tu->nlanes *
tu->original_ratio_fp)) * f * temp;
1207temp = temp_fp / f;
1208
1209if (async_en)
>>> CID 1490983: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "tu->delay_start_link += (in...".
1210tu->delay_start_link += (int)temp;
1211tu->delay_start_time_fp = (tu->delay_start_link * f) / tu->lclk;
1212
1213/* OUTPUTS */
1214tu_table->valid_boundary_link = tu->valid_boundary_link;
1215tu_table->delay_start_link = tu->delay_start_link;
** CID 1490982:(RESOURCE_LEAK)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
*** CID 1490982:(RESOURCE_LEAK)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229tu_table->valid_lower_boundary_link);
1230printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231tu_table->upper_boundary_count);
1232printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233tu_table->lower_boundary_count);
1234printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982:(RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239struct edp_ctrl_tu tu_config;
1240
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229tu_table->valid_lower_boundary_link);
1230printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231tu_table->upper_boundary_count);
1232printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233tu_table->lower_boundary_count);
1234printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982:(RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239struct edp_ctrl_tu tu_config;
1240
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229tu_table->valid_lower_boundary_link);
1230printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231tu_table->upper_boundary_count);
1232printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233tu_table->lower_boundary_count);
1234printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982:(RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239struct edp_ctrl_tu tu_config;
1240
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229tu_table->valid_lower_boundary_link);
1230printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231tu_table->upper_boundary_count);
1232printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233tu_table->lower_boundary_count);
1234printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982:(RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1490681: Memory - illegal accesses (OVERRUN)
/src/soc/intel/meteorlake/fsp_params.c: 109 in fill_fsps_lpss_params()
*** CID 1490681: Memory - illegal accesses (OVERRUN)
/src/soc/intel/meteorlake/fsp_params.c: 109 in fill_fsps_lpss_params()
103 }
104
105 max_port = get_max_gspi_port();
106 for (i = 0; i < max_port; i++) {
107 s_cfg->SerialIoSpiCsMode[i] =
config->serial_io_gspi_cs_mode[i];
108 s_cfg->SerialIoSpiCsState[i] =
config->serial_io_gspi_cs_state[i];
>>> CID 1490681: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "gspi_dev" of 2 4-byte elements at element index 2
>>> (byte offset 11) using index "i" (which evaluates to 2).
109 s_cfg->SerialIoSpiMode[i] =
is_devfn_enabled(gspi_dev[i]) ?
110 config->serial_io_gspi_mode[i] : 0;
111 }
112
113 max_port = get_max_uart_port();
114 for (i = 0; i < max_port; i++) {
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DY6iW_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2ZvTjaZg3EIMKBJDnSzwJtYKFi-2FBiP-2FufXSyurBrqC0xzrzAeLSMPYX8Mwc0Q08jbVHRj2xV-2BHE1IA-2BQUDsq-2Fgf6-2BWni9mTrtfaanq4C1-2FHNC63TestR-2Bd0isxjY-2Bttb9O6Bf4adq6tX3MoG-2FUm2UVx916LzoXtr-2FCy2reKT-2F8-2Fw-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1490493:(OVERFLOW_BEFORE_WIDEN) /src/soc/intel/baytrail/northcluster.c: 85 in nc_read_resources() /src/soc/intel/baytrail/northcluster.c: 84 in nc_read_resources() *** CID 1490493:(OVERFLOW_BEFORE_WIDEN) /src/soc/intel/baytrail/northcluster.c: 85 in nc_read_resources() 79 /* 0 -> 0xa */ 80 ram_from_to(dev, index++, 0, 0xa); 81 82 /* The SMMRR registers are 1MiB granularity with smmrrh being 83 * inclusive of the SMM region. */ 84 smmrrl = (iosf_bunit_read(BUNIT_SMRRL) & 0x) * MiB; >>> CID 1490493:(OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "((iosf_bunit_read(47) & 0xU) + >>> 1U) * 1048576U" with type "unsigned int" (32 bits, unsigned) is evaluated >>> using 32-bit arithmetic, and then used in a context that expects an >>> expression of type "uint64_t" (64 bits, unsigned). 85 smmrrh = ((iosf_bunit_read(BUNIT_SMRRH) & 0x) + 1) * MiB; 86 87 /* 0xc -> smrrl - cacheable and usable */ 88 ram_from_to(dev, index++, 0xc, smmrrl); 89 90 if (smmrrh > smmrrl) /src/soc/intel/baytrail/northcluster.c: 84 in nc_read_resources() 78 79 /* 0 -> 0xa */ 80 ram_from_to(dev, index++, 0, 0xa); 81 82 /* The SMMRR registers are 1MiB granularity with smmrrh being 83 * inclusive of the SMM region. */ >>> CID 1490493:(OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "(iosf_bunit_read(46) & 0xU) * >>> 1048576U" with type "unsigned int" (32 bits, unsigned) is evaluated using >>> 32-bit arithmetic, and then used in a context that expects an expression of >>> type "uint64_t" (64 bits, unsigned). 84 smmrrl = (iosf_bunit_read(BUNIT_SMRRL) & 0x) * MiB; 85 smmrrh = ((iosf_bunit_read(BUNIT_SMRRH) & 0x) + 1) * MiB; 86 87 /* 0xc -> smrrl - cacheable and usable */ 88 ram_from_to(dev, index++, 0xc, smmrrl); 89 To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D34WY_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1AnQdln9pZV1MbmpSbvalhWbfdlPUzZRsmkwwurbBzIHivyC3SSOtYN1-2FXtj-2BhO8kJvg2kTfx4njsyYjhS8s7XNzmLyQuexOwfEXyK-2F4KeRDfYgk3t9gdT2M5M4TOQ14J2dYf-2BPvwJJQp1PT0ZVn-2BqLEeDAwR1Ek89ZRBQgpfKkw-3D-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1490371: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 23 in soc_read_resources()
*** CID 1490371: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 23 in soc_read_resources()
17 static void soc_read_resources(struct device *dev)
18 {
19 u32 lcdbase = fb_base_mb();
20 unsigned long fb_size = FB_SIZE_MB;
21
22 ram_from_to(dev, 0, (uintptr_t)_dram, (sdram_max_addressable_mb() -
fb_size) * MiB);
>>> CID 1490371: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lcdbase * 1048576U" with type
>>> "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
>>> and then used in a context that expects an expression of type "uint64_t"
>>> (64 bits, unsigned).
23 mmio_range(dev, 1, lcdbase * MiB, fb_size * MiB);
24
25 ram_from_to(dev, 2, sdram_max_addressable_mb() * MiB,
26 (uintptr_t)_dram + sdram_size_mb() * (uint64_t)MiB);
27 }
28
** CID 1490370:(OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 69 in
cpu_pci_domain_read_resources()
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 101 in
cpu_pci_domain_read_resources()
*** CID 1490370:(OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 69 in
cpu_pci_domain_read_resources()
63 case 1: /* RAM */
64 printk(BIOS_DEBUG, "QEMU: e820/ram: 0x%08llx +
0x%08llx\n",
65 list[i].address, list[i].length);
66 if (list[i].address == 0) {
67 tomk = list[i].length / 1024;
68 ram_from_to(dev, idx++, 0, 0xa);
>>> CID 1490370:(OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "tomk * 1024UL" with type "unsigned
>>> long" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
69 ram_from_to(dev, idx++, 0xc, tomk *
KiB);
70 } else {
71 ram_range(dev, idx++, list[i].address,
list[i].length);
72 }
73 break;
74 case 2: /* reserved */
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 101 in
cpu_pci_domain_read_resources()
95 uint64_t high = qemu_get_high_memory_size();
96 printk(BIOS_DEBUG, "QEMU: cmos: %lu MiB RAM below 4G.\n", tomk
/ 1024);
97 printk(BIOS_DEBUG, "QEMU: cmos: %llu MiB RAM above 4G.\n", high
/ 1024);
98
99 /* Report the memory regions. */
100 ram_from_to(dev, idx++, 0, 0xa);
>>> CID 1490370:(OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "tomk * 1024UL" with type "unsigned
>>> long" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
101 ram_from_to(dev, idx++, 0xc, tomk * KiB);
102
103 if (high)
104 upper_ram_end(dev, idx++, 4ull * GiB + high *
KiB);
105 }
106
** CID 1490369: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 22 in soc_read_resources()
*** CID 1490369: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 22 in soc_read_resources()
16 */
17 static void soc_read_resources(struct device *dev)
18 {
19 u32 lcdbase = fb_base_mb();
20 unsigned long fb_size = FB_SIZE_MB;
21
>>> CID 1490369: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(sdram_max_addressable_mb() -
>>> fb_size) * 1048576UL" with type "unsigned long" (32 bits, unsigned) is
>>> evaluated using 32-bit arithmetic, and then used in a context that expects
>>> an expression of type "uint64_t" (64 bits, unsigned).
22 ram_from_to(dev, 0, (uintptr_t)_dram, (sdram_max_addressable_mb() -
fb_size) * MiB);
23 mmio_range(dev, 1, lcdbase * MiB, fb_size * MiB);
24
25 ram_from_to(dev, 2, sdram_max_addressable_mb() *
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1490278: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/rockchip/rk3288/soc.c: 16 in soc_init()
*** CID 1490278: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/rockchip/rk3288/soc.c: 16 in soc_init()
10 #include
11
12 #include "chip.h"
13
14 static void soc_init(struct device *dev)
15 {
>>> CID 1490278: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "sdram_size_mb() * 1048576U" with
>>> type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit
>>> arithmetic, and then used in a context that expects an expression of type
>>> "uint64_t" (64 bits, unsigned).
16 ram_range(dev, 0, (uintptr_t)_dram, sdram_size_mb() * MiB);
17 if (display_init_required())
18 rk_display_init(dev, (uintptr_t)_framebuffer,
19 REGION_SIZE(framebuffer));
20 else
21 printk(BIOS_INFO, "Skipping display init.\n");
** CID 1490277: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-armv7/mainboard.c: 42 in mainboard_enable()
*** CID 1490277: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-armv7/mainboard.c: 42 in mainboard_enable()
36 printk(BIOS_EMERG, "No dev0; die\n");
37 halt();
38 }
39
40 discovered = probe_ramsize((uintptr_t)_dram, CONFIG_DRAM_SIZE_MB);
41 printk(BIOS_DEBUG, "%d MiB of RAM discovered\n", discovered);
>>> CID 1490277: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "discovered * 1048576" with type
>>> "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
>>> in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
42 ram_range(dev, 0, 0x6000, discovered * MiB);
43 init_gfx();
44 }
45
46 struct chip_operations mainboard_ops = {
47 .enable_dev = mainboard_enable,
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DToDL_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0MoEFGAXwEEJbXIrOLILSHQrNwZIfe0nLe1gnLiajaLJrwdHEn9eL-2BliNpkmsWs4cPWclR42874-2F9vKvxtAkOapFk6-2FL32Gg8zoRVYMCESx5LvwouoVUgDEB3QIyO8Dazsn9sAPQ6AJNmcPeD-2BcJ-2Bs7cAawc-2FAuern-2BuVqeYFrtA-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1490122: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 305 in get_dpr_size()
*** CID 1490122: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 305 in get_dpr_size()
299 }
300 uint64_t get_dpr_size(struct device *dev)
301 {
302 uint64_t size;
303 uint32_t dpr_reg = pci_read_config32(dev, DPR_REG);
304 uint32_t size_field = (dpr_reg & MASK_DPR_LENGTH) >>
MASK_DPR_LENGTH_LSB;
>>> CID 1490122: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "size_field * 1048576U" with type
>>> "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
>>> and then used in a context that expects an expression of type "uint64_t"
>>> (64 bits, unsigned).
305 size = size_field * MiB;
306 return size;
** CID 1490121: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 254 in get_dsm_size()
*** CID 1490121: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 254 in get_dsm_size()
248 uint32_t reg32 = pci_read_config32(dev, GGC);
249 uint64_t size;
250 uint32_t size_field = (reg32 & MASK_DSM_LENGTH) >>
MASK_DSM_LENGTH_LSB;
251 if (size_field <= 0x10) { // 0x0 - 0x10
252 size = size_field * 32 * MiB;
253 } else if ((size_field >= 0xF0) && (size_field >= 0xFE)) {
>>> CID 1490121: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(size_field - 239U) * 4U *
>>> 1048576U" with type "unsigned int" (32 bits, unsigned) is evaluated using
>>> 32-bit arithmetic, and then used in a context that expects an expression of
>>> type "uint64_t" (64 bits, unsigned).
254 size = (size_field - 0xEF) * 4 * MiB;
255 } else {
256 switch (size_field) {
257 case 0x20:
258 size = 1 * GiB;
259 break;
** CID 1490120: Resource leaks (RESOURCE_LEAK)
/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c: 217 in
test_cbfs_map_valid_hash_impl()
*** CID 1490120: Resource leaks (RESOURCE_LEAK)
/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c: 217 in
test_cbfs_map_valid_hash_impl()
211 mapping = cbfs_map(TEST_DATA_1_FILENAME, );
212 assert_non_null(mapping);
213 assert_int_equal(TEST_DATA_1_SIZE, size);
214 assert_memory_equal(test_data_1, mapping, size);
215 cbfs_unmap(mapping);
216 }
>>> CID 1490120: Resource leaks (RESOURCE_LEAK)
>>> Variable "mapping" going out of scope leaks the storage it points to.
217 }
218
219 static void test_cbfs_map_valid_hash(void **state)
220 {
221 test_cbfs_map_valid_hash_impl(state, false);
222 }
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DW7qS_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2Lam0iRksDuu5wAM5HDg-2F0Km-2BOQSxCQoSjtAAEv13lgotKuXqhnEPXEcqqAj-2FLR-2F1GI2ARdV7g4VEHXHn-2B2myeaPjBQAzDAEfVGoDTaiEHiIPNVxwrMnqW7neCX-2FftVZbsFDREOFnrJelU3vgsMYOx1SBsknWA10fBtAkGGnSn6Q-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1489880: Control flow issues (DEADCODE)
/src/mainboard/intel/adlrvp/romstage_fsp_params.c: 42 in
configure_external_clksrc()
*** CID 1489880: Control flow issues (DEADCODE)
/src/mainboard/intel/adlrvp/romstage_fsp_params.c: 42 in
configure_external_clksrc()
36 * CONFIG_CLKSRC_FOR_EXTERNAL_BUFFER provides the CLKSRC that feed clock
to discrete
37 * buffer for further distribution to platform.
38 */
39 static void configure_external_clksrc(FSP_M_CONFIG *m_cfg)
40 {
41 for (unsigned int i = CONFIG_MAX_PCIE_CLOCK_SRC; i <
CONFIG_MAX_PCIE_CLOCK_REQ; i++)
>>> CID 1489880: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "m_cfg->PcieClkSrcUsage[i] = 6;".
42 m_cfg->PcieClkSrcUsage[i] = CONFIG_CLKSRC_FOR_EXTERNAL_BUFFER;
43 }
44
45 void mainboard_memory_init_params(FSPM_UPD *memupd)
46 {
47 FSP_M_CONFIG *m_cfg = >FspmConfig;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D1nr8_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn25ShoEpZAF57-2BKgHLEhjqLgqCuIm39C5qZmC-2Bdb0pYzIlW2FfNbSkLb4BJ8BumF-2B71BFuCW-2FkasPPXj7nllY6hNSRLTRUmFPVZMuqqaIpLgUt9OxsIHmYaFUIWUehJP8kBWuLXKc6SAb8SXo5wl8R8Gf8UftM3iT-2BmtUc21HIUOg-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1489753: Null pointer dereferences (NULL_RETURNS)
*** CID 1489753: Null pointer dereferences (NULL_RETURNS)
/src/drivers/i2c/generic/generic.c: 71 in i2c_generic_fill_ssdt()
65 printk(BIOS_ERR, "%s: ERROR: HID required\n", dev_path(dev));
66 return;
67 }
68
69 if (config->detect) {
70 struct device *const busdev = i2c_busdev(dev);
>>> CID 1489753: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "busdev" when calling
>>> "i2c_dev_detect".
71 if (!i2c_dev_detect(busdev, dev->path.i2c.device)) {
72 printk(BIOS_SPEW, "%s: %s at %s -- NOT FOUND,
skipping\n",
73 path,
74 config->desc ? : dev->chip_ops->name,
75 dev_path(dev));
76 return;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D9cSV_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3GkOYs9sFcMfgZmFOVN4Z-2FJwgg59H6kablUngTCsQxnsJH88W9OGEP5PFYhQkF7ZqSBPfM5pUxaVhbyUpE3gb9krnNRTJHGGClTZMzACXNJ5qtewn03-2F6T9rPIGCufuLgmNGr65ZJAhfU6YHzB6v-2FPp3bpJ87RHFZca3G9-2BdMRpg-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1489551: Null pointer dereferences (FORWARD_NULL) *** CID 1489551: Null pointer dereferences (FORWARD_NULL) /src/cpu/x86/mp_init.c: 797 in install_permanent_handler() 791 792 printk(BIOS_DEBUG, "Installing permanent SMM handler to 0x%08lx\n", smbase); 793 794 if (smm_load_module(smbase, smsize, _params)) 795 return CB_ERR; 796 >>> CID 1489551: Null pointer dereferences (FORWARD_NULL) >>> Passing "_params" to "adjust_smm_apic_id_map", which dereferences >>> null "smm_params.stub_params". 797 adjust_smm_apic_id_map(_params); 798 799 return CB_SUCCESS; 800 } 801 802 /* Load SMM handlers as part of MP flight record. */ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DWns3_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn35gyE95A6cki8eK9wu11tMNo-2FWJZo7NNt2e4eiePEzRWuUwUHGEoUYDL5HR-2Bt8rLJljd99sKaOALDNhr29-2FI6E8cKc2w1XjgmHkTV2io2uJPJhjYBX-2B-2FAg3TSM3TQpdDofUnCaqxLrtUhbTra9D2HoBuovr-2FlJnrA5EvQadRfvvZG6HRZXr85z2dy6TuupM6U-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1488867: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/cpu/x86/mtrr/earlymtrr.c: 45 in var_mtrr_set()
*** CID 1488867: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/cpu/x86/mtrr/earlymtrr.c: 45 in var_mtrr_set()
39 min base bit set and maximum size bit set. */
40 if (addr_lsb > size_msb)
41 mtrr_size = 1 << size_msb;
42 else
43 mtrr_size = 1 << addr_lsb;
44
>>> CID 1488867: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(uint64_t)addr >> 32" is 0 regardless of the values of its operands.
>>> This occurs as the operand of assignment.
45 base.hi = (uint64_t)addr >> 32;
46 base.lo = addr | type;
47 mask.hi = upper_mask;
48 mask.lo = ~(mtrr_size - 1) | MTRR_PHYS_MASK_VALID;
49 ctx->mtrr[ctx->used_var_mtrrs].base = base;
50 ctx->mtrr[ctx->used_var_mtrrs].mask = mask;
** CID 1488866:(TAINTED_SCALAR)
/util/amdfwtool/amdfwread.c: 121 in read_soft_fuse()
/util/amdfwtool/amdfwread.c: 121 in read_soft_fuse()
*** CID 1488866:(TAINTED_SCALAR)
/util/amdfwtool/amdfwread.c: 121 in read_soft_fuse()
115_entries, _current_entries) != 0)
116 return 1;
117
118 while (1) {
119 uint32_t l2_dir_offset = 0;
120
>>> CID 1488866:(TAINTED_SCALAR)
>>> Using tainted variable "num_current_entries" as a loop boundary.
121 for (size_t i = 0; i < num_current_entries; i++) {
122 uint32_t type = current_entries[i].type;
123 if (type == AMD_PSP_FUSE_CHAIN) {
124 uint64_t mode =
current_entries[i].address_mode;
125 uint64_t addr = current_entries[i].addr;
126 uint64_t fuse = mode << 62 | addr;
/util/amdfwtool/amdfwread.c: 121 in read_soft_fuse()
115_entries, _current_entries) != 0)
116 return 1;
117
118 while (1) {
119 uint32_t l2_dir_offset = 0;
120
>>> CID 1488866:(TAINTED_SCALAR)
>>> Using tainted variable "num_current_entries" as a loop boundary.
121 for (size_t i = 0; i < num_current_entries; i++) {
122 uint32_t type = current_entries[i].type;
123 if (type == AMD_PSP_FUSE_CHAIN) {
124 uint64_t mode =
current_entries[i].address_mode;
125 uint64_t addr = current_entries[i].addr;
126 uint64_t fuse = mode << 62 | addr;
** CID 1488865: Integer handling issues (BAD_SHIFT)
/src/cpu/x86/mtrr/earlymtrr.c: 45 in var_mtrr_set()
*** CID 1488865: Integer handling issues (BAD_SHIFT)
/src/cpu/x86/mtrr/earlymtrr.c: 45 in var_mtrr_set()
39 min base bit set and maximum size bit set. */
40 if (addr_lsb > size_msb)
41 mtrr_size = 1 << size_msb;
42 else
43 mtrr_size = 1 << addr_lsb;
44
>>> CID 1488865: Integer handling issues (BAD_SHIFT)
>>> In expression "(uint64_t)addr >> 32", right shifting "addr" by more
>>> than 31 bits always yields zero. The shift amount is 32.
45 base.hi = (uint64_t)addr >> 32;
46 base.lo = addr | type;
47 mask.hi = upper_mask;
48 mask.lo = ~(mtrr_size - 1) | MTRR_PHYS_MASK_VALID;
49 ctx->mtrr[ctx->used_var_mtrrs].base = base;
50 ctx->mtrr[ctx->used_var_mtrrs].mask = mask;
** CID 1488864:(TAINTED_SCALAR)
/util/amdfwtool/amdfwread.c: 91 in read_psp_directory()
/util/amdfwtool/amdfwread.c: 92 in read_psp_directory()
*** CID 1488864:(TAINTED_SCALAR)
/util/amdfwtool/amdfwread.c: 91 in read_psp_directory()
85 expected_cookie, header->cookie);
86 return 1;
87 }
88
89 /* Read the entries */
90 *num_entries = header->num_entries;
>>> CID
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1488815: Resource leaks (RESOURCE_LEAK)
/src/drivers/usb/hub/acpi.c: 48 in usb_hub_add_ports()
*** CID 1488815: Resource leaks (RESOURCE_LEAK)
/src/drivers/usb/hub/acpi.c: 48 in usb_hub_add_ports()
42 while ((port = dev_bus_each_child(dev->link_list, port)) != NULL) {
43 if (child_count++ >= config->port_count) {
44 printk(BIOS_WARNING, "%s cannot be added. Port Count
limit reached.\n",
45 dev_name(port));
46 continue;
47 }
>>> CID 1488815: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "usb_hub_acpi_name(port)"
>>> leaks it.
48 acpigen_write_device(usb_hub_acpi_name(port));
49 acpigen_write_name_byte("_ADR", port->path.usb.port_id + 1);
50 acpigen_write_device_end();
51 }
52 }
53
** CID 1488814: Uninitialized variables (UNINIT)
*** CID 1488814: Uninitialized variables (UNINIT)
/src/soc/intel/alderlake/acpi.c: 307 in soc_lpi_get_constraints()
301 snprintf(path,
sizeof(path),
302
CONFIG_ACPI_CPU_STRING, i);
303 break;
304 }
305 }
306
>>> CID 1488814: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*path" when calling
>>> "acpigen_emit_namestring".
307 acpigen_emit_namestring(path);
308 break;
309
310 default:
311 /* Unhandled */
312 printk(BIOS_WARNING,
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D0LjZ_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1WK9C6SYpARbf5OEsbRDG8FNxIhio-2B4PIzTS-2FrP6kBdkpwuJFlq3yv80NtcDTeERX6FI6Ryd2BpAtGxrhfbDEfIZDstpbGY1HQBzEZVQIEZwO3VC-2Bv7KRAjdDKoW1J0d2DuoYM-2F-2Fy7pG8HwAoZsiFPCEpH8V64hqzKVVu2yLwSrQ-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1488487: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/amd/common/block/psp/psp_gen2.c: 57 in wr_mbox_buffer_ptr()
*** CID 1488487: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/amd/common/block/psp/psp_gen2.c: 57 in wr_mbox_buffer_ptr()
51 tmp.val = smn_read32(SMN_PSP_PUBLIC_BASE + PSP_MAILBOX_COMMAND_OFFSET);
52 return !!tmp.fields.recovery;
53 }
54
55 static void wr_mbox_buffer_ptr(void *buffer)
56 {
>>> CID 1488487: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(uint64_t)(uintptr_t)buffer >> 32" is 0 regardless of the values of
>>> its operands. This occurs as an initializer.
57 const uint32_t buf_addr_h = (uint64_t)(uintptr_t)buffer >> 32;
58 const uint32_t buf_addr_l = (uint64_t)(uintptr_t)buffer & 0x;
59 smn_write32(SMN_PSP_PUBLIC_BASE + PSP_MAILBOX_BUFFER_H_OFFSET,
buf_addr_h);
60 smn_write32(SMN_PSP_PUBLIC_BASE + PSP_MAILBOX_BUFFER_L_OFFSET,
buf_addr_l);
61 }
62
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DJypP_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0c6FaQjJbppCseEuALlLh-2F3G-2B9-2Bpxeo-2BNX7uFzwWxzZPMVdMphV6xg-2F3H7QJBmaY8sl952kjlvxoN7L8Lb6k4zXlEyFisRQIIjjL0Qj5cINX-2FIQCirrlXE0RAz4ylZqfW1o045oRjZ0UAV5fKTF1Ei1QabuuECZKKOgxEEOeOEkA-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1487871: Control flow issues (DEADCODE)
/src/vendorcode/google/chromeos/watchdog.c: 35 in reset_watchdog_tombstone()
*** CID 1487871: Control flow issues (DEADCODE)
/src/vendorcode/google/chromeos/watchdog.c: 35 in reset_watchdog_tombstone()
29 BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY,
30elog_handle_watchdog_tombstone, NULL);
31
32 bool reset_watchdog_tombstone(void)
33 {
34 if (!REGION_SIZE(watchdog_tombstone))
>>> CID 1487871: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return false;".
35 return false;
36
37 bool flag = (read32(_watchdog_tombstone) == WATCHDOG_TOMBSTONE_MAGIC);
38 write32(_watchdog_tombstone, 0);
39 return flag;
40 }
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DvSa0_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2pc9LwKecOhAndP2F8NmPSRLnuO9gd6mKnZq8aZ0ZBe-2BpYghPrM-2FNHAz7YQxgLI1IYy2f5Jgv6x9OeNVep5IKGrtVd0uEMtFv1UOqpZQA-2Bb2PpkIKxi00bKZmdY8QQ4LnYHBDjvVHc-2BrGECK1tH0p-2FnmaGP-2Fudg0JIxmi-2FJLH5wN-2FB3Mq391jI2GILecDNYhQ-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
6 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1487636: Resource leaks (RESOURCE_LEAK)
/util/cbfstool/fmd_parser.y: 173 in parse_descriptor()
*** CID 1487636: Resource leaks (RESOURCE_LEAK)
/util/cbfstool/fmd_parser.y: 173 in parse_descriptor()
167 struct descriptor_node *next_node =
cur_node->next;
168 free(cur_node);
169 cur_node = next_node;
170 }
171 } else {
172 region->list = NULL;
>>> CID 1487636: Resource leaks (RESOURCE_LEAK)
>>> Variable "region" going out of scope leaks the storage it points to.
173 }
174 return region;
175 }
176
177 void yyerror(const char *s)
178 {
179 fprintf(stderr, "%s\n", s);
** CID 1487635: Incorrect expression (SIZEOF_MISMATCH)
/src/soc/qualcomm/common/qclib.c: 172 in qclib_load_and_run()
*** CID 1487635: Incorrect expression (SIZEOF_MISMATCH)
/src/soc/qualcomm/common/qclib.c: 172 in qclib_load_and_run()
166 memset(_ddr_training, 0, REGION_SIZE(ddr_training));
167 }
168 qclib_add_if_table_entry(QCLIB_TE_DDR_TRAINING_DATA,
169 _ddr_training,
REGION_SIZE(ddr_training), 0);
170
171 /* Attempt to read MEM CHIP information */
>>> CID 1487635: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "mem_chip_addr" of type "void *" and argument "8U /*
>>> sizeof (mem_chip_addr) */" to function "qclib_add_if_table_entry" is
>>> suspicious.
172 qclib_add_if_table_entry(QCLIB_TE_MEM_CHIP_INFO,
173 mem_chip_addr, sizeof(mem_chip_addr),
0);
174
175 /* Attempt to load PMICCFG Blob */
176 data_size = cbfs_load(CONFIG_CBFS_PREFIX "/pmiccfg",
177 _pmic, REGION_SIZE(pmic));
** CID 1487634: Integer handling issues (SIGN_EXTENSION)
/src/cpu/intel/common/common_init.c: 226 in set_energy_perf_pref()
*** CID 1487634: Integer handling issues (SIGN_EXTENSION)
/src/cpu/intel/common/common_init.c: 226 in set_energy_perf_pref()
220 * prefer energy efficiency.
221 * This function needs to be called when HWP_ENABLE is set.
222 */
223 void set_energy_perf_pref(u8 pref)
224 {
225 msr_unset_and_set(IA32_HWP_REQUEST, IA32_HWP_REQUEST_EPP_MASK,
>>> CID 1487634: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "pref" with type "u8" (8 bits,
>>> unsigned) is promoted in "pref << 24" to type "int" (32 bits, signed), then
>>> sign-extended to type "unsigned long long" (64 bits, unsigned). If "pref
>>> << 24" is greater than 0x7FFF, the upper bits of the result will all be
>>> 1.
226 pref << IA32_HWP_REQUEST_EPP_SHIFT);
** CID 1487633: Error handling issues (CHECKED_RETURN)
/src/drivers/i2c/tpm/cr50.c: 257 in cr50_i2c_tis_ready()
*** CID 1487633: Error handling issues (CHECKED_RETURN)
/src/drivers/i2c/tpm/cr50.c: 257 in cr50_i2c_tis_ready()
251 }
252
253 /* cr50 requires all 4 bytes of status register to be written */
254 static void cr50_i2c_tis_ready(struct tpm_chip *chip)
255 {
256 uint8_t buf[4] = { TPM_STS_COMMAND_READY };
>>> CID 1487633: Error handling issues (CHECKED_RETURN)
>>> Calling "cr50_i2c_write" without checking return value (as is done
>>> elsewhere 4 out of 5 times).
257 cr50_i2c_write(TPM_STS(chip->vendor.locality), buf,
sizeof(buf));
258 mdelay(CR50_TIMEOUT_SHORT_MS);
259 }
260
261 /* cr50 uses bytes 3:2 of status register for burst count and
262 * all 4 bytes must be read */
** CID 1487632: Null pointer dereferences (REVERSE_INULL)
/src/drivers/wifi/generic/acpi.c: 539 in wifi_ssdt_write_properties()
*** CID 1487632: Null pointer dereferences (REVERSE_INULL)
/src/drivers/wifi/generic/acpi.c: 539 in wifi_ssdt_write_properties()
533
534 static void wifi_ssdt_write_properties(const struct device *dev, const
char *scope)
535 {
536 bool is_cnvi_ddr_rfim_enabled = false;
537
538 const struct
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
200 new defect(s) introduced to coreboot found with Coverity Scan.
26 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 200 defect(s)
** CID 1487449: Memory - corruptions (STRING_OVERFLOW)
*** CID 1487449: Memory - corruptions (STRING_OVERFLOW)
/src/arch/x86/smbios_defaults.c: 27 in smbios_fill_dimm_asset_tag()
21 __weak void smbios_fill_dimm_asset_tag(const struct dimm_info *dimm,
struct smbios_type17 *t)
22 {
23 char buf[40];
24
25 snprintf(buf, sizeof(buf), "Channel-%d-DIMM-%d-AssetTag",
26 dimm->channel_num, dimm->dimm_num);
>>> CID 1487449: Memory - corruptions (STRING_OVERFLOW)
>>> You might overrun the 2-character destination string "t->eos" by
>>> writing 40 characters from "buf".
27 t->asset_tag = smbios_add_string(t->eos, buf);
28 }
29
30 __weak smbios_wakeup_type smbios_system_wakeup_type(void)
31 {
32 return SMBIOS_WAKEUP_TYPE_RESERVED;
** CID 1487448: Insecure data handling (TAINTED_SCALAR)
/util/cbfstool/ifwitool.c: 1160 in bpdt_fixup_write_buffer()
*** CID 1487448: Insecure data handling (TAINTED_SCALAR)
/util/cbfstool/ifwitool.c: 1160 in bpdt_fixup_write_buffer()
1154sizeof(h->xor_redundant_block));
1155offset = fix_member(>ifwi_version, offset,
sizeof(h->ifwi_version));
1156offset = fix_member(>fit_tool_version, offset,
1157sizeof(h->fit_tool_version));
1158
1159uint32_t i;
>>> CID 1487448: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "count" as a loop boundary.
1160for (i = 0; i < count; i++) {
1161offset = fix_member([i].type, offset,
sizeof(e[i].type));
1162offset = fix_member([i].flags, offset,
sizeof(e[i].flags));
1163offset = fix_member([i].offset, offset,
sizeof(e[i].offset));
1164offset = fix_member([i].size, offset,
sizeof(e[i].size));
1165}
** CID 1487447: Audit impact security (SUPPRESSED_ERROR)
/home/coreboot/go/pkg/mod/github.com/ulikunitz/xz@v0.5.8/internal/xlog/xlog.go:
259 in github.com/ulikunitz/xz/internal/xlog.Fatal([]interface{})()
*** CID 1487447: Audit impact security (SUPPRESSED_ERROR)
/home/coreboot/go/pkg/mod/github.com/ulikunitz/xz@v0.5.8/internal/xlog/xlog.go:
259 in github.com/ulikunitz/xz/internal/xlog.Fatal([]interface{})()
253 os.Exit(1)
254 }
255
256 // Fatal prints the message like Print and calls os.Exit(1). The
257 // printing might be suppressed by the flag Lnofatal.
258 func Fatal(v ...interface{}) {
>>> CID 1487447: Audit impact security (SUPPRESSED_ERROR)
>>> The error returned by the function "std.Output(2, 64, v)" is not
>>> explicitly checked.
259 std.Output(2, Lnofatal, v...)
260 os.Exit(1)
261 }
262
263 // Fatalf prints the message like Printf and calls os.Exit(1). The
264 // printing might be suppressed by the flag Lnofatal.
** CID 1487446: Memory - corruptions (OVERRUN)
/payloads/libpayload/drivers/usb/xhci.c: 921 in xhci_destroy_intr_queue()
*** CID 1487446: Memory - corruptions (OVERRUN)
/payloads/libpayload/drivers/usb/xhci.c: 921 in xhci_destroy_intr_queue()
915 /* Free all pending transfers and the interrupt queue structure
*/
916 int i;
917 for (i = 0; i < intrq->count; ++i) {
918 free(phys_to_virt(intrq->next->ptr_low));
919 intrq->next = xhci_next_trb(intrq->next, NULL);
920 }
>>> CID 1487446: Memory - corruptions (OVERRUN)
>>> Overrunning array "xhci->dev[slot_id].interrupt_queues" of 32 4-byte
>>> elements at element index 255 (byte offset 1023) using index "ep_id" (which
>>> evaluates to 255).
921 xhci->dev[slot_id].interrupt_queues[ep_id] = NULL;
922 free((void *)intrq);
923
924 /* Reset the controller's dequeue pointer and reinitialize the
ring */
925 xhci_cmd_set_tr_dq(xhci, slot_id, ep_id, tr->ring, 1);
926 xhci_init_cycle_ring(tr, TRANSFER_RING_SIZE);
** CID 1487445: Audit impact security (SUPPRESSED_ERROR)
/home/coreboot/go/pkg/mod/github.com/ulikunitz/xz@v0.5.8/internal/xlog/xlog.go:
372 in
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1469611:(OVERRUN)
/src/soc/amd/cezanne/psp_verstage/uart.c: 16 in get_uart_base()
/src/soc/amd/cezanne/psp_verstage/uart.c: 25 in get_uart_base()
/src/soc/amd/cezanne/psp_verstage/uart.c: 17 in get_uart_base()
*** CID 1469611:(OVERRUN)
/src/soc/amd/cezanne/psp_verstage/uart.c: 16 in get_uart_base()
10 {
11 uint32_t err;
12
13 if (idx > ARRAY_SIZE(uart_bars))
14 return 0;
15
>>> CID 1469611:(OVERRUN)
>>> Overrunning array "uart_bars" of 1 4-byte elements at element index 1
>>> (byte offset 7) using index "idx" (which evaluates to 1).
16 if (uart_bars[idx])
17 return (uintptr_t)uart_bars[idx];
18
19 err = svc_map_fch_dev(FCH_IO_DEVICE_UART, idx, 0, _bars[idx]);
20 if (err) {
21 svc_debug_print("Failed to map UART\n");
/src/soc/amd/cezanne/psp_verstage/uart.c: 25 in get_uart_base()
19 err = svc_map_fch_dev(FCH_IO_DEVICE_UART, idx, 0, _bars[idx]);
20 if (err) {
21 svc_debug_print("Failed to map UART\n");
22 return 0;
23 }
24
>>> CID 1469611:(OVERRUN)
>>> Overrunning array "uart_bars" of 1 4-byte elements at element index 1
>>> (byte offset 7) using index "idx" (which evaluates to 1).
25 return (uintptr_t)uart_bars[idx];
/src/soc/amd/cezanne/psp_verstage/uart.c: 17 in get_uart_base()
11 uint32_t err;
12
13 if (idx > ARRAY_SIZE(uart_bars))
14 return 0;
15
16 if (uart_bars[idx])
>>> CID 1469611:(OVERRUN)
>>> Overrunning array "uart_bars" of 1 4-byte elements at element index 1
>>> (byte offset 7) using index "idx" (which evaluates to 1).
17 return (uintptr_t)uart_bars[idx];
18
19 err = svc_map_fch_dev(FCH_IO_DEVICE_UART, idx, 0, _bars[idx]);
20 if (err) {
21 svc_debug_print("Failed to map UART\n");
22 return 0;
23 }
24
25 return (uintptr_t)uart_bars[idx];
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dc4jK_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2IBYJviNW4Wil94rxQashcpguQloe689yczzzFJQopnAoBVLrlG7YBZ8m2xFZDM97Z7MYQ3vn-2ByGtwGFIHfkx93GwyjbC1FzsBV1YoXaNwNr6nSqcRWs0-2FYbx5mV-2BAtotUE9c19cAPIZG0S-2BWUusKEVAZtCw4-2BA7yVnMYzqEUtsw-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1469543:(CONSTANT_EXPRESSION_RESULT)
/src/drivers/wwan/fm/acpi_fm350gl.c: 86 in wwan_fm350gl_acpi_method_fhrf()
/src/drivers/wwan/fm/acpi_fm350gl.c: 63 in wwan_fm350gl_acpi_method_fhrf()
*** CID 1469543:(CONSTANT_EXPRESSION_RESULT)
/src/drivers/wwan/fm/acpi_fm350gl.c: 86 in wwan_fm350gl_acpi_method_fhrf()
80 /* cold reset */
81 acpigen_write_else();
82 {
83 acpigen_write_if_lequal_op_int(ARG0_OP,
RESET_TYPE_COLD);
84 {
85 /* disable source clock */
>>> CID 1469543:(CONSTANT_EXPRESSION_RESULT)
>>> "wwan_fm350gl_get_rtd3_method_support(config) | ACPI_PCIE_RP_EMIT_SRCK"
>>> is always 1/true regardless of the values of its operand. This occurs as
>>> the logical operand of "if".
86 if
(wwan_fm350gl_get_rtd3_method_support(config) |
87 ACPI_PCIE_RP_EMIT_SRCK) {
88
acpigen_emit_namestring(acpi_device_path_join(
89 parent_dev, "SRCK"));
90 acpigen_emit_byte(ZERO_OP);
91 }
/src/drivers/wwan/fm/acpi_fm350gl.c: 63 in wwan_fm350gl_acpi_method_fhrf()
57 acpigen_write_method_serialized("FHRF", 1);
58 {
59 /* LOCAL0 = PERST# */
60 acpigen_get_tx_gpio(>perst_gpio);
61 acpigen_write_if_lequal_op_int(LOCAL0_OP, 0);
62 {
>>> CID 1469543:(CONSTANT_EXPRESSION_RESULT)
>>> "wwan_fm350gl_get_rtd3_method_support(config) | ACPI_PCIE_RP_EMIT_L23"
>>> is always 1/true regardless of the values of its operand. This occurs as
>>> the logical operand of "if".
63 if (wwan_fm350gl_get_rtd3_method_support(config) |
64 ACPI_PCIE_RP_EMIT_L23) {
65
acpigen_emit_namestring(acpi_device_path_join(parent_dev,
66 "DL23"));
67 }
68 /* assert PERST# pin */
** CID 1469542:(CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 418 in pcie_rtd3_acpi_fill_ssdt()
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 430 in pcie_rtd3_acpi_fill_ssdt()
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 378 in pcie_rtd3_acpi_fill_ssdt()
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 390 in pcie_rtd3_acpi_fill_ssdt()
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 427 in pcie_rtd3_acpi_fill_ssdt()
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 384 in pcie_rtd3_acpi_fill_ssdt()
*** CID 1469542:(CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 418 in pcie_rtd3_acpi_fill_ssdt()
412
413 /* Create OpRegions for MMIO accesses. */
414 acpigen_write_opregion();
415 acpigen_write_field("PXCS", fieldlist, ARRAY_SIZE(fieldlist),
416 FIELD_ANYACC | FIELD_NOLOCK |
FIELD_PRESERVE);
417
>>> CID 1469542:(CONSTANT_EXPRESSION_RESULT)
>>> "config->ext_pm_support | ACPI_PCIE_RP_EMIT_L23" is always 1/true
>>> regardless of the values of its operand. This occurs as the logical operand
>>> of "if".
418 if (config->ext_pm_support | ACPI_PCIE_RP_EMIT_L23) {
419 pcie_rtd3_acpi_method_dl23();
420 pcie_rtd3_acpi_method_l23d();
421 }
422
423 /* Create the OpRegion to access the ModPHY PG registers (PCH
RPs only) */
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 430 in pcie_rtd3_acpi_fill_ssdt()
424 if (rp_type == PCIE_RP_PCH)
425 write_modphy_opregion(pcie_rp);
426
427 if (config->ext_pm_support | ACPI_PCIE_RP_EMIT_PSD0)
428 pcie_rtd3_acpi_method_pds0(pcie_rp);
429
>>> CID 1469542:(CONSTANT_EXPRESSION_RESULT)
>>> "config->ext_pm_support | ACPI_PCIE_RP_EMIT_SRCK" is always 1/true
>>> regardless of the values of its operand. This occurs as the logical operand
>>> of "if".
430 if (config->ext_pm_support | ACPI_PCIE_RP_EMIT_SRCK)
431 pcie_rtd3_acpi_method_srck(pcie_rp, config);
432
433 /* ACPI Power Resource for controlling the attached device
power. */
434 acpigen_write_power_res("RTD3", 0, 0, power_res_states,
ARRAY_SIZE(power_res_states));
435
/src/soc/intel/common/block/pcie/rtd3/rtd3.c: 378 in
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
180 new defect(s) introduced to coreboot found with Coverity Scan.
164 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 180 defect(s)
** CID 1469466:(OVERRUN)
/src/soc/qualcomm/common/qupv3_config.c: 29 in qupv3_se_fw_load_and_init()
/src/soc/qualcomm/common/qupv3_config.c: 33 in qupv3_se_fw_load_and_init()
*** CID 1469466:(OVERRUN)
/src/soc/qualcomm/common/qupv3_config.c: 29 in qupv3_se_fw_load_and_init()
23 static const char * const filename[] = {
24 [SE_PROTOCOL_SPI] = "fallback/spi_fw",
25 [SE_PROTOCOL_UART] = "fallback/uart_fw",
26 [SE_PROTOCOL_I2C] = "fallback/i2c_fw",
27 };
28
>>> CID 1469466:(OVERRUN)
>>> Overrunning array "filename" of 4 8-byte elements at element index 4
>>> (byte offset 39) using index "protocol" (which evaluates to 4).
29 if (protocol >= SE_PROTOCOL_MAX || !filename[protocol])
30 die("*ERROR* * INVALID PROTOCOL ***\n");
31
32 if (!fw_list[protocol]) {
33 fw_list[protocol] = cbfs_map(filename[protocol], NULL);
34 if (!fw_list[protocol])
/src/soc/qualcomm/common/qupv3_config.c: 33 in qupv3_se_fw_load_and_init()
27 };
28
29 if (protocol >= SE_PROTOCOL_MAX || !filename[protocol])
30 die("*ERROR* * INVALID PROTOCOL ***\n");
31
32 if (!fw_list[protocol]) {
>>> CID 1469466:(OVERRUN)
>>> Overrunning array "filename" of 4 8-byte elements at element index 4
>>> (byte offset 39) using index "protocol" (which evaluates to 4).
33 fw_list[protocol] = cbfs_map(filename[protocol], NULL);
34 if (!fw_list[protocol])
35 die("*ERROR* * cbfs_map failed ***\n");
36 }
37
38 hdr = fw_list[protocol];
** CID 1469465: Null pointer dereferences (FORWARD_NULL)
*** CID 1469465: Null pointer dereferences (FORWARD_NULL)
/src/ec/google/chromeec/ec.c: 1819 in google_chromeec_regulator_set_voltage()
1813.cmd_size_in = sizeof(params),
1814.cmd_data_out = NULL,
1815.cmd_size_out = 0,
1816.cmd_dev_index = 0,
1817};
1818
>>> CID 1469465: Null pointer dereferences (FORWARD_NULL)
>>> Passing "" to "google_chromeec_command", which dereferences null
>>> "cmd.cmd_data_out".
1819if (google_chromeec_command())
1820return -1;
1821
1822return 0;
1823 }
1824
** CID 1469464:(TAINTED_SCALAR)
*** CID 1469464:(TAINTED_SCALAR)
/3rdparty/vboot/cgpt/cgpt_show.c: 387 in GptShow()
381 GptHeader *header;
382 char indent[64];
383
384 require(snprintf(indent, sizeof(indent), GPT_MORE) <
sizeof(indent));
385 header = (GptHeader*)drive->gpt.secondary_header;
386 entries = (GptEntry*)drive->gpt.secondary_entries;
>>> CID 1469464:(TAINTED_SCALAR)
>>> Passing tainted expression "header->size_of_entry" to "HeaderDetails",
>>> which uses it as a loop boundary.
387 HeaderDetails(header, entries, indent, params->numeric);
388 }
389 }
390 }
391
392 CheckValid(drive);
/3rdparty/vboot/cgpt/cgpt_show.c: 256 in GptShow()
250 } else if (params->quick) { // show all partitions,
quickly
251 uint32_t i;
252 GptEntry *entry;
253 char type[GUID_STRLEN];
254
255 for (i = 0; i < GetNumberOfEntries(drive); ++i) {
>>> CID 1469464:(TAINTED_SCALAR)
>>> Passing tainted expression "*drive->gpt.primary_header" to "GetEntry",
>>> which uses it as an offset.
256 entry = GetEntry(>gpt, ANY_VALID, i);
257
258 if (GuidIsZero(>type))
259 continue;
260
261 if (!params->numeric && CGPT_OK == ResolveType(>type,
type)) {
/3rdparty/vboot/cgpt/cgpt_show.c: 387 in GptShow()
381 GptHeader *header;
382 char indent[64];
383
384 require(snprintf(indent, sizeof(indent), GPT_MORE) <
sizeof(indent));
385 header = (GptHeader*)drive->gpt.secondary_header;
386 entries = (GptEntry*)drive->gpt.secondary_entries;
>>> CID 1469464:(TAINTED_SCALAR)
>>> Passing tainted expression "header->size" to "HeaderDetails", which
>>> uses it as a loop boundary.
387 HeaderDetails(header, entries, indent,
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1464650: Memory - corruptions (OVERRUN)
*** CID 1464650: Memory - corruptions (OVERRUN)
/tests/lib/lzma-test.c: 147 in test_ulzman_zero_buffer()
141 uint8_t in_buf[LZMA_PROPERTIES_SIZE + 1 * KiB];
142 uint8_t out_buf[2 * KiB];
143
144 memset(in_buf, 0, sizeof(in_buf));
145 memset(out_buf, 0, sizeof(out_buf));
146
>>> CID 1464650: Memory - corruptions (OVERRUN)
>>> Overrunning array "in_buf" of 1029 bytes by passing it to a function
>>> which accesses it at byte offset 2047 using argument "2048UL".
147 assert_int_equal(0, ulzman(in_buf, sizeof(in_buf), out_buf,
sizeof(out_buf)));
148 }
149
150 #define ULZMAN_CORRECT_FILE_TEST(_file_prefix)
\
151 {
\
152 .name = "test_ulzman_correct_file(" _file_prefix ")",
\
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DPLkF_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1x7oRx8FGHGgtwYJC8WQ-2FPz-2FDICMx7FOj4LNf756p8zw9C7V4piRwtun1MfusADV5ObNcvruBK-2BAIR-2B-2BULzipHPgoszWmHa5dv9-2BIi37BBTlrsAHf34GgV0En46s7r16EZSpGTtbNL6I5N7LjxoG5vF12STrIOT14Q0jfj5Lxer93JlYBjTSVT0sVwZd5vmrY-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 7 new defect(s) introduced to coreboot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s) ** CID 1464057: Memory - corruptions (OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 370 in MemTDIMMPresence3() *** CID 1464057: Memory - corruptions (OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 370 in MemTDIMMPresence3() 364 ChannelPtr->RefRawCard[i] = SpdBufferPtr[SPD_RAWCARD] & 0x1F; 365 // 366 // Get control word values for RC3, RC4 and RC5 367 // 368 ChannelPtr->CtrlWrd03[i] = SpdBufferPtr[SPD_CTLWRD03] >> 4; 369 ChannelPtr->CtrlWrd04[i] = SpdBufferPtr[SPD_CTLWRD04] & 0x0F; >>> CID 1464057: Memory - corruptions (OVERRUN) >>> Overrunning array "ChannelPtr->CtrlWrd05" of 4 bytes at byte offset 4 >>> using index "i" (which evaluates to 4). 370 ChannelPtr->CtrlWrd05[i] = SpdBufferPtr[SPD_CTLWRD05] >> 4; 371 // 372 // Temporarily store info. of SPD byte 63 into CtrlWrd02(s), 373 // and they will be used late to calculate real RC2 and RC8 value 374 // 375 ChannelPtr->CtrlWrd02[i] = SpdBufferPtr[SPD_ADDRMAP] & 0x03; ** CID 1464056: Memory - corruptions (OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 364 in MemTDIMMPresence3() *** CID 1464056: Memory - corruptions (OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 364 in MemTDIMMPresence3() 358 ChannelPtr->DimmMirrorPresent |= DimmMask; 359 } 360 } 361 // 362 // Get byte62: Reference Raw Card information 363 // >>> CID 1464056: Memory - corruptions (OVERRUN) >>> Overrunning array "ChannelPtr->RefRawCard" of 4 bytes at byte offset 4 >>> using index "i" (which evaluates to 4). 364 ChannelPtr->RefRawCard[i] = SpdBufferPtr[SPD_RAWCARD] & 0x1F; 365 // 366 // Get control word values for RC3, RC4 and RC5 367 // 368 ChannelPtr->CtrlWrd03[i] = SpdBufferPtr[SPD_CTLWRD03] >> 4; 369 ChannelPtr->CtrlWrd04[i] = SpdBufferPtr[SPD_CTLWRD04] & 0x0F; ** CID 1464055: Memory - corruptions (OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 375 in MemTDIMMPresence3() *** CID 1464055: Memory - corruptions (OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 375 in MemTDIMMPresence3() 369 ChannelPtr->CtrlWrd04[i] = SpdBufferPtr[SPD_CTLWRD04] & 0x0F; 370 ChannelPtr->CtrlWrd05[i] = SpdBufferPtr[SPD_CTLWRD05] >> 4; 371 // 372 // Temporarily store info. of SPD byte 63 into CtrlWrd02(s), 373 // and they will be used late to calculate real RC2 and RC8 value 374 // >>> CID 1464055: Memory - corruptions (OVERRUN) >>> Overrunning array "ChannelPtr->CtrlWrd02" of 4 bytes at byte offset 4 >>> using index "i" (which evaluates to 4). 375 ChannelPtr->CtrlWrd02[i] = SpdBufferPtr[SPD_ADDRMAP] & 0x03; 376 // 377 // Copy the number of registers to the Ps Block to persist across frequency changes 378 // 379 NBPtr->PsPtr->NumOfReg[i] = SpdBufferPtr[SPD_ADDRMAP] & 0x03; 380 // ** CID 1464054:(OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 379 in MemTDIMMPresence3() /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 384 in MemTDIMMPresence3() /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 383 in MemTDIMMPresence3() *** CID 1464054:(OVERRUN) /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/DDR3/mtspd3.c: 379 in MemTDIMMPresence3() 373 // and they will be used late to calculate real RC2 and RC8 value 374 // 375 ChannelPtr->CtrlWrd02[i] = SpdBufferPtr[SPD_ADDRMAP] & 0x03; 376 // 377 // Copy the number of registers to the Ps Block to persist across frequency changes 378 // >>> CID 1464054:(OVERRUN) >>> Overrunning array "NBPtr->PsPtr->NumOfReg" of 4 bytes at byte offset 4 >>> using index "i" (which evaluates
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1462119: Resource leaks (RESOURCE_LEAK)
/src/soc/intel/common/block/acpi/pep.c: 68 in read_pmc_lpm_requirements()
*** CID 1462119: Resource leaks (RESOURCE_LEAK)
/src/soc/intel/common/block/acpi/pep.c: 68 in read_pmc_lpm_requirements()
62 }
63
64 if (info) {
65 info->addr = (uint8_t *)reg;
66 info->buffer_size = register_count * sizeof(uint32_t);
67 }
>>> CID 1462119: Resource leaks (RESOURCE_LEAK)
>>> Variable "reg" going out of scope leaks the storage it points to.
68 }
69
70 /*
71 * For now there is only one disabled non-existent device, because
Windows
72 * expects at least one device and crashes without it with a bluescreen
73 * (`INTERNAL_POWER_ERROR`). Returning an empty package does not work.
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D8Uys_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2b9x2mkOQe37lQUUldj7ivE7IPFArCYPC1dvzVz-2FoIuy9cvhv7YtEFzjYBhoryTytZqwhCTyRQWvW8T9ocsuLMZJ9asSHw1D3BX4wQVwRNTg8CXfj6K-2BdqJLKZju5-2F17TjkA2YzivH4j4WC92malTHwW2rZ0-2Bo-2F-2BnIcSgyI6-2Ft2Q-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
20 new defect(s) introduced to coreboot found with Coverity Scan.
13 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 20 defect(s)
** CID 1461240: Control flow issues (DEADCODE)
/3rdparty/chromeec/core/cortex-m/watchdog.c: 37 in watchdog_trace()
*** CID 1461240: Control flow issues (DEADCODE)
/3rdparty/chromeec/core/cortex-m/watchdog.c: 37 in watchdog_trace()
31
32 /*
33 * This is our last breath, the last opportunity to sort out all
34 * matters. Flush and invalidate D-cache if cache enabled.
35 */
36 if (IS_ENABLED(CONFIG_ARMV7M_CACHE))
>>> CID 1461240: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "cpu_clean_invalidate_dcache();".
37 cpu_clean_invalidate_dcache();
38
39 panic_printf("### WATCHDOG PC=%08x / LR=%08x / pSP=%08x ",
40 stack[6], stack[5], psp);
41 if ((excep_lr & 0xf) == 1)
42 panic_puts("(exc) ###\n");
** CID 1461239:(PARSE_ERROR)
/3rdparty/chromeec/common/shared_mem.c: 19 in ()
/3rdparty/chromeec/common/shared_mem.c: 19 in ()
/3rdparty/chromeec/common/shared_mem.c: 19 in ()
*** CID 1461239:(PARSE_ERROR)
/3rdparty/chromeec/common/shared_mem.c: 19 in ()
13 #include "util.h"
14
15 static int buf_in_use;
16 static int max_used;
17
18 /* 1 MB buffer for fake shared memory implementation */
>>> CID 1461239:(PARSE_ERROR)
>>> expression must be an integral constant expression
19 STATIC_IF(CONFIG_FAKE_SHMEM) char fake_shmem_buf[BIT(20)];
20
21 int shared_mem_size(void)
22 {
23 if (IS_ENABLED(CONFIG_FAKE_SHMEM))
24 return sizeof(fake_shmem_buf);
/3rdparty/chromeec/common/shared_mem.c: 19 in ()
13 #include "util.h"
14
15 static int buf_in_use;
16 static int max_used;
17
18 /* 1 MB buffer for fake shared memory implementation */
>>> CID 1461239:(PARSE_ERROR)
>>> function call is not allowed in a constant expression
19 STATIC_IF(CONFIG_FAKE_SHMEM) char fake_shmem_buf[BIT(20)];
20
21 int shared_mem_size(void)
22 {
23 if (IS_ENABLED(CONFIG_FAKE_SHMEM))
24 return sizeof(fake_shmem_buf);
/3rdparty/chromeec/common/shared_mem.c: 19 in ()
13 #include "util.h"
14
15 static int buf_in_use;
16 static int max_used;
17
18 /* 1 MB buffer for fake shared memory implementation */
>>> CID 1461239:(PARSE_ERROR)
>>> expression must have integral type
19 STATIC_IF(CONFIG_FAKE_SHMEM) char fake_shmem_buf[BIT(20)];
20
21 int shared_mem_size(void)
22 {
23 if (IS_ENABLED(CONFIG_FAKE_SHMEM))
24 return sizeof(fake_shmem_buf);
** CID 1461238: Control flow issues (DEADCODE)
/3rdparty/chromeec/common/usb_pd_alt_mode_dfp.c: 1312 in svdm_dp_post_config()
*** CID 1461238: Control flow issues (DEADCODE)
/3rdparty/chromeec/common/usb_pd_alt_mode_dfp.c: 1312 in svdm_dp_post_config()
1306
1307 __overridable void svdm_dp_post_config(int port)
1308 {
1309mux_state_t mux_mode = svdm_dp_get_mux_mode(port);
1310/* Connect the SBU and USB lines to the connector. */
1311if (IS_ENABLED(CONFIG_USBC_PPC_SBU))
>>> CID 1461238: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "ppc_set_sbu(port, 1);".
1312ppc_set_sbu(port, 1);
1313usb_mux_set(port, mux_mode, USB_SWITCH_CONNECT,
1314polarity_rm_dts(pd_get_polarity(port)));
1315
1316dp_flags[port] |= DP_FLAGS_DP_ON;
1317if (!(dp_flags[port] & DP_FLAGS_HPD_HI_PENDING))
** CID 1461237: Control flow issues (DEADCODE)
/3rdparty/chromeec/common/motion_sense.c: 446 in
motion_sense_switch_sensor_rate()
*** CID 1461237: Control flow issues (DEADCODE)
/3rdparty/chromeec/common/motion_sense.c: 446 in
motion_sense_switch_sensor_rate()
440 /* No sensor activated, reset host interval interval to
0. */
441 ap_event_interval = 0;
442 }
443
444 /* disable the body detection since AP is suspended */
445 if (IS_ENABLED(CONFIG_BODY_DETECTION)) {
>>> CID 1461237: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "static _Bool
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
26 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 26 defect(s)
** CID 1458462: Resource leaks (RESOURCE_LEAK)
/util/kconfig/confdata.c: 1149 in conf_write_autoconf()
*** CID 1458462: Resource leaks (RESOURCE_LEAK)
/util/kconfig/confdata.c: 1149 in conf_write_autoconf()
1143return 1;
1144
1145name = getenv("KCONFIG_AUTOHEADER");
1146if (!name)
1147name = "include/generated/autoconf.h";
1148if (make_parent_dir(name))
>>> CID 1458462: Resource leaks (RESOURCE_LEAK)
>>> Variable "out" going out of scope leaks the storage it points to.
1149return 1;
1150char filename_h[PATH_MAX];
1151int fd_h = conf_mktemp(name, filename_h);
1152if (fd_h == -1)
1153return 1;
1154out_h = fdopen(fd_h, "w");
** CID 1458461: Resource leaks (RESOURCE_LEAK)
/util/kconfig/menu.c: 212 in menu_add_symbol()
*** CID 1458461: Resource leaks (RESOURCE_LEAK)
/util/kconfig/menu.c: 212 in menu_add_symbol()
206 {
207 menu_add_prop(type, expr, dep);
208 }
209
210 void menu_add_symbol(enum prop_type type, struct symbol *sym, struct
expr *dep)
211 {
>>> CID 1458461: Resource leaks (RESOURCE_LEAK)
>>> Ignoring storage allocated by "menu_add_prop(type,
>>> expr_alloc_symbol(sym), dep)" leaks it.
212 menu_add_prop(type, expr_alloc_symbol(sym), dep);
213 }
214
215 static int menu_validate_number(struct symbol *sym, struct symbol *sym2)
216 {
217 return sym2->type == S_INT || sym2->type == S_HEX ||
** CID 1458460: Security best practices violations (STRING_OVERFLOW)
/util/kconfig/confdata.c: 1049 in conf_touch_deps()
*** CID 1458460: Security best practices violations (STRING_OVERFLOW)
/util/kconfig/confdata.c: 1049 in conf_touch_deps()
1043 static int conf_touch_deps(void)
1044 {
1045const char *name;
1046struct symbol *sym;
1047int res, i;
1048
>>> CID 1458460: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 4096-character fixed-size string "depfile_path"
>>> by copying the return value of "conf_get_autobase_name" without checking
>>> the length.
1049strcpy(depfile_path, conf_get_autobase_name());
1050depfile_prefix_len = strlen(depfile_path);
1051
1052name = conf_get_autoconfig_name();
1053conf_read_simple(name, S_DEF_AUTO);
1054sym_calc_value(modules_sym);
** CID 1458459: Resource leaks (RESOURCE_LEAK)
/util/kconfig/menu.c: 207 in menu_add_expr()
*** CID 1458459: Resource leaks (RESOURCE_LEAK)
/util/kconfig/menu.c: 207 in menu_add_expr()
201 current_entry->visibility =
expr_alloc_and(current_entry->visibility,
202 expr);
203 }
204
205 void menu_add_expr(enum prop_type type, struct expr *expr, struct expr
*dep)
206 {
>>> CID 1458459: Resource leaks (RESOURCE_LEAK)
>>> Ignoring storage allocated by "menu_add_prop(type, expr, dep)" leaks it.
207 menu_add_prop(type, expr, dep);
208 }
209
210 void menu_add_symbol(enum prop_type type, struct symbol *sym, struct
expr *dep)
211 {
212 menu_add_prop(type, expr_alloc_symbol(sym), dep);
** CID 1458458: Null pointer dereferences (FORWARD_NULL)
/util/kconfig/menu.c: 820 in get_symbol_str()
*** CID 1458458: Null pointer dereferences (FORWARD_NULL)
/util/kconfig/menu.c: 820 in get_symbol_str()
814 str_append(r, "\n");
815 }
816 }
817 }
818
819 /* Print the definitions with prompts before the ones without */
>>> CID 1458458: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "sym".
820 for_all_properties(sym, prop, P_SYMBOL) {
821 if (prop->menu->prompt) {
822 get_def_str(r, prop->menu);
823 get_prompt_str(r, prop->menu->prompt, head);
824
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1458232: Null pointer dereferences (REVERSE_INULL)
/src/drivers/usb/acpi/usb_acpi.c: 130 in usb_acpi_get_pld()
*** CID 1458232: Null pointer dereferences (REVERSE_INULL)
/src/drivers/usb/acpi/usb_acpi.c: 130 in usb_acpi_get_pld()
124 };
125
126 bool usb_acpi_get_pld(const struct device *usb_device, struct acpi_pld
*pld)
127 {
128 struct drivers_usb_acpi_config *config = usb_device->chip_info;
129
>>> CID 1458232: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "usb_device" suggests that it may be null, but it has
>>> already been dereferenced on all paths leading to the check.
130 if (!usb_device || !usb_device->chip_info ||
131 usb_device->chip_ops != _usb_acpi_ops)
132 return false;
133
134 if (config->use_custom_pld)
135 memcpy(pld, >custom_pld, sizeof(pld));
** CID 1458231: Incorrect expression (SIZEOF_MISMATCH)
/src/drivers/usb/acpi/usb_acpi.c: 135 in usb_acpi_get_pld()
*** CID 1458231: Incorrect expression (SIZEOF_MISMATCH)
/src/drivers/usb/acpi/usb_acpi.c: 135 in usb_acpi_get_pld()
129
130 if (!usb_device || !usb_device->chip_info ||
131 usb_device->chip_ops != _usb_acpi_ops)
132 return false;
133
134 if (config->use_custom_pld)
>>> CID 1458231: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "pld" of type "struct acpi_pld *" and argument "4UL /*
>>> sizeof (pld) */" to function "memcpy" is suspicious.
135 memcpy(pld, >custom_pld, sizeof(pld));
136 else
137 acpi_pld_fill_usb(pld, config->type, >group);
138
139 return true;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DmIXw_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3ln0G-2Fl8Du-2FPb-2FjnYOR4GDeLCTh-2Ff-2BTs2XjTD-2BPtnD1RiRz7yNxilCb-2F0Wi5YMhgAiofwe8tvUrA8duNBL6lQuq7ChtQPCex4N-2FpOuA2Ex7tv-2B07D8NixBvhgDfni8mle0QAC7mWwlxWHWI3ahcV5dw8RqCsSaX4X2-2BFgLd3ldgQ-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
12 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1458079: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/alderlake/crashlog.c: 68 in pmc_cl_discovery()
*** CID 1458079: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/alderlake/crashlog.c: 68 in pmc_cl_discovery()
62 tmp_bar_addr = SPI_BASE_ADDRESS;
63 pci_write_config32(PCH_DEV_SRAM, PCI_BASE_ADDRESS_0, tmp_bar_addr);
64 pci_or_config16(PCH_DEV_SRAM, PCI_COMMAND, PCI_COMMAND_MEMORY);
65
66 if (discovery_buf.bits.discov_mechanism == 1) {
67 /* discovery mode */
>>> CID 1458079: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "discovery_buf.bits.base_offset & (2147483648UL /* 1UL << 31 */)" is
>>> always 0 regardless of the values of its operands. This occurs as the
>>> logical operand of "if".
68 if (discovery_buf.bits.base_offset & BIT(31)) {
69 printk(BIOS_DEBUG, "PCH discovery to be used is
disabled.\n");
70 m_pmc_crashLog_present = false;
71 m_pmc_crashLog_size = 0;
72 return false;
73 }
** CID 1458078: Null pointer dereferences (FORWARD_NULL)
*** CID 1458078: Null pointer dereferences (FORWARD_NULL)
/src/soc/intel/alderlake/crashlog.c: 45 in pmc_cl_discovery()
39
40 cmd_reg = pmc_make_ipc_cmd(PMC_IPC_CMD_CRASHLOG,
41 PMC_IPC_CMD_ID_CRASHLOG_DISCOVERY,
42 PMC_IPC_CMD_SIZE_SHIFT);
43 printk(BIOS_DEBUG, "cmd_reg from pmc_make_ipc_cmd %d\n", cmd_reg);
44
>>> CID 1458078: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "req" to "pmc_send_ipc_cmd", which dereferences it.
45 r = pmc_send_ipc_cmd(cmd_reg, req, res);
46
47 if (r < 0) {
48 printk(BIOS_ERR, "pmc_send_ipc_cmd failed in %s\n", __func__);
49 return false;
50 }
** CID 1458077: Null pointer dereferences (FORWARD_NULL)
*** CID 1458077: Null pointer dereferences (FORWARD_NULL)
/src/soc/intel/alderlake/crashlog.c: 45 in pmc_cl_discovery()
39
40 cmd_reg = pmc_make_ipc_cmd(PMC_IPC_CMD_CRASHLOG,
41 PMC_IPC_CMD_ID_CRASHLOG_DISCOVERY,
42 PMC_IPC_CMD_SIZE_SHIFT);
43 printk(BIOS_DEBUG, "cmd_reg from pmc_make_ipc_cmd %d\n", cmd_reg);
44
>>> CID 1458077: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "res" to "pmc_send_ipc_cmd", which dereferences it.
45 r = pmc_send_ipc_cmd(cmd_reg, req, res);
46
47 if (r < 0) {
48 printk(BIOS_ERR, "pmc_send_ipc_cmd failed in %s\n", __func__);
49 return false;
50 }
** CID 1458076: Null pointer dereferences (FORWARD_NULL)
*** CID 1458076: Null pointer dereferences (FORWARD_NULL)
/src/soc/intel/common/block/crashlog/crashlog.c: 256 in
cl_pmc_en_gen_on_all_reboot()
250 int r;
251
252 cmd_reg = pmc_make_ipc_cmd(PMC_IPC_CMD_CRASHLOG,
253 PMC_IPC_CMD_ID_CRASHLOG_ON_RESET,
254 PMC_IPC_CMD_SIZE_SHIFT);
255
>>> CID 1458076: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "req" to "pmc_send_ipc_cmd", which dereferences it.
256 r = pmc_send_ipc_cmd(cmd_reg, req, res);
257
258 if (r < 0) {
259 printk(BIOS_ERR, "pmc_send_ipc_cmd failed in %s\n",
__func__);
260 return 0;
261 }
** CID 1458075: Null pointer dereferences (FORWARD_NULL)
*** CID 1458075: Null pointer dereferences (FORWARD_NULL)
/src/soc/intel/common/block/crashlog/crashlog.c: 206 in
cl_pmc_re_arm_after_reset()
200 int r;
201
202 cmd_reg = pmc_make_ipc_cmd(PMC_IPC_CMD_CRASHLOG,
203 PMC_IPC_CMD_ID_CRASHLOG_RE_ARM_ON_RESET,
204 PMC_IPC_CMD_SIZE_SHIFT);
205
>>> CID 1458075: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "req"
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1458054: Memory - corruptions (OVERRUN)
/src/mainboard/google/dedede/variants/baseboard/ramstage.c: 41 in
update_lte_device()
*** CID 1458054: Memory - corruptions (OVERRUN)
/src/mainboard/google/dedede/variants/baseboard/ramstage.c: 41 in
update_lte_device()
35 config->type = UPC_TYPE_INTERNAL;
36 if (port->path.usb.port_type ==
LTE_USB_PORT_TYPE) {
37 config->has_power_resource = 1;
38 memcpy(>reset_gpio,
_reset_gpio,
39
sizeof(config->reset_gpio));
40 config->reset_off_delay_ms = 20;
>>> CID 1458054: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "_enable_gpio" of 4 bytes by
>>> passing it to a function which accesses it at byte offset 71 using argument
>>> "72UL". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
41 memcpy(>enable_gpio,
_enable_gpio,
42
sizeof(config->enable_gpio));
43 config->enable_delay_ms = 20;
44 }
45 }
46 }
47 }
** CID 1458053: Memory - corruptions (OVERRUN)
/src/mainboard/google/dedede/variants/baseboard/ramstage.c: 38 in
update_lte_device()
*** CID 1458053: Memory - corruptions (OVERRUN)
/src/mainboard/google/dedede/variants/baseboard/ramstage.c: 38 in
update_lte_device()
32 fw_config_probe(FW_CONFIG(DB_PORTS,
DB_PORTS_1A_HDMI_LTE))) {
33
34 config = port->chip_info;
35 config->type = UPC_TYPE_INTERNAL;
36 if (port->path.usb.port_type ==
LTE_USB_PORT_TYPE) {
37 config->has_power_resource = 1;
>>> CID 1458053: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "_reset_gpio" of 4 bytes by
>>> passing it to a function which accesses it at byte offset 71 using argument
>>> "72UL". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
38 memcpy(>reset_gpio,
_reset_gpio,
39
sizeof(config->reset_gpio));
40 config->reset_off_delay_ms = 20;
41 memcpy(>enable_gpio,
_enable_gpio,
42
sizeof(config->enable_gpio));
43 config->enable_delay_ms = 20;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DWlVI_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3HiNC72a8zBdwg3-2FNS2rmv0RChO20VuIitqWAd3nzF2R4EOmRURa-2BimCsfyoKyqyCXlG8LrKARdDt9UkghPuw4Wsm1Qa75zKP0SLMtPJwb9CA8a7k8-2FcFb3L0yi86vC1bu12nd06l-2F6NAo6IZRX5k93RQ7pnR7G-2FkLnfbMrTX-2BtfZgKV4-2F-2F9nhvgkLHFjy5Bc-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1457506: Null pointer dereferences (REVERSE_INULL)
/src/soc/amd/common/block/acpi/bert.c: 19 in acpi_soc_get_bert_region()
*** CID 1457506: Null pointer dereferences (REVERSE_INULL)
/src/soc/amd/common/block/acpi/bert.c: 19 in acpi_soc_get_bert_region()
13 * BERT: [Firmware Bug]: table invalid.
14 */
15 if (!bert_should_generate_acpi_table())
16 return CB_ERR;
17
18 bert_errors_region(region, length);
>>> CID 1457506: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "region" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
19 if (!region) {
20 printk(BIOS_ERR, "Error: Can't find BERT storage area\n");
21 return CB_ERR;
22 }
23
24 return CB_SUCCESS;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D7lch_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn39rB0tDCMtAWGh-2Fs-2Buov78xc6oMd77NB0zjeHoc5uMz4aKapwp1F4ssqFAVBOfvuGzjMoYKYGqNi7Tvp1XxEmj8lBoFBTxlEbTMNy0e7B1LeSRy4y43W1BSytkGGTVqFpBg0GEf7Muqaw2JFwNk6ffHa4G5yrQXv8rccQClx5egw-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1453149: Uninitialized variables (UNINIT)
*** CID 1453149: Uninitialized variables (UNINIT)
/tests/lib/spd_cache-test.c: 178 in test_check_if_dimm_changed_sn_error()
172 assert_int_equal(CB_SUCCESS, load_spd_cache(_cache,
_cache_sz));
173 fill_spd_cache_ddr4(spd_cache, spd_cache_sz);
174 assert_int_equal(CB_SUCCESS, spd_fill_from_cache(spd_cache,
));
175
176 /* Simulate error */
177 will_return_count(get_spd_sn, CB_ERR, 1);
>>> CID 1453149: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "blk.addr_map" when calling
>>> "check_if_dimm_changed".
178 assert_true(check_if_dimm_changed(spd_cache, ));
179 }
180
181 __attribute__((unused))
182 static void test_check_if_dimm_changed_sodimm_lost(void **state)
183 {
** CID 1453148: Uninitialized variables (UNINIT)
*** CID 1453148: Uninitialized variables (UNINIT)
/tests/lib/spd_cache-test.c: 162 in test_check_if_dimm_changed_not_changed()
156 fill_spd_cache_ddr4(spd_cache, spd_cache_sz);
157 assert_int_equal(CB_SUCCESS, spd_fill_from_cache(spd_cache,
));
158
159 get_sn_from_spd_cache(spd_cache, get_spd_sn_ret_sn);
160 get_spd_sn_ret_sn_idx = 0;
161 will_return_count(get_spd_sn, CB_SUCCESS, SC_SPD_NUMS);
>>> CID 1453148: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "blk.addr_map" when calling
>>> "check_if_dimm_changed".
162 assert_false(check_if_dimm_changed(spd_cache, ));
163 }
164
165 __attribute__((unused))
166 static void test_check_if_dimm_changed_sn_error(void **state)
167 {
** CID 1453147: Uninitialized variables (UNINIT)
*** CID 1453147: Uninitialized variables (UNINIT)
/tests/lib/spd_cache-test.c: 233 in test_check_if_dimm_changed_sn_changed()
227 assert_int_equal(CB_SUCCESS, spd_fill_from_cache(spd_cache,
));
228 get_sn_from_spd_cache(spd_cache, get_spd_sn_ret_sn);
229 *(u32 *)(spd_cache + SC_SPD_OFFSET(0) + DDR4_SPD_SN_OFF) =
0x43211234;
230
231 get_spd_sn_ret_sn_idx = 0;
232 will_return_always(get_spd_sn, CB_SUCCESS);
>>> CID 1453147: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "blk.addr_map" when calling
>>> "check_if_dimm_changed".
233 assert_true(check_if_dimm_changed(spd_cache, ));
234 }
235
236 int main(void)
237 {
238 const struct CMUnitTest tests[] = {
** CID 1453146: Uninitialized variables (UNINIT)
*** CID 1453146: Uninitialized variables (UNINIT)
/tests/lib/spd_cache-test.c: 196 in test_check_if_dimm_changed_sodimm_lost()
190 assert_int_equal(CB_SUCCESS, spd_fill_from_cache(spd_cache,
));
191 get_sn_from_spd_cache(spd_cache, get_spd_sn_ret_sn);
192 memset(spd_cache + spd_data_ddr4_1_sz, 0xff,
spd_data_ddr4_2_sz);
193
194 get_spd_sn_ret_sn_idx = 0;
195 will_return_always(get_spd_sn, CB_SUCCESS);
>>> CID 1453146: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "blk.addr_map" when calling
>>> "check_if_dimm_changed".
196 assert_true(check_if_dimm_changed(spd_cache, ));
197 }
198
199 __attribute__((unused))
200 static void test_check_if_dimm_changed_new_sodimm(void **state)
201 {
** CID 1453145: Uninitialized variables (UNINIT)
*** CID 1453145: Uninitialized variables (UNINIT)
/tests/lib/spd_cache-test.c: 215 in test_check_if_dimm_changed_new_sodimm()
209 get_sn_from_spd_cache(spd_cache, get_spd_sn_ret_sn);
210 memcpy(spd_cache + spd_data_ddr4_1_sz + spd_data_ddr4_2_sz,
211 spd_data_ddr4_2, spd_data_ddr4_2_sz);
212
213 get_spd_sn_ret_sn_idx = 0;
214 will_return_always(get_spd_sn, CB_SUCCESS);
>>> CID 1453145: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "blk.addr_map" when calling
>>> "check_if_dimm_changed".
215 assert_true(check_if_dimm_changed(spd_cache, ));
216 }
217
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1452916: Null pointer dereferences (FORWARD_NULL)
/util/sconfig/main.c: 453 in new_fw_config_field()
*** CID 1452916: Null pointer dereferences (FORWARD_NULL)
/util/sconfig/main.c: 453 in new_fw_config_field()
447 }
448
449 /* Check that each field is within 64 bits. */
450 tmp = bits;
451 while (tmp) {
452 if (tmp->start_bit > tmp->end_bit || tmp->end_bit > 63)
{
>>> CID 1452916: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "field".
453 printf("ERROR: fw_config field %s has invalid
range %u-%u\n", field->name,
454tmp->start_bit, tmp->end_bit);
455 exit(1);
456 }
457
458 /* Check for overlap with an existing field. */
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DkkcN_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2-2BWPk-2FxdgijVL5IMW3XfN2auO1Vdboammv6Cd7DmESsXKcuh22H8FQ6m7ivW0C7CrFnbW9kfzHQRY8QlQpRa0Lw62W3Ym4XNeB3QJDBvumW6wvQZXVkKMv2KBB9iiqNEQog62eN4jg1sMHXKn-2F8wD-2FXXxHhpNveaFqJFXMJoejJQ-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 3 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1452766: Incorrect expression (SIZEOF_MISMATCH) /src/acpi/acpi.c: 914 in acpi_create_einj() *** CID 1452766: Incorrect expression (SIZEOF_MISMATCH) /src/acpi/acpi.c: 914 in acpi_create_einj() 908 einj_smi->trigger_action_table = (u64) (uintptr_t)tat; 909 910 for (i = 0; i < ACTION_COUNT; i++) 911 printk(BIOS_DEBUG, "default_actions[%d].reg.addr is %llx\n", i, 912 default_actions[i].reg.addr); 913 >>> CID 1452766: Incorrect expression (SIZEOF_MISMATCH) >>> Passing argument "einj" of type "acpi_einj_t *" and argument "4UL /* >>> sizeof (einj) */" to function "memset" is suspicious. 914 memset((void *)einj, 0, sizeof(einj)); 915 916 /* Fill out header fields. */ 917 memcpy(header->signature, "EINJ", 4); 918 memcpy(header->oem_id, OEM_ID, 6); 919 memcpy(header->oem_table_id, ACPI_TABLE_CREATOR, 8); ** CID 1452765: Incorrect expression (SIZEOF_MISMATCH) /src/acpi/acpi.c: 810 in acpi_create_einj() *** CID 1452765: Incorrect expression (SIZEOF_MISMATCH) /src/acpi/acpi.c: 810 in acpi_create_einj() 804 acpi_einj_trigger_table_t *tat; 805 if (!header) 806 return; 807 808 printk(BIOS_DEBUG, "%s einj_smi = %p\n", __func__, einj_smi); 809 memset(einj_smi, 0, sizeof(acpi_einj_smi_t)); >>> CID 1452765: Incorrect expression (SIZEOF_MISMATCH) >>> Adding "540UL /* sizeof (acpi_einj_smi_t) */" to pointer "einj_smi" of >>> type "acpi_einj_smi_t *" is suspicious because adding an integral value to >>> this pointer automatically scales that value by the size, 540 bytes, of the >>> pointed-to type, "acpi_einj_smi_t". Most likely, "sizeof >>> (acpi_einj_smi_t)" is extraneous and should be replaced with 1. 810 tat = (acpi_einj_trigger_table_t *)(einj_smi + sizeof(acpi_einj_smi_t)); 811 tat->header_size = 16; 812 tat->revision = 0; 813 tat->table_size = sizeof(acpi_einj_trigger_table_t) + 814 sizeof(acpi_einj_action_table_t) * actions - 1; 815 tat->entry_count = actions; ** CID 1452764: Incorrect expression (SIZEOF_MISMATCH) /src/acpi/acpi.c: 931 in acpi_create_einj() *** CID 1452764: Incorrect expression (SIZEOF_MISMATCH) /src/acpi/acpi.c: 931 in acpi_create_einj() 925 inj_header->einj_header_size = sizeof(acpi_injection_header_t); 926 inj_header->entry_count = ACTION_COUNT; 927 928 printk(BIOS_DEBUG, "%s einj->action_table = %p\n", 929 __func__, einj->action_table); 930 memcpy((void *)einj->action_table, (void *)default_actions, sizeof(einj->action_table)); >>> CID 1452764: Incorrect expression (SIZEOF_MISMATCH) >>> Passing argument "einj" of type "acpi_einj_t *" and argument "4U /* >>> sizeof (einj) */" to function "acpi_checksum" is suspicious. 931 header->checksum = acpi_checksum((void *)einj, sizeof(einj)); 932 } 933 934 void acpi_create_vfct(const struct device *device, 935 acpi_vfct_t *vfct, 936 unsigned long (*acpi_fill_vfct)(const struct device *device, To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DIRCV_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0KPr5AItjkKgbG-2FLIKHFpZfMUsQ7W68AmjM9PHMDP5zUWk1jRyvJ1NafzqStkWAghUtPQPB-2FCgGFa90G6-2BbYgjKPnZ0wcUejiJHWXAwdPxyHTcAeLgdgkgx5b-2FWU7QpBOOKx0s-2FyHdsw1XcgvtoJamueMxlOozmasUySmZ-2FJifuQ-3D-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1452697: Resource leaks (RESOURCE_LEAK)
/tests/lib/region_file-test.c: 32 in setup_region_file_test_group()
*** CID 1452697: Resource leaks (RESOURCE_LEAK)
/tests/lib/region_file-test.c: 32 in setup_region_file_test_group()
26
27 rdev_chain_mem_rw(dev, mem_buffer, REGION_FILE_BUFFER_SIZE);
28 *state = dev;
29
30 clear_region_file(dev);
31
>>> CID 1452697: Resource leaks (RESOURCE_LEAK)
>>> Variable "mem_buffer" going out of scope leaks the storage it points to.
32 return 0;
33 }
34
35 static int teardown_region_file_test_group(void **state)
36 {
37 struct region_device *dev = *state;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dbdmn_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0YanAj-2BNnPAOu41jzksshIlcjT9syrrJmrOdojoaaorrkMAPaA-2BmypZBk5pvbVV0e-2By3W-2Bf4yoAmaFOh28S-2FvHMVurAxqdQEum2oWuoO2LFzLAcI6PloNKHVrT1OFmN6X66-2BVug6bT7hpTNB7lY9PdqkB5zLuFhUBSSBNLW7Tap2OKtcTH-2BBNXquxt4HFQOao-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
17 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 1452607: Control flow issues (DEADCODE)
/src/drivers/elog/elog.c: 798 in elog_init()
*** CID 1452607: Control flow issues (DEADCODE)
/src/drivers/elog/elog.c: 798 in elog_init()
792 if (elog_find_flash() < 0)
793 return -1;
794
795 elog_size = region_device_sz(_state.nv_dev);
796 mirror_buffer = elog_mirror_buf;
797 if (!mirror_buffer) {
>>> CID 1452607: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "printk(3, "ELOG: Unable to ...".
798 printk(BIOS_ERR, "ELOG: Unable to allocate backing
store\n");
799 return -1;
800 }
801 mem_region_device_rw_init(_state.mirror_dev, mirror_buffer,
802 elog_size);
803
** CID 1452606: Possible Control flow issues (DEADCODE)
/src/cpu/intel/common/common_init.c: 62 in set_feature_ctrl_vmx()
*** CID 1452606: Possible Control flow issues (DEADCODE)
/src/cpu/intel/common/common_init.c: 62 in set_feature_ctrl_vmx()
56 }
57 }
58 }
59
60 wrmsr(IA32_FEATURE_CONTROL, msr);
61
>>> CID 1452606: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression ""disabled"" inside this
>>> statement: "printk(7, "VMX status: %s\n...".
62 printk(BIOS_DEBUG, "VMX status: %s\n",
63 enable ? "enabled" : "disabled");
64 }
65 void set_feature_ctrl_lock(void)
66 {
67 msr_t msr;
** CID 1452605: Control flow issues (DEADCODE)
/src/drivers/net/atl1e.c: 130 in atl1e_init()
*** CID 1452605: Control flow issues (DEADCODE)
/src/drivers/net/atl1e.c: 130 in atl1e_init()
124 printk(BIOS_INFO, "atl1e NIC has SPI eeprom, not
setting MAC\n");
125 return;
126 }
127
128 /* Check if the base is invalid */
129 if (!mem_base) {
>>> CID 1452605: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "printk(3, "atl1e: Error can...".
130 printk(BIOS_ERR, "atl1e: Error cant find MEM
resource\n");
131 return;
132 }
133 /* Enable but do not set bus master */
134 pci_write_config16(dev, PCI_COMMAND,
135PCI_COMMAND_MEMORY | PCI_COMMAND_IO);
** CID 1452604: Possible Control flow issues (DEADCODE)
/src/cpu/intel/common/common_init.c: 93 in set_feature_ctrl_lock()
*** CID 1452604: Possible Control flow issues (DEADCODE)
/src/cpu/intel/common/common_init.c: 93 in set_feature_ctrl_lock()
87 if (lock) {
88 /* Set lock bit */
89 msr.lo |= (1 << 0);
90 wrmsr(IA32_FEATURE_CONTROL, msr);
91 }
92
>>> CID 1452604: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach the expression ""unlocked"" inside this
>>> statement: "printk(7, "IA32_FEATURE_CON...".
93 printk(BIOS_DEBUG, "IA32_FEATURE_CONTROL status: %s\n",
94 lock ? "locked" : "unlocked");
95 }
96
97 /*
98 * Init cppc_config in a way that's appropriate for Intel
** CID 1452603: Control flow issues (DEADCODE)
/src/drivers/i2c/ww_ring/ww_ring.c: 391 in ww_ring_init()
*** CID 1452603: Control flow issues (DEADCODE)
/src/drivers/i2c/ww_ring/ww_ring.c: 391 in ww_ring_init()
385 ledc->dev_addr = 0; /* Mark disabled. */
386 }
387
388 printk(BIOS_INFO, "WW_RING: initialized %d out of %d\n", count,
i);
389 if (count != i) {
390 if (count)
>>> CID 1452603: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "printk(4, "WW_RING: will ke...".
391 printk(BIOS_WARNING,
392"WW_RING: will keep going anyway\n");
393 else
394 printk(BIOS_WARNING,
395"WW_RING: LED ring
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1452260:(CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1850 in power_settings()
/src/northbridge/intel/x4x/raminit_ddr23.c: 1851 in power_settings()
*** CID 1452260:(CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/x4x/raminit_ddr23.c: 1850 in power_settings()
1844mchbar_clrsetbits32(0x24, 0xe000, 0x6000);
1845mchbar_clrsetbits32(0x44, 0x1fef, 0x6b);
1846mchbar_write16(0x115, reg1);
1847mchbar_clrsetbits32(0x117, 0xff, reg2);
1848mchbar_write8(0x124, 0x7);
1849/* not sure if dummy reads are needed */
>>> CID 1452260:(CONSTANT_EXPRESSION_RESULT)
>>> "*((u16 volatile *)0xfed1412a) & -65536 /* ~((uint16_t)~0) */" is
>>> always 0 regardless of the values of its operands. This occurs as the
>>> bitwise first operand of "|".
1850mchbar_clrsetbits16(0x12a, ~0, 0x80);
1851mchbar_clrsetbits8(0x12c, ~0, 0xa0);
1852mchbar_clrbits16(0x174, 1 << 15);
1853mchbar_clrsetbits16(0x188, 0x1f00, 0x1f00);
1854mchbar_clrbits8(0x18c, 1 << 3);
1855mchbar_setbits8(0x192, 1);
/src/northbridge/intel/x4x/raminit_ddr23.c: 1851 in power_settings()
1845mchbar_clrsetbits32(0x44, 0x1fef, 0x6b);
1846mchbar_write16(0x115, reg1);
1847mchbar_clrsetbits32(0x117, 0xff, reg2);
1848mchbar_write8(0x124, 0x7);
1849/* not sure if dummy reads are needed */
1850mchbar_clrsetbits16(0x12a, ~0, 0x80);
>>> CID 1452260:(CONSTANT_EXPRESSION_RESULT)
>>> "*((u8 volatile *)0xfed1412c) & -256 /* ~((uint8_t)~0) */" is always 0
>>> regardless of the values of its operands. This occurs as the bitwise first
>>> operand of "|".
1851mchbar_clrsetbits8(0x12c, ~0, 0xa0);
1852mchbar_clrbits16(0x174, 1 << 15);
1853mchbar_clrsetbits16(0x188, 0x1f00, 0x1f00);
1854mchbar_clrbits8(0x18c, 1 << 3);
1855mchbar_setbits8(0x192, 1);
1856mchbar_setbits8(0x193, 0xf);
** CID 1452259: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/ironlake/quickpath.c: 694 in late_quickpath_init()
*** CID 1452259: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/ironlake/quickpath.c: 694 in late_quickpath_init()
688 mchbar_write32(0x1274, 0x0);
689
690 if (deven & 8) {
691 mchbar_write16(0x1214, 0x320);
692 mchbar_write32(0x1600, 0x4000);
693 mchbar_clrsetbits32(0x11f4, ~0, 1 << 28);
>>> CID 1452259: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*((u16 volatile *)0xfed11230) & -65536 /* ~((uint16_t)~0) */" is
>>> always 0 regardless of the values of its operands. This occurs as the
>>> bitwise first operand of "|".
694 mchbar_clrsetbits16(0x1230, ~0, 1 << 15);
695 mchbar_write32(0x1400, 0x13040020);
696 mchbar_write32(0x1404, 0xe090120);
697 mchbar_write32(0x1408, 0x5120220);
698 mchbar_write32(0x140c, 0x5120330);
699 mchbar_write32(0x1410, 0xe090220);
** CID 1452258: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/ironlake/raminit.c: 3103 in chipset_init()
*** CID 1452258: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/ironlake/raminit.c: 3103 in chipset_init()
3097
3098dmi_setup();
3099
3100mchbar_write16(0x1170, 0xa880);
3101mchbar_write8(0x11c1, 1 << 0);
3102mchbar_write16(0x1170, 0xb880);
>>> CID 1452258: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*((u8 volatile *)0xfed11210) & -256 /* ~((uint8_t)~0) */" is always 0
>>> regardless of the values of its operands. This occurs as the bitwise first
>>> operand of "|".
3103mchbar_clrsetbits8(0x1210, ~0, 0x84);
3104
3105if (get_option(, "gfx_uma_size") != CB_SUCCESS) {
3106/* 0 for 32MB */
3107gfxsize = 0;
3108}
** CID 1452257: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/northbridge/intel/ironlake/raminit.c: 3076 in dmi_setup()
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1452250: Uninitialized variables (UNINIT)
*** CID 1452250: Uninitialized variables (UNINIT)
/tests/lib/bootmem-test.c: 235 in init_memory_table_library()
229 struct lb_memory *lb_mem;
230
231 /* Allocate space for 10 lb_mem entries to be safe */
232 lb_mem = malloc(sizeof(*lb_mem) + 10 * sizeof(struct
lb_memory_range));
233
234 /* We need to call this only to initialize library */
>>> CID 1452250: Uninitialized variables (UNINIT)
>>> Using uninitialized value "lb_mem->size" when calling
>>> "bootmem_write_memory_table".
235 bootmem_write_memory_table(lb_mem);
236 free(lb_mem);
237 }
238
239 static void test_bootmem_add_range(void **state)
240 {
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D9f3u_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3EUDmPvU59Bc8iBYhOrb5W4NAQKqp-2F0Gk4bHw8c5kTbdftgijZYHE-2Bp-2BeDG9M0idhnYXVLI21BYK6DyGRE3rUt2WoVz2An4OkkuEKuI0phspJWo9krCHzk0wLWo9r8-2F4LxEBWYd-2BqmZ0yZYlFoqSYVe-2FbvII77TSqHZQ9A7CMh5w-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1452005: Memory - corruptions (OVERRUN)
/tests/lib/malloc-test.c: 53 in setup_calloc_test()
*** CID 1452005: Memory - corruptions (OVERRUN)
/tests/lib/malloc-test.c: 53 in setup_calloc_test()
47
48 return 0;
49 }
50
51 static int setup_calloc_test(void **state)
52 {
>>> CID 1452005: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&_heap" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 4194303 using argument
>>> "4194304UL". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
53 memset(&_heap, 0xFF, TEST_HEAP_SZ);
54 return setup_test(state);
55 }
56
57 static void test_malloc_out_of_memory(void **state)
58 {
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DOBmv_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2D-2FM5I3nUzOwPmvfgKcy9xVtX9P5U9TE-2FITY-2FVDbWjsPc00LFasnemVsrv8J9ABzwmNNqohdu7Nx5L7FeB-2FIS-2FbSTsasY3L-2Bpa7imNT6alE9OQTajEAjiLizXH0IO2X4V2Byx-2FDx0xdagtQ8paZhBJR3BP-2FHuARBxzsIsKtj6obDFjK8hLKUhFfPiStWLp4TQ-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1451732: Incorrect expression (SIZEOF_MISMATCH)
/src/soc/ti/am335x/mmc.c: 263 in am335x_mmc_init_storage()
*** CID 1451732: Incorrect expression (SIZEOF_MISMATCH)
/src/soc/ti/am335x/mmc.c: 263 in am335x_mmc_init_storage()
257
258 int am335x_mmc_init_storage(struct am335x_mmc_host *mmc_host)
259 {
260 int err = 0;
261
262 struct sd_mmc_ctrlr *mmc_ctrlr = _host->sd_mmc_ctrlr;
>>> CID 1451732: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "mmc_ctrlr" of type "struct sd_mmc_ctrlr *" and
>>> argument "4U /* sizeof (mmc_ctrlr) */" to function "memset" is suspicious.
263 memset(mmc_ctrlr, 0, sizeof(mmc_ctrlr));
264
265
266 err = am335x_mmc_init(mmc_host->reg);
267 if (err != 0) {
268 printk(BIOS_ERR, "ERROR: Initialising AM335X SD
failed.\n");
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DyFLz_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2BFz7Z1CAEeco1IvcYPbq2MoXcz2nCdeCFsmkjNYwjx-2Bo3jdAp5Wc7b2MssNEgpu-2B7oYLIel1mxc3eoy3Pilnh-2F5wUR7mxv5m7n5WWO1uhxh1hvMht6d2wqELAbN2yX9astErMEuIS8zFSeHsxFgqZ8LLAI0VYbXyXqQmdTgFQtZuwvFa3B5GTrjKl5W3DQGw-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1451545: Parse warnings (PARSE_ERROR) /src/mainboard/ti/beaglebone/sd_media.c: 95 in () *** CID 1451545: Parse warnings (PARSE_ERROR) /src/mainboard/ti/beaglebone/sd_media.c: 95 in () 89 .munmap = mmap_helper_rdev_munmap, 90 .readat = sd_readat, 91 }; 92 93 extern struct omap_image_headers headers; 94 >>> CID 1451545: Parse warnings (PARSE_ERROR) >>> function call is not allowed in a constant expression 95 static struct mmap_helper_region_device sd_mdev = MMAP_HELPER_REGION_INIT( 96 _sd_ops, COREBOOT_IMAGE_OFFSET + sizeof(headers), CONFIG_ROM_SIZE); 97 98 static bool init_done = false; 99 100 void boot_device_init(void) To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DSuK6_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1TZ7Hvuz-2FI2m2BXBO8oohi7VJPLKiySFPRABd6uESuq2adyrBX7DG85lTua-2F5nfx46ZWu56RE0zpLxlQo1h5Pi1-2BeKJy5ZlPqh6Y-2Bpt40lHgCoeHS03bYRaTl-2F-2FQd9PWOFVDyPsUDBeFCHwcNjzGvcHM8WyFf-2B6mxTTXVK9vthNkj00z-2B221ltVE4e9mvYT0c-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
14 new defect(s) introduced to coreboot found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)
** CID 1451398: Control flow issues (DEADCODE)
/3rdparty/chromeec/driver/usb_mux/usb_mux.c: 400 in hc_usb_pd_mux_ack()
*** CID 1451398: Control flow issues (DEADCODE)
/3rdparty/chromeec/driver/usb_mux/usb_mux.c: 400 in hc_usb_pd_mux_ack()
394 {
395 __maybe_unused const struct ec_params_usb_pd_mux_ack *p =
args->params;
396
397 if (!IS_ENABLED(CONFIG_USB_MUX_AP_ACK_REQUEST))
398 return EC_RES_INVALID_COMMAND;
399
>>> CID 1451398: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "task_set_event(TASK_ID_PD_C...".
400 task_set_event(PD_PORT_TO_TASK_ID(p->port),
PD_EVENT_AP_MUX_DONE);
401
402 return EC_RES_SUCCESS;
403 }
404 DECLARE_HOST_COMMAND(EC_CMD_USB_PD_MUX_ACK,
405 hc_usb_pd_mux_ack,
** CID 1451397: Memory - corruptions (ARRAY_VS_SINGLETON)
*** CID 1451397: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/selfboot.c: 238 in selfload_mapped()
232 {
233 uintptr_t entry = 0;
234 struct cbfs_payload_segment *cbfssegs;
235
236 cbfssegs = &((struct cbfs_payload *)mapping)->segments;
237
>>> CID 1451397: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "cbfssegs" to function "check_payload_segments" which uses it
>>> as an array. This might corrupt or misinterpret adjacent memory locations.
238 if (check_payload_segments(cbfssegs, dest_type))
239 return false;
240
241 if (load_payload_segments(cbfssegs, ))
242 return false;
243
** CID 1451396: Memory - corruptions (OVERRUN)
*** CID 1451396: Memory - corruptions (OVERRUN)
/src/lib/selfboot.c: 241 in selfload_mapped()
235
236 cbfssegs = &((struct cbfs_payload *)mapping)->segments;
237
238 if (check_payload_segments(cbfssegs, dest_type))
239 return false;
240
>>> CID 1451396: Memory - corruptions (OVERRUN)
>>> Overrunning struct type cbfs_payload_segment of 28 bytes by passing it
>>> to a function which accesses it at byte offset 55.
241 if (load_payload_segments(cbfssegs, ))
242 return false;
243
244 printk(BIOS_SPEW, "Loaded segments\n");
245
246 /* Pass cbtables to payload if architecture desires it. */
** CID 1451395: Control flow issues (NESTING_INDENT_MISMATCH)
/src/soc/amd/common/block/i2c/i2c.c: 105 in dw_i2c_soc_init()
*** CID 1451395: Control flow issues (NESTING_INDENT_MISMATCH)
/src/soc/amd/common/block/i2c/i2c.c: 105 in dw_i2c_soc_init()
99 if (ctrlr->mode == I2C_PERIPHERAL_MODE || !ctrlr->bar ||
100 cfg->early_init !=
is_early_init)
101 continue;
102
103 if (dw_i2c_init(bus, cfg))
104 printk(BIOS_ERR, "Failed to init i2c bus %d\n",
bus);
>>> CID 1451395: Control flow issues (NESTING_INDENT_MISMATCH)
>>> This statement is indented to column 25, as if it were nested within
>>> the preceding parent statement, but it is not.
105 continue;
106
107 soc_i2c_misc_init(bus, cfg);
108 }
109 }
110
** CID 1451394: Parse warnings (PW.PARAM_SET_BUT_NOT_USED)
/src/vendorcode/mediatek/mt8192/dramc/dramc_pi_calibration_api.c: 3630 in ()
*** CID 1451394: Parse warnings (PW.PARAM_SET_BUT_NOT_USED)
/src/vendorcode/mediatek/mt8192/dramc/dramc_pi_calibration_api.c: 3630 in ()
3624
3625msg("[WriteLevelingPosCal] DQS PI B0/B1 = %d/%d\n",
wrlevel_dqs_delay[0], wrlevel_dqs_delay[1]);
3626 }
3627 #endif
3628
3629 #define SET_PATTERN_MANUALLY_FOR_DEBUG 1
>>> CID 1451394: Parse warnings (PW.PARAM_SET_BUT_NOT_USED)
>>> parameter "isAutoK" was set but never used
3630 DRAM_STATUS_T DramcWriteLeveling(DRAMC_CTX_T *p, u8 isAutoK,
WLEV_DELAY_BASED_T stDelayBase)
3631 {
3632
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1447050: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /src/northbridge/intel/haswell/northbridge.c: 301 in mc_add_dram_resources() *** CID 1447050: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /src/northbridge/intel/haswell/northbridge.c: 301 in mc_add_dram_resources() 295 size_k = (0xa >> 10) - base_k; 296 ram_resource(dev, index++, base_k, size_k); 297 298 /* 0xc -> TSEG - DPR */ 299 base_k = 0xc >> 10; 300 size_k = (unsigned long)(mc_values[TSEG_REG] >> 10) - base_k; >>> CID 1447050: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "dpr.size >> 10" is 0 regardless of the values of its operands. This >>> occurs as the operand of assignment. 301 size_k -= dpr.size >> 10; 302 ram_resource(dev, index++, base_k, size_k); 303 304 /* TSEG - DPR -> BGSM */ 305 resource = new_resource(dev, index++); 306 resource->base = mc_values[TSEG_REG] - dpr.size; To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DEzvE_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3tvkBYCgyBeAiKFEYJ3-2BRG29tZgMvhfK-2For1wLbZpJ4kLtfU9-2FSBpTlGXKTcMZ9bJ-2Fdb46hH8gHDivW-2Bj3xNFMVR6gl79UE36NJMOcTgJbYASS7sjZgzSIwojqTBJyRWMEdFcqceYl-2B42VHrdJEB2b0R-2FijRdZuJMRUSGYQT3snlfuyfUKPqrdq7FQDVo3QVs-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1447013: Memory - corruptions (OVERRUN)
/tests/lib/memchr-test.c: 72 in test_memchr_last_character_in_string()
*** CID 1447013: Memory - corruptions (OVERRUN)
/tests/lib/memchr-test.c: 72 in test_memchr_last_character_in_string()
66
67 static void test_memchr_last_character_in_string(void **state)
68 {
69 void *v1 = memchr(test_data1, '9', test_data1_sz);
70 void *v2 = memchr(_data1[test_data1_sz - 2], '9', test_data1_sz);
71 void *v3 = memchr(test_data2, 0xff, test_data2_sz);
>>> CID 1447013: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "_data2[255UL]" of 256 bytes by
>>> passing it to a function which accesses it at byte offset 510 using
>>> argument "256UL". [Note: The source code implementation of the function has
>>> been overridden by a builtin model.]
72 void *v4 = memchr(_data2[test_data2_sz - 1], 0xff, test_data2_sz);
73
74 assert_ptr_equal(v1, v2);
75 assert_ptr_equal(v1, _data1[test_data1_sz - 2]);
76
77 assert_ptr_equal(v3, v4);
** CID 1447012: Memory - corruptions (OVERRUN)
/tests/lib/memchr-test.c: 50 in test_memchr_existing_value()
*** CID 1447012: Memory - corruptions (OVERRUN)
/tests/lib/memchr-test.c: 50 in test_memchr_existing_value()
44 static const size_t test_data2_sz = sizeof(test_data2);
45
46 static void test_memchr_existing_value(void **state)
47 {
48 /* Test using character string */
49 void *v1 = memchr(test_data1, 'A', test_data1_sz);
>>> CID 1447012: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "test_data1 + 26" of 63 bytes by
>>> passing it to a function which accesses it at byte offset 78 using argument
>>> "53UL". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
50 void *v2 = memchr(test_data1 + 26, 'A', test_data1_sz - 10);
51
52 assert_non_null(v1);
53 assert_non_null(v2);
54 assert_ptr_equal(v1, v2);
55 assert_ptr_equal(v1, _data1[26]);
** CID 1447011: Memory - corruptions (OVERRUN)
/tests/lib/memchr-test.c: 70 in test_memchr_last_character_in_string()
*** CID 1447011: Memory - corruptions (OVERRUN)
/tests/lib/memchr-test.c: 70 in test_memchr_last_character_in_string()
64 assert_ptr_equal(v1, _data2[0x33]);
65 }
66
67 static void test_memchr_last_character_in_string(void **state)
68 {
69 void *v1 = memchr(test_data1, '9', test_data1_sz);
>>> CID 1447011: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "_data1[61UL]" of 63 bytes by
>>> passing it to a function which accesses it at byte offset 123 using
>>> argument "63UL". [Note: The source code implementation of the function has
>>> been overridden by a builtin model.]
70 void *v2 = memchr(_data1[test_data1_sz - 2], '9', test_data1_sz);
71 void *v3 = memchr(test_data2, 0xff, test_data2_sz);
72 void *v4 = memchr(_data2[test_data2_sz - 1], 0xff, test_data2_sz);
73
74 assert_ptr_equal(v1, v2);
75 assert_ptr_equal(v1, _data1[test_data1_sz - 2]);
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D6fxm_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3Tk9e1SJaFU44S8RalEWMO-2FYDlRThY2cfbj5wybyXsWYsCUVDhdRaF5YVl8RSvItGokf9ANxFPH9MH4Tr-2Bk1J32nhiVOF4oGh8gR-2FzU5K5nkbcuRtw-2FDO6TPEJbtUP3dEoEtHL8G3UXT9zszV1n5vr93S1nba-2BYT9A1CWFd32oUhAVIaArm4C8r-2F59lS5qbFY-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1446761: Control flow issues (DEADCODE)
/src/lib/cbmem_common.c: 14 in cbmem_run_init_hooks()
*** CID 1446761: Control flow issues (DEADCODE)
/src/lib/cbmem_common.c: 14 in cbmem_run_init_hooks()
8 cbmem_init_hook_t *init_hook_ptr =
9 (cbmem_init_hook_t *)&_cbmem_init_hooks;
10 cbmem_init_hook_t *einit_hook_ptr =
11 (cbmem_init_hook_t *)&_ecbmem_init_hooks;
12
13 if (REGION_SIZE(cbmem_init_hooks) == 0)
>>> CID 1446761: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
14 return;
15
16 while (init_hook_ptr != einit_hook_ptr) {
17 (*init_hook_ptr)(is_recovery);
18 init_hook_ptr++;
19 }
** CID 1446760: Resource leaks (RESOURCE_LEAK)
/tests/lib/memset-test.c: 34 in setup_test()
*** CID 1446760: Resource leaks (RESOURCE_LEAK)
/tests/lib/memset-test.c: 34 in setup_test()
28
29 return 0;
30
31 error:
32 free(buf);
33 free(helper_buf);
>>> CID 1446760: Resource leaks (RESOURCE_LEAK)
>>> Variable "s" going out of scope leaks the storage it points to.
34 return -1;
35 }
36
37 static int teardown_test(void **state)
38 {
39 struct memset_test_state *s = *state;
** CID 1446759: Security best practices violations (STRING_OVERFLOW)
/src/mainboard/prodrive/hermes/mainboard.c: 99 in update_board_layout()
*** CID 1446759: Security best practices violations (STRING_OVERFLOW)
/src/mainboard/prodrive/hermes/mainboard.c: 99 in update_board_layout()
93 if (cpu->bus->dev->path.type != DEVICE_PATH_CPU_CLUSTER)
94 continue;
95 if (!cpu->enabled)
96 continue;
97 layout.cpu_count++;
98 if (!layout.cpu_name[0])
>>> CID 1446759: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 50-character fixed-size string "layout.cpu_name"
>>> by copying "cpu->name" without checking the length.
99 strcpy(layout.cpu_name, cpu->name);
100 }
101
102 if (cpuid_get_max_func() >= 0x16)
103 layout.cpu_max_non_turbo_frequency = cpuid_eax(0x16);
104
** CID 1446758: Memory - illegal accesses (NO_EFFECT)
/tests/lib/memset-test.c: 88 in test_memset_zero_size()
*** CID 1446758: Memory - illegal accesses (NO_EFFECT)
/tests/lib/memset-test.c: 88 in test_memset_zero_size()
82 for (int i = 0; i < MEMSET_BUFFER_SZ; ++i) {
83 s->base_buffer[i] = 0xFF;
84 s->helper_buffer[i] = 0xFF;
85 }
86
87 /* Expect no change in buffer after calling memset with zero size */
>>> CID 1446758: Memory - illegal accesses (NO_EFFECT)
>>> Calling "memset" with size 0: "memset(s->base_buffer, 170, 0UL)" does
>>> nothing.
88 memset(s->base_buffer, 0xAA, 0);
89 assert_memory_equal(s->base_buffer, s->helper_buffer, MEMSET_BUFFER_SZ);
90 }
91
92 static void test_memset_one_byte(void **state)
93 {
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DPGjR_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3yPoS4IAs2eM5OOsYICnqfocxRILsg61l4eWBiwDen8qJN-2Bqk-2BPXDxvN4Dzwi2xR9AT0LrJuTAE4VWw6RXCG9x6m1-2Bge2aauAAWfOjjHfckUDGliTMRm12ngfVoVGboE3ZnZCrl5wBYIDEyB-2BhsdZ20F1dhDMsBBv79MAnveitvPZSSZbjyLkq9cpbvSQtC1M-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
122 new defect(s) introduced to coreboot found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 122 defect(s)
** CID 1446367: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/chromeec/common/usb_pd_policy.c: 422 in is_usb4_vdo()
*** CID 1446367: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/chromeec/common/usb_pd_policy.c: 422 in is_usb4_vdo()
416 if (IS_PD_IDH_UFP_PTYPE(ptype)) {
417 /*
418 * Ref: USB Type-C Cable and Connector Specification
419 * Figure 5-1 USB4 Discovery and Entry Flow Model
420 * Device USB4 VDO detection.
421 */
>>> CID 1446367: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "({...; 0;}) && is_vdo_present(cnt, 4)" is always false regardless of
>>> the values of its operands. This occurs as the logical first operand of
>>> "&&".
422 return IS_ENABLED(CONFIG_USB_PD_USB4) &&
423 is_vdo_present(cnt, VDO_INDEX_PTYPE_UFP1_VDO) &&
424
PD_PRODUCT_IS_USB4(payload[VDO_INDEX_PTYPE_UFP1_VDO]);
425 }
426 return false;
427 }
** CID 1446366: Parse warnings (PARSE_ERROR)
/3rdparty/chromeec/common/motion_lid.c: 104 in ()
*** CID 1446366: Parse warnings (PARSE_ERROR)
/3rdparty/chromeec/common/motion_lid.c: 104 in ()
98 static const struct motion_sensor_t * const accel_base =
99 _sensors[CONFIG_LID_ANGLE_SENSOR_BASE];
100 static const struct motion_sensor_t * const accel_lid =
101 _sensors[CONFIG_LID_ANGLE_SENSOR_LID];
102
103 STATIC_IF(CONFIG_TABLET_MODE) void motion_lid_set_tablet_mode(int
reliable);
>>> CID 1446366: Parse warnings (PARSE_ERROR)
>>> expression must be an integral constant expression
104 STATIC_IF(CONFIG_TABLET_MODE) int lid_angle_set_tablet_mode_threshold(
105 int angle, int hys);
106
107 STATIC_IF(CONFIG_TABLET_MODE) fp_t tablet_zone_lid_angle;
108 STATIC_IF(CONFIG_TABLET_MODE) fp_t laptop_zone_lid_angle;
109 STATIC_IF(CONFIG_TABLET_MODE) int tablet_mode_lid_angle;
** CID 1446365:(DEADCODE)
/3rdparty/chromeec/driver/charger/isl923x.c: 512 in isl923x_init()
/3rdparty/chromeec/driver/charger/isl923x.c: 608 in isl923x_init()
/3rdparty/chromeec/driver/charger/isl923x.c: 473 in isl923x_init()
/3rdparty/chromeec/driver/charger/isl923x.c: 577 in isl923x_init()
/3rdparty/chromeec/driver/charger/isl923x.c: 591 in isl923x_init()
*** CID 1446365:(DEADCODE)
/3rdparty/chromeec/driver/charger/isl923x.c: 512 in isl923x_init()
506 reg |
507 ISL9237_C1_SWITCH_FREQ_599K))
508 goto init_fail;
509 }
510
511 if (IS_ENABLED(CONFIG_TRICKLE_CHARGING))
>>> CID 1446365:(DEADCODE)
>>> Execution cannot reach this statement: "if (raw_write16(chgnum, 62,...".
512 if (raw_write16(chgnum, ISL923X_REG_SYS_VOLTAGE_MIN,
513 precharge_voltage))
514 goto init_fail;
515
516 /*
517 * [10:9]: Prochot# Debounce time
/3rdparty/chromeec/driver/charger/isl923x.c: 608 in isl923x_init()
602 if (IS_ENABLED(CHARGER_ISL9238X) ||
603 IS_ENABLED(CONFIG_CHARGER_RAA489000)) {
604 /*
605 * Don't reread the prog pin and don't reload the ILIM
on ACIN.
606 * For the RAA489000, just don't reload ACLIM.
607 */
>>> CID 1446365:(DEADCODE)
>>> Execution cannot reach this statement: "if (raw_read16(chgnum, 76, ...".
608 if (raw_read16(chgnum, ISL9238_REG_CONTROL3, ))
609 goto init_fail;
610 reg |= ISL9238_C3_NO_RELOAD_ACLIM_ON_ACIN;
611 if (!IS_ENABLED(CONFIG_CHARGER_RAA489000))
612 reg |= ISL9238_C3_NO_REREAD_PROG_PIN;
613
/3rdparty/chromeec/driver/charger/isl923x.c: 473 in isl923x_init()
467 int reg;
468 const struct battery_info *bi = battery_get_info();
469 int precharge_voltage = bi->precharge_voltage ?
470 bi->precharge_voltage : bi->voltage_min;
471
472
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1445995: Code maintainability issues (UNUSED_VALUE)
/src/arch/x86/acpi_bert_storage.c: 534 in bert_new_event()
*** CID 1445995: Code maintainability issues (UNUSED_VALUE)
/src/arch/x86/acpi_bert_storage.c: 534 in bert_new_event()
528 if (!status)
529 return NULL;
530
531 status->raw_data_length = sizeof(*status);
532
533 if (!guidcmp(guid, _SEC_PROC_GENERIC_GUID))
>>> CID 1445995: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "bert_append_genproc(status)" to "r" here, but
>>> that stored value is overwritten before it can be used.
534 r = bert_append_genproc(status);
535 else if (!guidcmp(guid, _SEC_PROC_GENERIC_GUID))
536 r = bert_append_ia32x64(status);
537 if (!guidcmp(guid, _SEC_FW_ERR_REC_REF_GUID))
538 r = bert_append_fw_err(status);
539 /* else if other types not implemented */
** CID 1445994: Integer handling issues (BAD_SHIFT)
/src/soc/amd/common/block/acpi/pm_state.c: 21 in get_index_bit()
*** CID 1445994: Integer handling issues (BAD_SHIFT)
/src/soc/amd/common/block/acpi/pm_state.c: 21 in get_index_bit()
15 uint32_t t;
16
17 if (limit > TOTAL_BITS(uint32_t))
18 return -1;
19
20 /* get a mask of valid bits. Ex limit = 3, set bits 0-2 */
>>> CID 1445994: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << limit", left shifting by more than 31 bits has
>>> undefined behavior. The shift amount, "limit", is as much as 32.
21 t = (1 << limit) - 1;
22 if ((value & t) == 0)
23 return -1;
24 t = 1;
25 for (i = 0; i < limit; i++) {
26 if (value & t)
** CID 1445993: Code maintainability issues (UNUSED_VALUE)
/src/arch/x86/acpi_bert_storage.c: 536 in bert_new_event()
*** CID 1445993: Code maintainability issues (UNUSED_VALUE)
/src/arch/x86/acpi_bert_storage.c: 536 in bert_new_event()
530
531 status->raw_data_length = sizeof(*status);
532
533 if (!guidcmp(guid, _SEC_PROC_GENERIC_GUID))
534 r = bert_append_genproc(status);
535 else if (!guidcmp(guid, _SEC_PROC_GENERIC_GUID))
>>> CID 1445993: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "bert_append_ia32x64(status)" to "r" here, but
>>> that stored value is overwritten before it can be used.
536 r = bert_append_ia32x64(status);
537 if (!guidcmp(guid, _SEC_FW_ERR_REC_REF_GUID))
538 r = bert_append_fw_err(status);
539 /* else if other types not implemented */
540 else
541 r = NULL;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DA7Pg_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1M2RwJe74sKLFnZ3h2NUn0194umO0-2FySrt4EUtHLRnaxgbljk8fjcmg60mUEzRWNYgwKBfjymOz4wmsHf7VZQydJ5XJKTAlHJxh2OFCfTAb09zVCY-2B4i5i84y4ef6bDe-2Fza1mK2A8PP4DdLMKsKlx-2BylzGuhFpai3-2FeL6Xc87zspmjbXQK-2FwgQtFNrno4qkFo-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1445928: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/amd/picasso/data_fabric.c: 178 in data_fabric_set_indirect_address()
*** CID 1445928: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/amd/picasso/data_fabric.c: 178 in data_fabric_set_indirect_address()
172 {
173 uint32_t fabric_indirect_access_reg = DF_IND_CFG_INST_ACC_EN;
174 /* Register offset field [10:2] in this register corresponds to
[10:2] of the
175requested offset. */
176 fabric_indirect_access_reg |= reg & DF_IND_CFG_ACC_REG_MASK;
177 fabric_indirect_access_reg |=
>>> CID 1445928: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(func << 11) & (28 /* 7 << 2 */)" is always 0 regardless of the values
>>> of its operands. This occurs as the bitwise operand of "|".
178 (func << DF_IND_CFG_ACC_FUN_SHIFT) &
DF_IND_CFG_ACC_FUN_MASK;
179 fabric_indirect_access_reg |= instance_id <<
DF_IND_CFG_INST_ID_SHIFT;
180 pci_write_config32(SOC_DF_F4_DEV, DF_FICAA_BIOS,
fabric_indirect_access_reg);
181 }
182
183 uint32_t data_fabric_read32(uint8_t function, uint16_t reg, uint8_t
instance_id)
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D1-Op_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1oOR31weFd6fS90Zz6YAjup25FCqhuzX1PLYqPU29AhkxM0xub7IzKt6z8DWA0XgxQUEaHxyAhKG-2FWkM9H8Ct-2FduQwB4xaAKtahF-2FP2q2peUL4Xkevs-2BmiuW6RGRb5iJKB3iL0j2DsmK9E-2FImrHNnic4NOTJOGPeEBX0jNTcz3A1wZyzMsNcx035EJisUJvCs-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1445764: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/broadwell/raminit.c: 155 in setup_sdram_meminfo()
*** CID 1445764: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/broadwell/raminit.c: 155 in setup_sdram_meminfo()
149 return;
150 }
151
152 memset(mem_info, 0, sizeof(*mem_info));
153 /* Translate pei_memory_info struct data into memory_info
struct */
154 mem_info->dimm_cnt = pei_data->meminfo.dimm_cnt;
>>> CID 1445764: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
>>> "8 < 8" is always false regardless of the values of its operands
>>> because those operands are identical. This occurs as the logical first
>>> operand of "?:".
155 for (int i = 0; i < MIN(DIMM_INFO_TOTAL, PEI_DIMM_INFO_TOTAL);
i++) {
156 struct dimm_info *dimm = _info->dimm[i];
157 const struct pei_dimm_info *pei_dimm =
158 _data->meminfo.dimm[i];
159 dimm->dimm_size = pei_dimm->dimm_size;
160 dimm->ddr_type = pei_dimm->ddr_type;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DKsUG_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn17tJjpgCX7h5oLGUhbkFSPBEYFny8sg-2FRTK9DypvkliPRi1hZjFril-2BI8ZCwAJutOP9N6PGn3FWvy0BnbVtwWleruWKLyYCHK8XXoBCxgkteohm6WKnpNynq-2BbSPygZfCogX5G1PW7FTIELn9pQlHCbwMqrPVI5bRYS8GS64wSFZEnOzlYk-2BJ7ROlliZ0SLiM-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1443794: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/amd/picasso/agesa_acpi.c: 555 in gen_crat_memory_entries()
*** CID 1443794: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/amd/picasso/agesa_acpi.c: 555 in gen_crat_memory_entries()
549 dram_limit_reg = data_fabric_read_reg32(0,
DF_DRAM_LIMIT(dram_map_idx),
550
IOMS0_FABRIC_ID);
551 memory_length =
552 ((dram_limit_reg & DRAM_LIMIT_ADDR) >>
DRAM_LIMIT_ADDR_SHFT) + 1
553 - ((dram_base_reg & DRAM_BASE_ADDR) >>
DRAM_BASE_ADDR_SHFT);
554 memory_length = memory_length << 28;
>>> CID 1443794: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(dram_base_reg & 0xf000U) <<
>>> 16" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit
>>> arithmetic, and then used in a context that expects an expression of type
>>> "uint64_t" (64 bits, unsigned).
555 memory_base = (dram_base_reg & DRAM_BASE_ADDR)
556 << (28 - DRAM_BASE_ADDR_SHFT);
557
558 if (memory_base == 0) {
559 current =
560 create_crat_memory_entry(0,
0ull, 0xaull, current);
** CID 1443793: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/amd/picasso/agesa_acpi.c: 573 in gen_crat_memory_entries()
*** CID 1443793: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/amd/picasso/agesa_acpi.c: 573 in gen_crat_memory_entries()
567 dram_hole_ctl =
data_fabric_read_reg32(0, D18F0_DRAM_HOLE_CTL,
568
IOMS0_FABRIC_ID);
569 hole_base = (dram_hole_ctl &
DRAM_HOLE_CTL_BASE);
570 size_below_hole = hole_base -
memory_base;
571 current = create_crat_memory_entry(0,
memory_base,
572
size_below_hole, current);
>>> CID 1443793: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "((dram_limit_reg & 0xf000U) >>
>>> 12) + 1U - 16U << 28" with type "unsigned int" (32 bits, unsigned) is
>>> evaluated using 32-bit arithmetic, and then used in a context that expects
>>> an expression of type "uint64_t" (64 bits, unsigned).
573 memory_length = (((dram_limit_reg &
DRAM_LIMIT_ADDR)
574 >>
DRAM_LIMIT_ADDR_SHFT)
575 + 1 - 0x10)
576 << 28;
577 memory_base = 0x1;
578 new_entries++;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DKxKX_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn27IwyrWRBntMPX62SZmuTrS8UqRE0E-2FpeaP1cjX1EdgyiMfa-2Fs4oO-2FuJIxNgJLL2a-2Bq3PLDuRH6rHP46vYe-2Bn9F4j2x-2Be2BZSnpkdHzXcYVxf0oBdVw8ykvTEG8-2BKou7Qze2DYHTN6jRc5zh7IFWVAtL81g3GKsZbWc2B2nnL2UM0r4TDt0-2BbUNT-2FwAqEKtQM-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1442304: Null pointer dereferences (NULL_RETURNS)
/src/soc/intel/braswell/ramstage.c: 128 in soc_fill_acpi_wake()
*** CID 1442304: Null pointer dereferences (NULL_RETURNS)
/src/soc/intel/braswell/ramstage.c: 128 in soc_fill_acpi_wake()
122 /* Save wake source information for calculating ACPI _SWS values */
123 int soc_fill_acpi_wake(uint32_t *pm1, uint32_t **gpe0)
124 {
125 struct chipset_power_state *ps =
cbmem_find(CBMEM_ID_POWER_STATE);
126 static uint32_t gpe0_sts;
127
>>> CID 1442304: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "ps", which is known to be "NULL".
128 *pm1 = ps->pm1_sts & ps->pm1_en;
129
130 gpe0_sts = ps->gpe0_sts & ps->gpe0_en;
131 *gpe0 = _sts;
132
133 return 1;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dx3NG_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2MWV4DMxtkjREa2wHkAHySOD8hAD4VJ5OWBXIBaEihSW-2FUV4hPPIQ3BL1-2FlCdP2PA5cJ6NuyRJjpZCgs-2FLlqmUpCLVNGnK5Cb6UkA05CpvpQ-2Bihhod8rdH8HJaBXNy6EdFQJ0mVaITcbizxiDAr-2FPL2MgTx-2BF4m36IfrirP1fn6P6XRdpjUJLWeS9DvaApkr0-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1441844:(NULL_RETURNS)
/util/intelmetool/intelmetool.c: 55 in dumpmemfile()
/util/intelmetool/intelmetool.c: 53 in dumpmemfile()
*** CID 1441844:(NULL_RETURNS)
/util/intelmetool/intelmetool.c: 55 in dumpmemfile()
49 {
50 FILE *fp = fopen("medump.bin", "w");
51 uint32_t i;
52 for (i = 0; i < size; i++) {
53 fprintf(fp, "%c", *((uint8_t *) (phys + i)));
54 }
>>> CID 1441844:(NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "fp" when calling "fclose".
55 fclose(fp);
56 }
57
58 static int isCPUGenuineIntel(void)
59 {
60 regs_t regs;
/util/intelmetool/intelmetool.c: 53 in dumpmemfile()
47
48 static void dumpmemfile(uint8_t *phys, uint32_t size)
49 {
50 FILE *fp = fopen("medump.bin", "w");
51 uint32_t i;
52 for (i = 0; i < size; i++) {
>>> CID 1441844:(NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "fp" when calling
>>> "fprintf". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
53 fprintf(fp, "%c", *((uint8_t *) (phys + i)));
54 }
55 fclose(fp);
56 }
57
58 static int isCPUGenuineIntel(void)
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DyVGK_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2niRMgNqnR8qkZSR4RB52QHGLy8EwFtoU4zkN9vgeQVyAHW7r6rLDAaPKN2OwjmrxGCpO6IK5Lz-2BfAbzinfno52TJdrfCSpiQPbiHNFQfAU1zGylp5q063i9pj-2Bl-2BQquuKMaUKYa5Poqm409WovY0u7EyTkCGZ36Hpzzw9061B2l34f08lUz9xAJM3bSVOZW0-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1419483: Memory - corruptions (OVERRUN) /src/vendorcode/eltan/security/verified_boot/vboot_check.c: 85 in verified_boot_check_manifest() *** CID 1419483: Memory - corruptions (OVERRUN) /src/vendorcode/eltan/security/verified_boot/vboot_check.c: 85 in verified_boot_check_manifest() 79 pre->body_signature.data_size = CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_ITEMS * 80 DIGEST_SIZE; 81 pre->body_signature.sig_offset = sizeof(struct vb2_signature) + 82 pre->body_signature.data_size; 83 pre->body_signature.sig_size = size - pre->body_signature.data_size; 84 sd->workbuf_used += size; >>> CID 1419483: Memory - corruptions (OVERRUN) >>> Overrunning struct type vb2_signature of 24 bytes by passing it to a >>> function which accesses it at byte offset 663 using argument "size" (which >>> evaluates to 640). [Note: The source code implementation of the function >>> has been overridden by a builtin model.] 85 memcpy((void *)((void *)>body_signature + (long)sizeof(struct vb2_signature)), 86 (uint8_t *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, size); 87 88 89 if (vb2api_verify_kernel_data(ctx, (void *)CONFIG_VENDORCODE_ELTAN_OEM_MANIFEST_LOC, 90pre->body_signature.data_size)) To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DyVzL_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3nqY8HPK8e8YVnMZGxbWG1aaGWeSLFNzNVrgknn3sEILlxra1kp3dSPq8hliQIYiDW-2Fu0CRw79mUGAvlXGa3EJU0ys-2FHQpqcZJbPIwqdiZa053TDQD0ZFtyIRZebHPH5aKI0UXhbNzjGHTOd6dE6LeQixZNgN9hq7bphaxwnf-2Fy2sNVrLw9Fv-2BFkNdGqHihsY-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1436518: Error handling issues (CHECKED_RETURN) /src/lib/hardwaremain.c: 447 in main() *** CID 1436518: Error handling issues (CHECKED_RETURN) /src/lib/hardwaremain.c: 447 in main() 441 cbmem_initialize(); 442 443 timestamp_add_now(TS_START_RAMSTAGE); 444 post_code(POST_ENTRY_RAMSTAGE); 445 446 /* Handoff sleep type from romstage. */ >>> CID 1436518: Error handling issues (CHECKED_RETURN) >>> Calling "acpi_is_wakeup_s3" without checking return value (as is done >>> elsewhere 89 out of 93 times). 447 acpi_is_wakeup_s3(); 448 threads_initialize(); 449 450 /* Schedule the static boot state entries. */ 451 boot_state_schedule_static_entries(); 452 To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D5jj4_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn309YsPRKe46LABdwNtelq0dCBTcVnBKsdKaSOnR-2FJB71VzduR3bIz1THeKbiuD2mfab3bmAzvGOv6TCGxK74E56-2FB0coVPhcQAurgFmkqW8ey0mFjcXnhw1J9LsgEmMrdi2BbkKCRzTq9gsCfwhr0xsQXss6iUAO2QVOmh-2FOTGCAZZSVsg4NLzW2urgU1vR08-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
91 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1436157: Memory - illegal accesses (OVERRUN)
/src/lib/fw_config.c: 86 in fw_config_get_found()
*** CID 1436157: Memory - illegal accesses (OVERRUN)
/src/lib/fw_config.c: 86 in fw_config_get_found()
80 return __ffs64(mask);
81 }
82
83 const struct fw_config *fw_config_get_found(uint64_t field_mask)
84 {
85 const struct fw_config *config;
>>> CID 1436157: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "cached_configs" of 64 4-byte elements at element
>>> index 4294967295 (byte offset 17179869183) using index
>>> "probe_index(field_mask)" (which evaluates to 4294967295).
86 config = cached_configs[probe_index(field_mask)];
87 if (config && config->mask == field_mask)
88 return config;
89
90 return NULL;
91 }
** CID 1436156: Memory - corruptions (OVERRUN)
/src/lib/fw_config.c: 116 in fw_config_init()
*** CID 1436156: Memory - corruptions (OVERRUN)
/src/lib/fw_config.c: 116 in fw_config_init()
110 if (!dev->probe_list)
111 continue;
112
113 for (probe = dev->probe_list; probe && probe->mask !=
0; probe++) {
114 if (fw_config_probe(probe)) {
115 match = true;
>>> CID 1436156: Memory - corruptions (OVERRUN)
>>> Overrunning array "cached_configs" of 64 4-byte elements at element
>>> index 4294967295 (byte offset 17179869183) using index
>>> "probe_index(probe->mask)" (which evaluates to 4294967295).
116
cached_configs[probe_index(probe->mask)] = probe;
117 break;
118 }
119 }
120
121 if (!match) {
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D_JG0_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0MdpVZQEVzsPXquYIHhmImy-2FnuPcK-2B3EywBgUgHJK7Obzafrl6DZgNWPWi-2BMPa9nXSE5KlQeyiKp8FII8xU4yIH28a0KDGr8Q0ww5FlX4UGvKuzyr0vVPAfjtktRilkyogAIeiXuCIOFOSVwHHOln4odEU6Jr2pmbS-2FRSJ4-2BDaLFAYpjvUX7YgHkRMC8gmmII-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1435893: Integer handling issues (BAD_SHIFT)
/tests/lib/imd-test.c: 30 in align_up_pow2()
*** CID 1435893: Integer handling issues (BAD_SHIFT)
/tests/lib/imd-test.c: 30 in align_up_pow2()
24 #define SM_ENTRY_ID 0xB001
25
26 #define INVALID_REGION_ID 0xC001
27
28 static uint32_t align_up_pow2(uint32_t x)
29 {
>>> CID 1435893: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << log2_ceil(x)", shifting by a negative amount has
>>> undefined behavior. The shift amount, "log2_ceil(x)", is -1.
30 return (1 << log2_ceil(x));
31 }
32
33 static size_t max_entries(size_t root_size)
34 {
35 return (root_size - sizeof(struct imd_root_pointer) - sizeof(struct
imd_root))
** CID 1435892: Null pointer dereferences (FORWARD_NULL)
*** CID 1435892: Null pointer dereferences (FORWARD_NULL)
/tests/lib/imd-test.c: 605 in test_imd_entry_at()
599 fail_msg("Cannot allocate enough memory - fail test");
600 imd_handle_init(, (void *)(LIMIT_ALIGN + (uintptr_t)base));
601
602 assert_int_equal(0, imd_create_empty(, LG_ROOT_SIZE,
LG_ENTRY_ALIGN));
603
604 /* Fail when entry is NULL */
>>> CID 1435892: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "e" to "imd_entry_at", which dereferences it.
605 assert_null(imd_entry_at(, e));
606
607 entry = imd_entry_add(, LG_ENTRY_ID, LG_ENTRY_SIZE);
608 assert_non_null(entry);
609
610 r = (struct imd_root *)imd.lg.r;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DA4SQ_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2ma22GtF7SE75PlEeWNJIPEArxJvbckbeqR14X6IevJr9McNFRUQeDwHi05iKwLZhHIsg4JEi8T-2BqUcb4Ep0DVeBsdxeJgmVjgJH4HHOiQRECxX6b9I9fGGaIwzI9MdZHhYRW8nOa7nOAT1KhN-2FrjHd-2FAOjr6CFUoqLtPHgYpHOYniW1z3CR8hRKrHvJIv6-2B8-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 2 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1435826: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /src/cpu/x86/mtrr/mtrr.c: 487 in calc_var_mtrr_range() *** CID 1435826: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /src/cpu/x86/mtrr/mtrr.c: 487 in calc_var_mtrr_range() 481 size_msb = fms64(size); 482 483 /* All MTRR entries need to have their base aligned to the mask 484 * size. The maximum size is calculated by a function of the 485 * min base bit set and maximum size bit set. */ 486 if (addr_lsb > size_msb) >>> CID 1435826: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "1 << size_msb" with type "int" (32 >>> bits, signed) is evaluated using 32-bit arithmetic, and then used in a >>> context that expects an expression of type "uint64_t" (64 bits, unsigned). 487 mtrr_size = 1 << size_msb; 488 else 489 mtrr_size = 1 << addr_lsb; 490 491 if (var_state->prepare_msrs) 492 prep_var_mtrr(var_state, base, mtrr_size, mtrr_type); ** CID 1435825: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /src/cpu/x86/mtrr/mtrr.c: 489 in calc_var_mtrr_range() *** CID 1435825: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /src/cpu/x86/mtrr/mtrr.c: 489 in calc_var_mtrr_range() 483 /* All MTRR entries need to have their base aligned to the mask 484 * size. The maximum size is calculated by a function of the 485 * min base bit set and maximum size bit set. */ 486 if (addr_lsb > size_msb) 487 mtrr_size = 1 << size_msb; 488 else >>> CID 1435825: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "1 << addr_lsb" with type "int" (32 >>> bits, signed) is evaluated using 32-bit arithmetic, and then used in a >>> context that expects an expression of type "uint64_t" (64 bits, unsigned). 489 mtrr_size = 1 << addr_lsb; 490 491 if (var_state->prepare_msrs) 492 prep_var_mtrr(var_state, base, mtrr_size, mtrr_type); 493 494 size -= mtrr_size; To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DJJ9w_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1YX5N6cWDwwMmHZEMkVeyzaIGWlVpKl9JmDSx8fErvZw1iKjPjKW-2BtXXuvuuqtla-2BMq9eYGMLAAHryDIhaYdYnwFJ-2ByY6TSOVWiZA5OQxbBIpjima8AP15-2BIiNUS97bi8WZVhNWDpzhxgf-2BSBMHV-2FXL2fMQSy1sY6-2FdTVjCZLlqItUZSFE4qjJjXx8-2Fcy8nus-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
156 new defect(s) introduced to coreboot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 156 defect(s)
** CID 1434841: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/stm/Stm/StmPkg/Core/StmResource.c: 351 in IsResourceNodeValid()
*** CID 1434841: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/3rdparty/stm/Stm/StmPkg/Core/StmResource.c: 351 in IsResourceNodeValid()
345 }
346 break;
347 case MMIO_RANGE:
348 if (ResourceNode->Header.Length != sizeof(STM_RSC_MMIO_DESC)) {
349 goto CheckFail;
350 }
>>> CID 1434841: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "ResourceNode->Mmio.RWXAttributes & -8 /* ~((1 | 2) | 4) */" is always
>>> 0 regardless of the values of its operands. This occurs as a value.
351 if ((ResourceNode->Mmio.RWXAttributes & ~(STM_RSC_MMIO_R |
STM_RSC_MMIO_W | STM_RSC_MMIO_X)) != 0) {
352 goto CheckFail;
353 }
354 if (ResourceNode->Mmio.Reserved != 0) {
355 goto CheckFail;
356 }
** CID 1434840: Integer handling issues (INCOMPATIBLE_CAST)
*** CID 1434840: Integer handling issues (INCOMPATIBLE_CAST)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/SmmVmcallHandler.c: 435 in
SmmVmcallHandler()
429 if (StmVmcallHandler == NULL) {
430 DEBUG((EFI_D_INFO, "%ld SmmVmcallHandler -
GetSmmVmcallHandlerByIndex - %x!\n", Index, (UINTN)ReadUnaligned32 ((UINT32
*)>Rax)));
431 // Should not happen
432 CpuDeadLoop ();
433 Status = ERROR_INVALID_API;
434 } else {
>>> CID 1434840: Integer handling issues (INCOMPATIBLE_CAST)
>>> Pointer ">Rbx" points to an object whose effective type is
>>> "unsigned long long" (64 bits, unsigned) but is dereferenced as a narrower
>>> "unsigned int" (32 bits, unsigned). This may lead to unexpected results
>>> depending on machine endianness.
435 AddressParameter = ReadUnaligned32 ((UINT32 *)>Rbx) +
LShiftU64 (ReadUnaligned32 ((UINT32 *)>Rcx), 32);
436 Status = StmVmcallHandler (Index, AddressParameter);
437 }
438
439 WriteUnaligned32 ((UINT32 *)>Rax, Status);
440 if (Status == STM_SUCCESS) {
** CID 1434839:(UNUSED_VALUE)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 569 in PostPeVmProc()
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 573 in PostPeVmProc()
*** CID 1434839:(UNUSED_VALUE)
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 569 in PostPeVmProc()
563 if
(mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched) {
564 Rflags = AsmVmResume
([CpuIndex].Register);
565 // BUGBUG: - AsmVmLaunch if AsmVmResume fail
566 if (VmRead32
(VMCS_32_RO_VM_INSTRUCTION_ERROR_INDEX) ==
567
VmxFailErrorVmResumeWithNonLaunchedVmcs) {
568 DEBUG ((EFI_D_ERROR, "%ld :-(\n",
(UINTN)CpuIndex));
>>> CID 1434839:(UNUSED_VALUE)
>>> Assigning value from
>>> "AsmVmLaunch([CpuIndex].Register)"
>>> to "Rflags" here, but that stored value is overwritten before it can be
>>> used.
569 Rflags = AsmVmLaunch
([CpuIndex].Register);
570 }
571 } else {
572
mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched = TRUE;
573 Rflags = AsmVmLaunch
([CpuIndex].Register);
574 DEBUG ((EFI_D_ERROR, "PostPeVmProc - somehow we
did not launch\n"));
/3rdparty/stm/Stm/StmPkg/Core/Runtime/PeLoadVm.c: 573 in PostPeVmProc()
567
VmxFailErrorVmResumeWithNonLaunchedVmcs) {
568 DEBUG ((EFI_D_ERROR, "%ld :-(\n",
(UINTN)CpuIndex));
569 Rflags = AsmVmLaunch
([CpuIndex].Register);
570 }
571 } else {
572
mGuestContextCommonSmi.GuestContextPerCpu[CpuIndex].Launched = TRUE;
>>> CID 1434839:(UNUSED_VALUE)
>>> Assigning value from
>>> "AsmVmLaunch([CpuIndex].Register)"
>>> to "Rflags" here, but that stored value is overwritten before it can be
>>> used.
573 Rflags = AsmVmLaunch
([CpuIndex].Register);
574
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
58 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 58 defect(s)
** CID 1433626: Insecure data handling (TAINTED_SCALAR)
/src/lib/cbfs.c: 328 in cbfs_prog_stage_load()
*** CID 1433626: Insecure data handling (TAINTED_SCALAR)
/src/lib/cbfs.c: 328 in cbfs_prog_stage_load()
322 fsize = cbfs_stage_load_and_decompress(fh, foffset, fsize, load,
323 stage.memlen,
stage.compression);
324 if (!fsize)
325 return -1;
326
327 /* Clear area not covered by file. */
>>> CID 1433626: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "stage.memlen - fsize" to a tainted sink.
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
328 memset([fsize], 0, stage.memlen - fsize);
329
330 prog_segment_loaded((uintptr_t)load, stage.memlen, SEG_FINAL);
331
332 out:
333 prog_set_area(pstage, load, stage.memlen);
** CID 1432270: Parse warnings (PARSE_ERROR)
/3rdparty/arm-trusted-firmware/include/lib/libc/stdint.h: 93 in ()
*** CID 1432270: Parse warnings (PARSE_ERROR)
/3rdparty/arm-trusted-firmware/include/lib/libc/stdint.h: 93 in ()
87 #define INTMAX_C(x) x ## LL
88 #define UINTMAX_C(x) x ## ULL
89
90 typedef signed char int8_t;
91 typedef short int16_t;
92 typedef int int32_t;
>>> CID 1432270: Parse warnings (PARSE_ERROR)
>>> invalid redeclaration of type name "int64_t" (declared at line 1413 of
>>> "/home/coreboot/node-root/workspace/coreboot-coverity/cov-int/emit/9bbe52bbb28b/config/29ec7ea376092a30b16589a913b3478c/gcc-config-0/coverity-compiler-compat.h")
93 typedef long long int64_t;
94
95 typedef unsigned char uint8_t;
96 typedef unsigned short uint16_t;
97 typedef unsigned int uint32_t;
98 typedef unsigned long long uint64_t;
** CID 1429983: Control flow issues (DEADCODE)
/src/drivers/uart/acpi/acpi.c: 104 in uart_acpi_fill_ssdt()
*** CID 1429983: Control flow issues (DEADCODE)
/src/drivers/uart/acpi/acpi.c: 104 in uart_acpi_fill_ssdt()
98 reset_gpio_index >= 0 || enable_gpio_index >= 0) {
99 struct acpi_dp *dsd = acpi_dp_new_table("_DSD");
100 if (config->compat_string)
101 acpi_dp_add_string(dsd, "compatible",
102config->compat_string);
103 if (irq_gpio_index >= 0)
>>> CID 1429983: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "acpi_dp_add_gpio(dsd, "irq-...".
104 acpi_dp_add_gpio(dsd, "irq-gpios", path,
105 irq_gpio_index, 0,
106 config->irq_gpio.active_low);
107 if (reset_gpio_index >= 0)
108 acpi_dp_add_gpio(dsd, "reset-gpios", path,
109 reset_gpio_index, 0,
** CID 1429781: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb()
*** CID 1429781: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb()
102min base bit set and maximum size bit set. */
103 if (addr_lsb > size_msb)
104 mtrr_size = 1 << size_msb;
105 else
106 mtrr_size = 1 << addr_lsb;
107
>>> CID 1429781: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(uint64_t)addr >> 32" is 0 regardless of the values of its operands.
>>> This occurs as the operand of assignment.
108 base.hi = (uint64_t)addr >> 32;
109 base.lo = addr | type;
110 mask.hi = ctx->upper_mask;
111 mask.lo = ~(mtrr_size - 1) | MTRR_PHYS_MASK_VALID;
112 callback(ctx, addr, mtrr_size, base, mask);
113 ctx->used_var_mtrrs++;
** CID 1429778: Integer handling issues (BAD_SHIFT)
/src/cpu/x86/mtrr/earlymtrr.c: 108 in var_mtrr_set_with_cb()
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
113 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 113 defect(s)
** CID 1432759: Performance inefficiencies (PASS_BY_VALUE)
/src/soc/intel/xeon_sp/cpx/acpi.c: 608 in acpi_create_dmar_ds_pci_br_for_port()
*** CID 1432759: Performance inefficiencies (PASS_BY_VALUE)
/src/soc/intel/xeon_sp/cpx/acpi.c: 608 in acpi_create_dmar_ds_pci_br_for_port()
602
603 /*
604 * This function adds PCIe bridge device entry in DMAR table. If it is
called
605 * in the context of ATSR subtable, it adds ATSR subtable when it is
first called.
606 */
607 static unsigned long acpi_create_dmar_ds_pci_br_for_port(unsigned long
current,
>>> CID 1432759: Performance inefficiencies (PASS_BY_VALUE)
>>> Passing parameter iio_resource of type "IIO_RESOURCE_INSTANCE" (size
>>> 623 bytes) by value.
608 int port, int stack, IIO_RESOURCE_INSTANCE iio_resource,
uint32_t pcie_seg,
609 bool is_atsr, bool *first)
610 {
611
612 if (get_stack_for_port(port) != stack)
613 return 0;
** CID 1431154: Control flow issues (DEADCODE)
/src/ec/kontron/kempld/kempld_i2c.c: 254 in kempld_i2c_device_init()
*** CID 1431154: Control flow issues (DEADCODE)
/src/ec/kontron/kempld/kempld_i2c.c: 254 in kempld_i2c_device_init()
248 if (spec_major == 1)
249 prescale = KEMPLD_CLK / (KEMPLD_I2C_FREQ_STD * 5) -
1000;
250 else
251 prescale = KEMPLD_CLK / (KEMPLD_I2C_FREQ_STD * 4) -
3000;
252
253 if (prescale < 0)
>>> CID 1431154: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "prescale = 0L;".
254 prescale = 0;
255
256 /* Round to the best matching value */
257 prescale_corr = prescale / 1000;
258 if (prescale % 1000 >= 500)
259 prescale_corr++;
** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/gcov-glue.c: 128 in coverage_init()
*** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/gcov-glue.c: 128 in coverage_init()
122 extern long __CTOR_LIST__;
123 typedef void (*func_ptr)(void);
124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__;
125 if (ctor == NULL)
126 return;
127
>>> CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "ctor" as an array. This might corrupt or misinterpret adjacent
>>> memory locations.
128 for (; *ctor != (func_ptr) 0; ctor++)
129 (*ctor)();
130 }
131
132 void __gcov_flush(void);
133 static void coverage_exit(void *unused)
** CID 1431126:(DEADCODE)
/src/lib/libgcov.c: 425 in gcov_exit()
/src/lib/libgcov.c: 391 in gcov_exit()
*** CID 1431126:(DEADCODE)
/src/lib/libgcov.c: 425 in gcov_exit()
419 fname += 2;
420
421 /* Build relocated filename, stripping off leading
422 * directories from the initial filename if requested.
423 */
424 if (gcov_prefix_strip > 0) {
>>> CID 1431126:(DEADCODE)
>>> Execution cannot reach this statement: "level = 0;".
425 int level = 0;
426
427 s = fname;
428 if (IS_DIR_SEPARATOR(*s))
429 ++s;
430
/src/lib/libgcov.c: 391 in gcov_exit()
385 } else
386 #endif
387 prefix_length = 0;
388
389 /* If no prefix was specified and a prefix strip, then we assume
390 relative. */
>>> CID 1431126:(DEADCODE)
>>> Execution cannot reach the expression "prefix_length == 0UL" inside
>>> this statement: "if (gcov_prefix_strip != 0 ...".
391 if (gcov_prefix_strip != 0 && prefix_length == 0) {
392 gcov_prefix = ".";
393 prefix_length = 1;
394 }
395 /* Allocate and initialize the filename scratch space plus one.
*/
396 gi_filename = (char *) alloca(prefix_length + gcov_max_filename
+ 2);
** CID 1431125: Control flow issues
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
179 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1432727: Resource leaks (RESOURCE_LEAK)
/src/drivers/intel/mipi_camera/camera.c: 458 in camera_fill_nvm()
*** CID 1432727: Resource leaks (RESOURCE_LEAK)
/src/drivers/intel/mipi_camera/camera.c: 458 in camera_fill_nvm()
452 static void camera_fill_nvm(const struct device *dev)
453 {
454 struct drivers_intel_mipi_camera_config *config =
dev->chip_info;
455 struct acpi_dp *dsd = acpi_dp_new_table("_DSD");
456
457 if (!config->nvm_compat)
>>> CID 1432727: Resource leaks (RESOURCE_LEAK)
>>> Variable "dsd" going out of scope leaks the storage it points to.
458 return;
459
460 /* It might be possible to default size or width based on type.
*/
461 if (!config->disable_nvm_defaults && !config->nvm_pagesize)
462 config->nvm_pagesize = 1;
463
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DsrSh_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1Q6zzpnSv2mnLQInNz1eE3oG7eIBt-2Biv6POOVk56yp12rGozWgBHCmVVkXbgNOTtiktt3S6Z5M2ubhMRYavptukzZafxe-2FAIRJwddcbL82vbauBtksquxQRFXn8xK9tSVQ6PyTPPJ8rAPGfNzkQI2HNYQwj8XakFv-2Br4Dq9eDAO7d1AZpI4e3jsOo9jBqY1xs-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1432491: Error handling issues (CHECKED_RETURN)
/src/mainboard/google/volteer/mainboard.c: 46 in
mainboard_update_soc_chip_config()
*** CID 1432491: Error handling issues (CHECKED_RETURN)
/src/mainboard/google/volteer/mainboard.c: 46 in
mainboard_update_soc_chip_config()
40 dev->ops->acpi_inject_dsdt = chromeos_dsdt_generator;
41 dev->ops->get_smbios_strings = mainboard_smbios_strings;
42 }
43
44 void mainboard_update_soc_chip_config(struct soc_intel_tigerlake_config
*cfg)
45 {
>>> CID 1432491: Error handling issues (CHECKED_RETURN)
>>> Calling "tlcl_lib_init" without checking return value (as is done
>>> elsewhere 10 out of 11 times).
46 tlcl_lib_init();
47 if (cr50_is_long_interrupt_pulse_enabled()) {
48 printk(BIOS_INFO, "Enabling S0i3.4\n");
49 } else {
50 /*
51 * Disable S0i3.4, preventing the GPIO block from switching to
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DZwSP_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1-2BoO0nwIVkpXKtEd9kWwmA8PTm4t0zw8d9Joq5O4vLtN6No-2FjJZ-2FK-2BBnI1CnfhFVPAB1gFTyiWx5GtWsf5QT9QwUztub1KssCE4ddat0T6i9mW-2BdLyBy4OQMYwfVTYigXY4b79udi9SZoG8xVDoiScxcb-2FC0nRWzdb-2BTEFidoEKPf9zULBulb-2Fem5lu5ZaFhA-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1432270: Parse warnings (PARSE_ERROR) /3rdparty/arm-trusted-firmware/include/lib/libc/stdint.h: 93 in () *** CID 1432270: Parse warnings (PARSE_ERROR) /3rdparty/arm-trusted-firmware/include/lib/libc/stdint.h: 93 in () 87 #define INTMAX_C(x) x ## LL 88 #define UINTMAX_C(x) x ## ULL 89 90 typedef signed char int8_t; 91 typedef short int16_t; 92 typedef int int32_t; >>> CID 1432270: Parse warnings (PARSE_ERROR) >>> invalid redeclaration of type name "int64_t" (declared at line 1413 of >>> "/home/coreboot/slave-root/workspace/coreboot-coverity/cov-int/emit/9bbe52bbb28b/config/29ec7ea376092a30b16589a913b3478c/gcc-config-0/coverity-compiler-compat.h") 93 typedef long long int64_t; 94 95 typedef unsigned char uint8_t; 96 typedef unsigned short uint16_t; 97 typedef unsigned int uint32_t; 98 typedef unsigned long long uint64_t; To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dvqk4_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn06COTjrERaNehcdFVOUJzAktIbXSybA-2BbJ8qyf91ZbZAD6UO2pq-2BZRK0TNjRawyIBB4h5s8DGEmjw3mwB4qcnVCEZCYq3cHJYlhlIJG7UtK9p92Qs-2BAjrIvsvRXNOHUBGfeQhPLVZqBiqtbLbkPaRb5Vcdf8G5uF2alNqP9gAP1g8aDlnuEnyqMqX8HSui88Q-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1431994: Error handling issues (CHECKED_RETURN)
/src/vendorcode/google/chromeos/cse_board_reset.c: 18 in cse_board_reset()
*** CID 1431994: Error handling issues (CHECKED_RETURN)
/src/vendorcode/google/chromeos/cse_board_reset.c: 18 in cse_board_reset()
12
13 void cse_board_reset(void)
14 {
15 struct cr50_firmware_version version;
16
17 /* Initialize TPM and get the cr50 firmware version. */
>>> CID 1431994: Error handling issues (CHECKED_RETURN)
>>> Calling "tlcl_lib_init" without checking return value (as is done
>>> elsewhere 9 out of 10 times).
18 tlcl_lib_init();
19 cr50_get_firmware_version();
20 /*
21 * Cr50 firmware versions 0.[3|4].20 or newer support strap config 0xe
where PLTRST from
22 * AP is connected to cr50's PLTRST# signal. So return immediately and
trigger a
23 * global reset.
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dud8r_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3mDLkqxQ7nSvw0Erui80MrxlU6W-2B95AMNJBr9H6J8T6GL7KpymCJkWFVpiXNGpdMR6BEvw6i9-2Bj5cVtj80FeVn06NEOx4dexw-2BkbXy5Ir0R5kKeVr0bppfm5hdSjt5MOOnoGoZEiu65p0Izr733lKAzTgAXOGL-2BwM9gZ3h0xGPTWXM3HBOfTV6EEWwMv07bNc-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1431154: Control flow issues (DEADCODE)
/src/ec/kontron/kempld/kempld_i2c.c: 254 in kempld_i2c_device_init()
*** CID 1431154: Control flow issues (DEADCODE)
/src/ec/kontron/kempld/kempld_i2c.c: 254 in kempld_i2c_device_init()
248 if (spec_major == 1)
249 prescale = KEMPLD_CLK / (KEMPLD_I2C_FREQ_STD * 5) -
1000;
250 else
251 prescale = KEMPLD_CLK / (KEMPLD_I2C_FREQ_STD * 4) -
3000;
252
253 if (prescale < 0)
>>> CID 1431154: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "prescale = 0L;".
254 prescale = 0;
255
256 /* Round to the best matching value */
257 prescale_corr = prescale / 1000;
258 if (prescale % 1000 >= 500)
259 prescale_corr++;
** CID 1353302:(OVERRUN)
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 74 in keyboard_raw_drive_column()
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 71 in keyboard_raw_drive_column()
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 66 in keyboard_raw_drive_column()
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 83 in keyboard_raw_drive_column()
*** CID 1353302:(OVERRUN)
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 74 in keyboard_raw_drive_column()
68
69 if (out == KEYBOARD_COLUMN_ALL) {
70 /* drive low (clear bit) */
71 bsrr |= gpio_list[j].mask << 16;
72 } else if (out == KEYBOARD_COLUMN_NONE) {
73 /* put output in hi-Z state (set bit) */
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
74 bsrr |= gpio_list[j].mask;
75 } else if (j - GPIO_KB_OUT00 == out) {
76 /*
77 * Drive specified output low, others => hi-Z.
78 *
79 * To avoid conflict, tri-state all outputs
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 71 in keyboard_raw_drive_column()
65 for (j = GPIO_KB_OUT00; j <= GPIO_KB_OUT12; j++) {
66 if (gpio_list[j].port != kb_out_ports[i])
67 continue;
68
69 if (out == KEYBOARD_COLUMN_ALL) {
70 /* drive low (clear bit) */
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
71 bsrr |= gpio_list[j].mask << 16;
72 } else if (out == KEYBOARD_COLUMN_NONE) {
73 /* put output in hi-Z state (set bit) */
74 bsrr |= gpio_list[j].mask;
75 } else if (j - GPIO_KB_OUT00 == out) {
76 /*
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 66 in keyboard_raw_drive_column()
60
61 for (i = 0; i < ARRAY_SIZE(kb_out_ports); i++) {
62 uint32_t bsrr = 0;
63 int j;
64
65 for (j = GPIO_KB_OUT00; j <= GPIO_KB_OUT12; j++) {
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
66 if (gpio_list[j].port != kb_out_ports[i])
67 continue;
68
69 if (out == KEYBOARD_COLUMN_ALL) {
70 /* drive low (clear bit) */
71 bsrr |= gpio_list[j].mask << 16;
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 83 in keyboard_raw_drive_column()
77 * Drive specified output low, others => hi-Z.
78 *
79 * To avoid conflict, tri-state all outputs
80 * first, then assert specified output.
81 */
82 keyboard_raw_drive_column(KEYBOARD_COLUMN_NONE);
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
7 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/gcov-glue.c: 128 in coverage_init()
*** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/gcov-glue.c: 128 in coverage_init()
122 extern long __CTOR_LIST__;
123 typedef void (*func_ptr)(void);
124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__;
125 if (ctor == NULL)
126 return;
127
>>> CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "ctor" as an array. This might corrupt or misinterpret adjacent
>>> memory locations.
128 for (; *ctor != (func_ptr) 0; ctor++)
129 (*ctor)();
130 }
131
132 void __gcov_flush(void);
133 static void coverage_exit(void *unused)
** CID 1431126:(DEADCODE)
/src/lib/libgcov.c: 425 in gcov_exit()
/src/lib/libgcov.c: 391 in gcov_exit()
*** CID 1431126:(DEADCODE)
/src/lib/libgcov.c: 425 in gcov_exit()
419 fname += 2;
420
421 /* Build relocated filename, stripping off leading
422 * directories from the initial filename if requested.
423 */
424 if (gcov_prefix_strip > 0) {
>>> CID 1431126:(DEADCODE)
>>> Execution cannot reach this statement: "level = 0;".
425 int level = 0;
426
427 s = fname;
428 if (IS_DIR_SEPARATOR(*s))
429 ++s;
430
/src/lib/libgcov.c: 391 in gcov_exit()
385 } else
386 #endif
387 prefix_length = 0;
388
389 /* If no prefix was specified and a prefix strip, then we assume
390 relative. */
>>> CID 1431126:(DEADCODE)
>>> Execution cannot reach the expression "prefix_length == 0UL" inside
>>> this statement: "if (gcov_prefix_strip != 0 ...".
391 if (gcov_prefix_strip != 0 && prefix_length == 0) {
392 gcov_prefix = ".";
393 prefix_length = 1;
394 }
395 /* Allocate and initialize the filename scratch space plus one.
*/
396 gi_filename = (char *) alloca(prefix_length + gcov_max_filename
+ 2);
** CID 1431125: Control flow issues (DEADCODE)
/src/lib/gcov-glue.c: 126 in coverage_init()
*** CID 1431125: Control flow issues (DEADCODE)
/src/lib/gcov-glue.c: 126 in coverage_init()
120 static void coverage_init(void *unused)
121 {
122 extern long __CTOR_LIST__;
123 typedef void (*func_ptr)(void);
124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__;
125 if (ctor == NULL)
>>> CID 1431125: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
126 return;
127
128 for (; *ctor != (func_ptr) 0; ctor++)
129 (*ctor)();
130 }
131
** CID 1431124: Integer handling issues (BAD_SHIFT)
/src/security/intel/txt/common.c: 166 in validate_acm()
*** CID 1431124: Integer handling issues (BAD_SHIFT)
/src/security/intel/txt/common.c: 166 in validate_acm()
160 /*
161 * Causes #GP if acm_header->size > processor internal
authenticated
162 * code area capacity.
163 * SAFER MODE EXTENSIONS REFERENCE.
164 * Intel 64 and IA-32 Architectures Software Developer Manuals
Vol 2D
165 */
>>> CID 1431124: Integer handling issues (BAD_SHIFT)
>>> In expression "1UL << log2_ceil((acm_header->size & 0xffU) << 2)",
>>> shifting by a negative amount has undefined behavior. The shift amount,
>>> "log2_ceil((acm_header->size & 0xffU) << 2)", is -1.
166 const size_t acm_len = 1UL << log2_ceil((acm_header->size &
0xff) << 2);
167 if (max_size_acm_area < acm_len) {
168 printk(BIOS_ERR, "TEE-TXT: BIOS ACM doesn't fit into AC
execution region\n");
169 return ACM_E_NOT_FIT_INTO_CPU_ACM_MEM;
170 }
171
** CID 1431123: Control flow issues (DEADCODE)
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1353302:(OVERRUN)
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 74 in keyboard_raw_drive_column()
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 83 in keyboard_raw_drive_column()
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 71 in keyboard_raw_drive_column()
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 66 in keyboard_raw_drive_column()
*** CID 1353302:(OVERRUN)
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 74 in keyboard_raw_drive_column()
68
69 if (out == KEYBOARD_COLUMN_ALL) {
70 /* drive low (clear bit) */
71 bsrr |= gpio_list[j].mask << 16;
72 } else if (out == KEYBOARD_COLUMN_NONE) {
73 /* put output in hi-Z state (set bit) */
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
74 bsrr |= gpio_list[j].mask;
75 } else if (j - GPIO_KB_OUT00 == out) {
76 /*
77 * Drive specified output low, others => hi-Z.
78 *
79 * To avoid conflict, tri-state all outputs
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 83 in keyboard_raw_drive_column()
77 * Drive specified output low, others => hi-Z.
78 *
79 * To avoid conflict, tri-state all outputs
80 * first, then assert specified output.
81 */
82 keyboard_raw_drive_column(KEYBOARD_COLUMN_NONE);
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
83 bsrr |= gpio_list[j].mask << 16;
84 done = 1;
85 break;
86 }
87 }
88
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 71 in keyboard_raw_drive_column()
65 for (j = GPIO_KB_OUT00; j <= GPIO_KB_OUT12; j++) {
66 if (gpio_list[j].port != kb_out_ports[i])
67 continue;
68
69 if (out == KEYBOARD_COLUMN_ALL) {
70 /* drive low (clear bit) */
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
71 bsrr |= gpio_list[j].mask << 16;
72 } else if (out == KEYBOARD_COLUMN_NONE) {
73 /* put output in hi-Z state (set bit) */
74 bsrr |= gpio_list[j].mask;
75 } else if (j - GPIO_KB_OUT00 == out) {
76 /*
/3rdparty/chromeec/chip/stm32/keyboard_raw.c: 66 in keyboard_raw_drive_column()
60
61 for (i = 0; i < ARRAY_SIZE(kb_out_ports); i++) {
62 uint32_t bsrr = 0;
63 int j;
64
65 for (j = GPIO_KB_OUT00; j <= GPIO_KB_OUT12; j++) {
>>> CID 1353302:(OVERRUN)
>>> Overrunning array "gpio_list" of 41 16-byte elements at element index
>>> 47 (byte offset 767) using index "j" (which evaluates to 47).
66 if (gpio_list[j].port != kb_out_ports[i])
67 continue;
68
69 if (out == KEYBOARD_COLUMN_ALL) {
70 /* drive low (clear bit) */
71 bsrr |= gpio_list[j].mask << 16;
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DCx87_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3i7-2Brzy66X154aJQFHPDraN1igbcLeyWsQl3KGhN-2B6ha2KOiafddfCvwMOFvNr5Z2SKt3Bc1pC0yT743FAl1BpChbcNJ1A2Yel-2Buy0l4T2gnIUtzEr8DYbFROrl8dYz8p850Efxc25b5y6rxTem4UorTVvnazH7-2FY5XtXU88P9o8AJSLXyI1FsIWllidISWe0-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan. 1 new defect(s) introduced to coreboot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1430578: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /src/security/intel/stm/SmmStm.c: 359 in validate_resource() *** CID 1430578: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /src/security/intel/stm/SmmStm.c: 359 in validate_resource() 353 resource->mem.base, 354 resource->mem.length); 355 356 if (resource->header.length != sizeof(STM_RSC_MEM_DESC)) 357 return false; 358 >>> CID 1430578: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "resource->mem.rwx_attributes > 7" is always false regardless of the >>> values of its operands. This occurs as the logical operand of "if". 359 if (resource->mem.rwx_attributes > FULL_ACCS) 360 return false; 361 break; 362 363 case IO_RANGE: 364 case TRAPPED_IO_RANGE: To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DCA20_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1wYr-2BmoHWYdHEe48IJ1SOt6ZbTABbC1UF3aiOlNZkzF37ttABx9ioquCNI912h-2BinJ1dAzwdTU2TIu6OVlrRILcOx4JrT4c9Re7yCH9NdIF-2Bxf2XTmyEO4balArvRgnDdNLeTuMXhcWq4uulH5LluSFxofi-2BcLIMoN2LY3BvkoKRL1xptgwd-2F0Iqsln2kOw4c-3D ___ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1430549: Null pointer dereferences (NULL_RETURNS)
*** CID 1430549: Null pointer dereferences (NULL_RETURNS)
/src/drivers/amd/i2s_machine_dev/i2s_machine_dev.c: 34 in
i2s_machine_dev_fill_ssdt()
28
29 if (dmic_select_gpio->pin_count == 0) {
30 printk(BIOS_ERR, "%s: ERROR: DMIC select GPIO required\n",
dev_path(dev));
31 return;
32 }
33
>>> CID 1430549: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "scope" when calling
>>> "acpigen_write_scope".
34 acpigen_write_scope(scope); /* Scope */
35 acpigen_write_device(acpi_device_name(dev)); /* Device */
36 acpigen_write_name_string("_HID", cfg->hid);
37 acpigen_write_name_integer("_UID", cfg->uid);
38 acpigen_write_name_string("_DDN", AMD_I2S_ACPI_DESC);
39
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DaBqS_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2IoxrW79kt-2B9W3y0jkXjQilWV-2BkUmGssc2-2B4xXbLAUbbn-2BwWtdcZ0BkTM6EZ125DGTg8A-2BlD661aNISAcnspPN5jxQXvTKBwX7XlPbQnMV8NLcYecRVM8-2FQ0rhIFpZ0EGzzKjCFN1l7-2FzCWKIOlbhAL8LynWogqAB1S-2BSeW2TqVOBCljP0md-2Bfxb4ZFo8PaYE-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
105 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 105 defect(s)
** CID 1429780: Uninitialized variables (UNINIT)
*** CID 1429780: Uninitialized variables (UNINIT)
/src/mainboard/dell/optiplex_9010/sch5545_ec.c: 618 in sch5545_ec_hwm_init()
612
613 printk(BIOS_DEBUG, "%s\n", __func__);
614 sch5545_emi_init(0x2e);
615
616 chassis_type = get_chassis_type();
617
>>> CID 1429780: Uninitialized variables (UNINIT)
>>> Using uninitialized value "val" when calling "ec_read_write_reg".
618 ec_read_write_reg(EC_HWM_LDN, 0x0048, , READ_OP);
619 ec_read_write_reg(EC_HWM_LDN, 0x0048, , WRITE_OP);
620 ec_read_write_reg(EC_HWM_LDN, 0x0042, , READ_OP);
621 ec_read_write_reg(EC_HWM_LDN, 0x0048, , READ_OP);
622 val |= 0x02;
623 ec_read_write_reg(EC_HWM_LDN, 0x0048, , WRITE_OP);
** CID 1429772: Uninitialized variables (UNINIT)
*** CID 1429772: Uninitialized variables (UNINIT)
/src/mainboard/dell/optiplex_9010/sch5545_ec.c: 431 in
sch5545_get_ec_fw_version()
425 uint16_t sch5545_get_ec_fw_version(void)
426 {
427 uint8_t val;
428 uint16_t ec_fw_version;
429
430 /* Read the FW version currently loaded used by EC */
>>> CID 1429772: Uninitialized variables (UNINIT)
>>> Using uninitialized value "val" when calling "ec_read_write_reg".
431 ec_read_write_reg(EC_HWM_LDN, 0x2ad, , READ_OP);
432 ec_fw_version = (val << 8);
433 ec_read_write_reg(EC_HWM_LDN, 0x2ae, , READ_OP);
434 ec_fw_version |= val;
435 ec_read_write_reg(EC_HWM_LDN, 0x2ac, , READ_OP);
436 ec_read_write_reg(EC_HWM_LDN, 0x2fd, , READ_OP);
** CID 1429765: Uninitialized variables (UNINIT)
*** CID 1429765: Uninitialized variables (UNINIT)
/src/mainboard/dell/optiplex_9010/sch5545_ec.c: 512 in
sch5545_ec_hwm_early_init()
506 int i;
507
508 printk(BIOS_DEBUG, "%s\n", __func__);
509
510 ec_check_mbox_and_int_status(0x20, 0x01);
511
>>> CID 1429765: Uninitialized variables (UNINIT)
>>> Using uninitialized value "val" when calling "ec_read_write_reg".
512 ec_read_write_reg(2, 0xcb, , READ_OP);
513 ec_read_write_reg(2, 0xb8, , READ_OP);
514
515 for (i = 0; i < ARRAY_SIZE(ec_hwm_init_seq); i++) {
516 val = ec_hwm_init_seq[i].val;
517 ec_read_write_reg(EC_HWM_LDN, ec_hwm_init_seq[i].reg,
,
** CID 1428711:(OVERRUN)
*** CID 1428711:(OVERRUN)
/src/vendorcode/eltan/security/mboot/mboot.c: 431 in mb_crtm()
425 tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0;
426 tcgEventHdr.eventType = EV_S_CRTM_VERSION;
427 tcgEventHdr.eventSize = sizeof(crtm_version);
428 printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__,
429 tcgEventHdr.eventSize);
430
>>> CID 1428711:(OVERRUN)
>>> Overrunning callee's array of size 32 by passing argument
>>> "tcgEventHdr.eventSize" (which evaluates to 67) in call to
>>> "mboot_hash_extend_log".
431 status = mboot_hash_extend_log(0, (uint8_t *)crtm_version,
tcgEventHdr.eventSize,
432, (uint8_t
*)crtm_version);
433 if (status) {
434 printk(BIOS_DEBUG, "Measure CRTM Version returned
0x%x\n", status);
435 return status;
436 }
/src/mainboard/facebook/fbg1701/romstage.c: 78 in mb_crtm()
72 memset(, 0, sizeof(tcgEventHdr));
73 tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0;
74 tcgEventHdr.eventType = EV_S_CRTM_VERSION;
75 tcgEventHdr.eventSize = sizeof(crtm_version);
76 printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__,
tcgEventHdr.eventSize);
77
>>> CID 1428711:(OVERRUN)
>>> Overrunning callee's array of size 32 by passing argument
>>> "tcgEventHdr.eventSize" (which evaluates to 67) in call to
>>> "mboot_hash_extend_log".
78 status = mboot_hash_extend_log(0, (uint8_t *)crtm_version,
79 tcgEventHdr.eventSize, ,
80 (uint8_t
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
175 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1430454: Null pointer dereferences (NULL_RETURNS)
*** CID 1430454: Null pointer dereferences (NULL_RETURNS)
/src/drivers/usb/pci_xhci/pci_xhci.c: 193 in xhci_fill_ssdt()
187 static void xhci_fill_ssdt(const struct device *dev)
188 {
189 int gpe;
190
191 printk(BIOS_DEBUG, "xHCI SSDT generation\n");
192
>>> CID 1430454: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "acpi_device_scope(dev)"
>>> when calling "acpigen_write_scope".
193 acpigen_write_scope(acpi_device_scope(dev));
194 acpigen_write_device(acpi_device_name(dev));
195
196 acpigen_write_ADR_pci_device(dev);
197 acpigen_write_name_string("_DDN", "xHC - Extensible Host
Controller");
198 acpigen_write_STA(acpi_device_status(dev));
** CID 1430218: Integer handling issues (BAD_SHIFT)
/src/ec/google/chromeec/ec.c: 397 in google_chromeec_log_events()
*** CID 1430218: Integer handling issues (BAD_SHIFT)
/src/ec/google/chromeec/ec.c: 397 in google_chromeec_log_events()
391
392 if (!CONFIG(ELOG))
393 return;
394
395 events = google_chromeec_get_events_b() & mask;
396 for (i = 0; i < sizeof(events) * 8; i++) {
>>> CID 1430218: Integer handling issues (BAD_SHIFT)
>>> In expression "1ULL << i - 1", shifting by a negative amount has
>>> undefined behavior. The shift amount, "i - 1", is -1.
397 if (EC_HOST_EVENT_MASK(i) & events)
398 elog_add_event_byte(ELOG_TYPE_EC_EVENT, i);
399 }
400
401 google_chromeec_clear_events_b(events);
402 }
** CID 1429776: Memory - corruptions (OVERRUN)
*** CID 1429776: Memory - corruptions (OVERRUN)
/src/soc/amd/picasso/fsp_params.c: 94 in fsp_fill_pcie_ddi_descriptors()
88 const fsp_ddi_descriptor *fsp_ddi;
89 size_t num_pcie;
90 size_t num_ddi;
91
92 mainboard_get_pcie_ddi_descriptors(_pcie, _pcie,
93 _ddi, _ddi);
>>> CID 1429776: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "num_pcie"
>>> (which evaluates to 3) in call to "fill_pcie_descriptors".
94 fill_pcie_descriptors(scfg, fsp_pcie, num_pcie);
95 fill_ddi_descriptors(scfg, fsp_ddi, num_ddi);
96 }
97
98 static void fsp_usb_oem_customization(FSP_S_CONFIG *scfg,
99 const struct soc_amd_picasso_config *cfg)
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DMgW3_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2HH3KuEEhxkG0o01auD-2FXbgtzk3mrMiHwRyX4dvk3NdS4vR9-2BryIxq9WalvKpdkxc-2B1Q6ygi5ZM1EbpcOeYUec92G-2FIS28IFdFNJ3s-2FUs2K3RiMgHS91RXXYY5Y0hcHF9OijedvMSzgtKMjk2h73a5H54dX6IWobV-2BgaIhIHNJmyDONc8FI8m5n5OCRKC2yrc-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
106 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 106 defect(s)
** CID 1429780: Uninitialized variables (UNINIT)
*** CID 1429780: Uninitialized variables (UNINIT)
/src/mainboard/dell/optiplex_9010/sch5545_ec.c: 619 in sch5545_ec_hwm_init()
613
614 printk(BIOS_DEBUG, "%s\n", __func__);
615 sch5545_emi_init(0x2e);
616
617 chassis_type = get_chassis_type();
618
>>> CID 1429780: Uninitialized variables (UNINIT)
>>> Using uninitialized value "val" when calling "ec_read_write_reg".
619 ec_read_write_reg(EC_HWM_LDN, 0x0048, , READ_OP);
620 ec_read_write_reg(EC_HWM_LDN, 0x0048, , WRITE_OP);
621 ec_read_write_reg(EC_HWM_LDN, 0x0042, , READ_OP);
622 ec_read_write_reg(EC_HWM_LDN, 0x0048, , READ_OP);
623 val |= 0x02;
624 ec_read_write_reg(EC_HWM_LDN, 0x0048, , WRITE_OP);
** CID 1429772: Uninitialized variables (UNINIT)
*** CID 1429772: Uninitialized variables (UNINIT)
/src/mainboard/dell/optiplex_9010/sch5545_ec.c: 432 in
sch5545_get_ec_fw_version()
426 uint16_t sch5545_get_ec_fw_version(void)
427 {
428 uint8_t val;
429 uint16_t ec_fw_version;
430
431 /* Read the FW version currently loaded used by EC */
>>> CID 1429772: Uninitialized variables (UNINIT)
>>> Using uninitialized value "val" when calling "ec_read_write_reg".
432 ec_read_write_reg(EC_HWM_LDN, 0x2ad, , READ_OP);
433 ec_fw_version = (val << 8);
434 ec_read_write_reg(EC_HWM_LDN, 0x2ae, , READ_OP);
435 ec_fw_version |= val;
436 ec_read_write_reg(EC_HWM_LDN, 0x2ac, , READ_OP);
437 ec_read_write_reg(EC_HWM_LDN, 0x2fd, , READ_OP);
** CID 1429765: Uninitialized variables (UNINIT)
*** CID 1429765: Uninitialized variables (UNINIT)
/src/mainboard/dell/optiplex_9010/sch5545_ec.c: 513 in
sch5545_ec_hwm_early_init()
507 int i;
508
509 printk(BIOS_DEBUG, "%s\n", __func__);
510
511 ec_check_mbox_and_int_status(0x20, 0x01);
512
>>> CID 1429765: Uninitialized variables (UNINIT)
>>> Using uninitialized value "val" when calling "ec_read_write_reg".
513 ec_read_write_reg(2, 0xcb, , READ_OP);
514 ec_read_write_reg(2, 0xb8, , READ_OP);
515
516 for (i = 0; i < ARRAY_SIZE(ec_hwm_init_seq); i++) {
517 val = ec_hwm_init_seq[i].val;
518 ec_read_write_reg(EC_HWM_LDN, ec_hwm_init_seq[i].reg,
,
** CID 1428711:(OVERRUN)
*** CID 1428711:(OVERRUN)
/src/vendorcode/eltan/security/mboot/mboot.c: 431 in mb_crtm()
425 tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0;
426 tcgEventHdr.eventType = EV_S_CRTM_VERSION;
427 tcgEventHdr.eventSize = sizeof(crtm_version);
428 printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__,
429 tcgEventHdr.eventSize);
430
>>> CID 1428711:(OVERRUN)
>>> Overrunning callee's array of size 32 by passing argument
>>> "tcgEventHdr.eventSize" (which evaluates to 67) in call to
>>> "mboot_hash_extend_log".
431 status = mboot_hash_extend_log(0, (uint8_t *)crtm_version,
tcgEventHdr.eventSize,
432, (uint8_t
*)crtm_version);
433 if (status) {
434 printk(BIOS_DEBUG, "Measure CRTM Version returned
0x%x\n", status);
435 return status;
436 }
/src/mainboard/facebook/fbg1701/romstage.c: 78 in mb_crtm()
72 memset(, 0, sizeof(tcgEventHdr));
73 tcgEventHdr.pcrIndex = MBOOT_PCR_INDEX_0;
74 tcgEventHdr.eventType = EV_S_CRTM_VERSION;
75 tcgEventHdr.eventSize = sizeof(crtm_version);
76 printk(BIOS_DEBUG, "%s: EventSize - %u\n", __func__,
tcgEventHdr.eventSize);
77
>>> CID 1428711:(OVERRUN)
>>> Overrunning callee's array of size 32 by passing argument
>>> "tcgEventHdr.eventSize" (which evaluates to 67) in call to
>>> "mboot_hash_extend_log".
78 status = mboot_hash_extend_log(0, (uint8_t *)crtm_version,
79 tcgEventHdr.eventSize, ,
80 (uint8_t
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
175 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1430219: Security best practices violations (SECURE_TEMP)
/3rdparty/vboot/host/lib/flashrom.c: 50 in write_temp_file()
*** CID 1430219: Security best practices violations (SECURE_TEMP)
/3rdparty/vboot/host/lib/flashrom.c: 50 in write_temp_file()
44 vb2_error_t rv;
45 char *path;
46
47 *path_out = NULL;
48 path = strdup(P_tmpdir "/vb2_flashrom.XX");
49
>>> CID 1430219: Security best practices violations (SECURE_TEMP)
>>> Calling "mkstemp" without securely setting umask first.
50 fd = mkstemp(path);
51 if (fd < 0) {
52 rv = VB2_ERROR_WRITE_FILE_OPEN;
53 goto fail;
54 }
55
** CID 1430218: Integer handling issues (BAD_SHIFT)
/src/ec/google/chromeec/ec.c: 397 in google_chromeec_log_events()
*** CID 1430218: Integer handling issues (BAD_SHIFT)
/src/ec/google/chromeec/ec.c: 397 in google_chromeec_log_events()
391
392 if (!CONFIG(ELOG))
393 return;
394
395 events = google_chromeec_get_events_b() & mask;
396 for (i = 0; i < sizeof(events) * 8; i++) {
>>> CID 1430218: Integer handling issues (BAD_SHIFT)
>>> In expression "1ULL << i - 1", shifting by a negative amount has
>>> undefined behavior. The shift amount, "i - 1", is -1.
397 if (EC_HOST_EVENT_MASK(i) & events)
398 elog_add_event_byte(ELOG_TYPE_EC_EVENT, i);
399 }
400
401 google_chromeec_clear_events_b(events);
402 }
** CID 1429776: Memory - corruptions (OVERRUN)
*** CID 1429776: Memory - corruptions (OVERRUN)
/src/soc/amd/picasso/fsp_params.c: 94 in fsp_fill_pcie_ddi_descriptors()
88 const fsp_ddi_descriptor *fsp_ddi;
89 size_t num_pcie;
90 size_t num_ddi;
91
92 mainboard_get_pcie_ddi_descriptors(_pcie, _pcie,
93 _ddi, _ddi);
>>> CID 1429776: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "num_pcie"
>>> (which evaluates to 3) in call to "fill_pcie_descriptors".
94 fill_pcie_descriptors(scfg, fsp_pcie, num_pcie);
95 fill_ddi_descriptors(scfg, fsp_ddi, num_ddi);
96 }
97
98 static void fsp_usb_oem_customization(FSP_S_CONFIG *scfg,
99 const struct soc_amd_picasso_config *cfg)
** CID 1072951: Memory - illegal accesses (BUFFER_SIZE)
/tests/lib/string-test.c: 149 in test_strncpy()
*** CID 1072951: Memory - illegal accesses (BUFFER_SIZE)
/tests/lib/string-test.c: 149 in test_strncpy()
143 /* n1 case */
144
145 /* Needed for ensuring that characters behind the limit
146are not overwritten */
147 memset(dst, 'x', dst_len);
148
>>> CID 1072951: Memory - illegal accesses (BUFFER_SIZE)
>>> Calling "strncpy" with a source string whose length (5 chars) is
>>> greater than or equal to the size argument (2) will fail to null-terminate
>>> "dst".
149 strncpy(dst, src, n1);
150
151 assert_int_equal(0, memcmp(dst, src, n1));
152
153 for (i = n1; i < dst_len; i++)
154 assert_true(dst[i] == 'x');
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExSZiGT4AO9dqB-2BC868xZOCag75Y7p1UmqAHPbZ6SCvYLXjumWuqPoaDGx7Muigyow-3DbnBy_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0WDfkmmYrI9ssIkAK2tgNCNSInAlFua3me8xOb2Cujgut-2FJk8-2BeYBUo8OPUoDQ4RpvQpzfPPvyEhIlb4DvruWZkeuEkRH8B-2FsSbuUUTKuDuwv-2FU2s-2FF2reTuUfuAXjsNGBAlAJSuQgwUmc-2FWM1my5t68k2mSj0n-2F8St2RF9mqtzSw33LKzyo5GN2lNQupxxLs-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
6 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1429983: Control flow issues (DEADCODE)
/src/drivers/uart/acpi/acpi.c: 104 in uart_acpi_fill_ssdt()
*** CID 1429983: Control flow issues (DEADCODE)
/src/drivers/uart/acpi/acpi.c: 104 in uart_acpi_fill_ssdt()
98 reset_gpio_index >= 0 || enable_gpio_index >= 0) {
99 struct acpi_dp *dsd = acpi_dp_new_table("_DSD");
100 if (config->compat_string)
101 acpi_dp_add_string(dsd, "compatible",
102config->compat_string);
103 if (irq_gpio_index >= 0)
>>> CID 1429983: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "acpi_dp_add_gpio(dsd, "irq-...".
104 acpi_dp_add_gpio(dsd, "irq-gpios", path,
105 irq_gpio_index, 0,
106 config->irq_gpio.polarity);
107 if (reset_gpio_index >= 0)
108 acpi_dp_add_gpio(dsd, "reset-gpios", path,
109 reset_gpio_index, 0,
** CID 1429982: Null pointer dereferences (NULL_RETURNS)
*** CID 1429982: Null pointer dereferences (NULL_RETURNS)
/src/drivers/intel/pmc_mux/mux.c: 16 in mux_fill_ssdt()
10 {
11 return "MUX";
12 }
13
14 static void mux_fill_ssdt(const struct device *dev)
15 {
>>> CID 1429982: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "acpi_device_scope(dev)"
>>> when calling "acpigen_write_scope".
16 acpigen_write_scope(acpi_device_scope(dev));
17 acpigen_write_device(acpi_device_name(dev));
18
19 acpigen_write_name_string("_HID", TGL_PMC_MUX_HID);
20 acpigen_write_name_string("_DDN", dev->chip_ops->name);
21
** CID 1429981: Null pointer dereferences (NULL_RETURNS)
*** CID 1429981: Null pointer dereferences (NULL_RETURNS)
/src/soc/intel/tigerlake/pmc.c: 104 in soc_pmc_fill_ssdt()
98 res->limit = res->base + res->size - 1;
99 res->flags = IORESOURCE_IO | IORESOURCE_ASSIGNED | IORESOURCE_FIXED;
100 }
101
102 static void soc_pmc_fill_ssdt(const struct device *dev)
103 {
>>> CID 1429981: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "acpi_device_scope(dev)"
>>> when calling "acpigen_write_scope".
104 acpigen_write_scope(acpi_device_scope(dev));
105 acpigen_write_device(acpi_device_name(dev));
106
107 acpigen_write_name_string("_HID", PMC_HID);
108 acpigen_write_name_string("_DDN", "Intel(R) Tiger Lake IPC
Controller");
109
** CID 1429980: Null pointer dereferences (NULL_RETURNS)
*** CID 1429980: Null pointer dereferences (NULL_RETURNS)
/src/soc/amd/picasso/root_complex.c: 138 in root_complex_fill_ssdt()
132
133 /* Used by \_SB.PCI0._CRS */
134 static void root_complex_fill_ssdt(const struct device *device)
135 {
136 msr_t msr;
137
>>> CID 1429980: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL"
>>> "acpi_device_scope(device)" when calling "acpigen_write_scope".
138 acpigen_write_scope(acpi_device_scope(device));
139
140 msr = rdmsr(TOP_MEM);
141 acpigen_write_name_dword("TOM1", msr.lo);
142 msr = rdmsr(TOP_MEM2);
143 /*
** CID 1429979: Null pointer dereferences (NULL_RETURNS)
*** CID 1429979: Null pointer dereferences (NULL_RETURNS)
/src/drivers/intel/pmc_mux/con/con.c: 37 in con_fill_ssdt()
31 struct acpi_dp *dsd;
32
33 if (!dev->enabled)
34 return;
35
36 /* Reference the existing scope and write CONx device */
>>> CID 1429979: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "NULL" "acpi_device_scope(dev)"
>>> when calling "acpigen_write_scope".
37 acpigen_write_scope(acpi_device_scope(dev));
38 acpigen_write_device(acpi_device_name(dev));
39
40 acpigen_write_name_integer("_ADR", dev->path.generic.id);
41
42 /*
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1429974: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/amd/picasso/bootblock/bootblock.c: 93 in write_resume_eip()
*** CID 1429974: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/src/soc/amd/picasso/bootblock/bootblock.c: 93 in write_resume_eip()
87 enable_cache();
88 }
89
90 static void write_resume_eip(void)
91 {
92 msr_t s3_resume_entry = {
>>> CID 1429974: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(uint64_t)(uintptr_t)bootblock_resume_entry >> 32" is 0 regardless of
>>> the values of its operands. This occurs as an initializer.
93 .hi = (uint64_t)(uintptr_t)bootblock_resume_entry >> 32,
94 .lo = (uintptr_t)bootblock_resume_entry & 0x,
95 };
96
97 /*
98 * Writing to the EIP register can only be done once, otherwise a fault
is triggered.
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExSZiGT4AO9dqB-2BC868xZOCag75Y7p1UmqAHPbZ6SCvYLXjumWuqPoaDGx7Muigyow-3DfPu4_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2hEP-2BGocTfkACbJpwoIIMzGb8ENa9zB9bPgidvPbxvaVvFJdRL3OA4QtAZNCGgpbyKN4u2-2FCGYrhn-2B9OgOr-2BgvLepQzpSH4O9E4-2Fbv5b8-2FQXgzJxJy-2B8W4R6OUkmliCwzdQQ5IZo5koyDjchMUbBPk09CZWXpUNH-2F-2Bodnn1MUzCA-3D-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
12 new defect(s) introduced to coreboot found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1404005: Integer handling issues (SIGN_EXTENSION)
/3rdparty/opensbi/lib/sbi/sbi_fifo.c: 79 in __sbi_fifo_reset()
*** CID 1404005: Integer handling issues (SIGN_EXTENSION)
/3rdparty/opensbi/lib/sbi/sbi_fifo.c: 79 in __sbi_fifo_reset()
73
74 /* Note: must be called with fifo->qlock held */
75 static inline void __sbi_fifo_reset(struct sbi_fifo *fifo)
76 {
77 fifo->avail = 0;
78 fifo->tail = 0;
>>> CID 1404005: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "fifo->entry_size" with type "u16"
>>> (16 bits, unsigned) is promoted in "fifo->num_entries * fifo->entry_size"
>>> to type "int" (32 bits, signed), then sign-extended to type "unsigned long"
>>> (64 bits, unsigned). If "fifo->num_entries * fifo->entry_size" is greater
>>> than 0x7FFF, the upper bits of the result will all be 1.
79 sbi_memset(fifo->queue, 0, fifo->num_entries * fifo->entry_size);
80 }
81
82 bool sbi_fifo_reset(struct sbi_fifo *fifo)
83 {
84 if (!fifo)
** CID 1404004: Control flow issues (NO_EFFECT)
/3rdparty/opensbi/lib/utils/irqchip/plic.c: 57 in plic_fdt_fixup()
*** CID 1404004: Control flow issues (NO_EFFECT)
/3rdparty/opensbi/lib/utils/irqchip/plic.c: 57 in plic_fdt_fixup()
51 {
52 u32 *cells;
53 int i, cells_count;
54 u32 plic_off;
55
56 plic_off = fdt_node_offset_by_compatible(fdt, 0, compat);
>>> CID 1404004: Control flow issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true.
>>> "plic_off < 0U".
57 if (plic_off < 0)
58 return;
59
60 cells = (u32 *)fdt_getprop(fdt, plic_off,
61 "interrupts-extended", _count);
62 if (!cells)
** CID 1404003: Memory - corruptions (ARRAY_VS_SINGLETON)
*** CID 1404003: Memory - corruptions (ARRAY_VS_SINGLETON)
/3rdparty/opensbi/lib/sbi/riscv_atomic.c: 221 in atomic_clear_bit()
215 {
216 return atomic_raw_set_bit(nr, (unsigned long *)>counter);
217 }
218
219 inline int atomic_clear_bit(int nr, atomic_t *atom)
220 {
>>> CID 1404003: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "(unsigned long *)>counter" to function
>>> "atomic_raw_clear_bit" which uses it as an array. This might corrupt or
>>> misinterpret adjacent memory locations.
221 return atomic_raw_clear_bit(nr, (unsigned long
*)>counter);
** CID 1404002: Integer handling issues (SIGN_EXTENSION)
/3rdparty/opensbi/lib/sbi/sbi_fifo.c: 79 in __sbi_fifo_reset()
*** CID 1404002: Integer handling issues (SIGN_EXTENSION)
/3rdparty/opensbi/lib/sbi/sbi_fifo.c: 79 in __sbi_fifo_reset()
73
74 /* Note: must be called with fifo->qlock held */
75 static inline void __sbi_fifo_reset(struct sbi_fifo *fifo)
76 {
77 fifo->avail = 0;
78 fifo->tail = 0;
>>> CID 1404002: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "fifo->num_entries" with type "u16"
>>> (16 bits, unsigned) is promoted in "fifo->num_entries * fifo->entry_size"
>>> to type "int" (32 bits, signed), then sign-extended to type "unsigned long"
>>> (64 bits, unsigned). If "fifo->num_entries * fifo->entry_size" is greater
>>> than 0x7FFF, the upper bits of the result will all be 1.
79 sbi_memset(fifo->queue, 0, fifo->num_entries * fifo->entry_size);
80 }
81
82 bool sbi_fifo_reset(struct sbi_fifo *fifo)
83 {
84 if (!fifo)
** CID 1404001: Memory - corruptions (ARRAY_VS_SINGLETON)
*** CID 1404001: Memory - corruptions (ARRAY_VS_SINGLETON)
/3rdparty/opensbi/lib/sbi/riscv_atomic.c: 216 in atomic_set_bit()
210 {
211 return __atomic_op_bit(and, __NOT, nr, addr);
212 }
213
214 inline int atomic_set_bit(int nr, atomic_t *atom)
215 {
>>> CID 1404001: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "(unsigned long *)>counter" to function
>>> "atomic_raw_set_bit" which uses it as an array. This might corrupt or
>>> misinterpret adjacent memory
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
106 new defect(s) introduced to coreboot found with Coverity Scan.
77 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 106 defect(s)
** CID 1402138:(OVERRUN)
*** CID 1402138:(OVERRUN)
/src/vendorcode/amd/cimx/sb900/Sata.c: 601 in sataInitAfterPciEnum()
595
596 sataBar5setting (pConfig, );
597
598 ReadPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,
);
599 RWPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,
0xFF, 0x03); //memory and io access enable
600 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
>>> CID 1402138:(OVERRUN)
>>> Overrunning buffer pointed to by "" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
601 getEfuseStatus ();
602
603 if ( !cimSataPortMultCap ) {
604 ddAndMask |= BIT12;
605 }
606 if ( cimSataAggrLinkPmCap ) {
/src/vendorcode/amd/cimx/sb800/SATA.c: 407 in sataInitAfterPciEnum()
401
402 sataBar5setting (pConfig, );
403
404 ReadPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,
);
405 RWPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04),
AccWidthUint8,0xFF, 0x03); //memory and io access enable
406 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
>>> CID 1402138:(OVERRUN)
>>> Overrunning buffer pointed to by "" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
407 getEfuseStatus ();
408
409 if ( !cimSataPortMultCap ) {
410 ddAndMask |= BIT12;
411 }
412 if ( cimSataAggrLinkPmCap ) {
** CID 1402137: Memory - corruptions (OVERRUN)
*** CID 1402137: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbPeLib.c: 345 in getEfuseByte()
339 UINT8
340 getEfuseByte (
341 IN UINT8 Index
342 )
343 {
344 UINT8 Data;
>>> CID 1402137: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
345 WriteMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8,
);
346 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8 + 1,
AccWidthUint8, );
347 return Data;
348 }
349
350
** CID 1402136:(ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
428 in PcieMapTopologyOnWrapper()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
*** CID 1402136:(ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
408 Status = AGESA_ERROR;
409 AGESA_STATUS_UPDATE (Status, AgesaStatus);
410 } else {
411 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap;
412 }
413 }
>>> CID 1402136:(ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
414 EngineList = PcieLibGetNextDescriptor (EngineList);
415 }
416 IDS_HDT_CONSOLE (GNB_TRACE, "PcieMapTopologyOnWrapper Exit [%d]\n",
AgesaStatus);
417 return AgesaStatus;
418 }
419
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
428 in PcieMapTopologyOnWrapper()
422 Status = AGESA_ERROR;
423 AGESA_STATUS_UPDATE (Status, AgesaStatus);
424 } else {
425 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap;
426 }
427 }
>>> CID 1402136:(ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
428 EngineList = PcieLibGetNextDescriptor (EngineList);
429 }
430 return AgesaStatus;
431 }
432
433
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
408 Status = AGESA_ERROR;
409 AGESA_STATUS_UPDATE (Status, AgesaStatus);
410 } else {
411 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap;
412 }
413 }
>>> CID 1402136:(ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>>
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
49 new defect(s) introduced to coreboot found with Coverity Scan.
124 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 49 defect(s)
** CID 1403651: Control flow issues (DEADCODE)
/src/mainboard/purism/librem_skl/hda_verb.c: 51 in mb_hda_codec_init()
*** CID 1403651: Control flow issues (DEADCODE)
/src/mainboard/purism/librem_skl/hda_verb.c: 51 in mb_hda_codec_init()
45 struct resource *res;
46 u32 codec_mask;
47 struct device *dev;
48
49 dev = SA_DEV_ROOT;
50 /* Check if HDA is enabled, else return */
>>> CID 1403651: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "dev->chip_info == NULL" inside
>>> this statement: "if (dev == NULL || dev->chi...".
51 if (dev == NULL || dev->chip_info == NULL)
52 return;
53
54 config = dev->chip_info;
55
56 /*
** CID 1403002:(UNINIT)
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 548 in
dramc_find_gating_window()
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 542 in
dramc_find_gating_window()
*** CID 1403002:(UNINIT)
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 548 in
dramc_find_gating_window()
542 pass_count_1[dqs]++;
543
544 if (pass_begin[dqs] == 1 &&
545 pass_count_1[dqs] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END)
546 dqs_high[dqs] = 0;
547
>>> CID 1403002:(UNINIT)
>>> Using uninitialized value "pass_count_1[0]".
548 if (pass_count_1[0] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END &&
549 pass_count_1[1] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END) {
550 dramc_dbg("All bytes gating window > 1
coarse_tune,"
551 " Early break\n");
552 *dly_fine_xt = DQS_GW_FINE_END;
553 *coarse_tune = GATING_END;
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 542 in
dramc_find_gating_window()
536 dramc_dbg("[Byte %d]First pass (%d, %d, %d)\n",
537 dqs, dly_coarse_large,
538 dly_coarse_0p5t, *dly_fine_xt);
539 }
540
541 if (pass_begin[dqs] == 1)
>>> CID 1403002:(UNINIT)
>>> Using uninitialized value "pass_count_1[dqs]".
542 pass_count_1[dqs]++;
543
544 if (pass_begin[dqs] == 1 &&
545 pass_count_1[dqs] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END)
546 dqs_high[dqs] = 0;
547
** CID 1403001: Null pointer dereferences (FORWARD_NULL)
*** CID 1403001: Null pointer dereferences (FORWARD_NULL)
/src/soc/mediatek/mt8183/gpio.c: 184 in gpio_set_spi_driving()
178 case 5:
179 reg = (void *)(IOCFG_LM_BASE + GPIO_DRV0_OFFSET);
180 offset = 8;
181 break;
182 }
183
>>> CID 1403001: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "reg" to "read32", which dereferences it.
184 clrsetbits_le32(reg, 0xf << offset, reg_val << offset);
** CID 1401793: Insecure data handling (INTEGER_OVERFLOW)
/3rdparty/vboot/futility/updater.c: 240 in host_get_platform_version()
*** CID 1401793: Insecure data handling (INTEGER_OVERFLOW)
/3rdparty/vboot/futility/updater.c: 240 in host_get_platform_version()
234 /* Result should be 'revN' */
235 if (strncmp(result, STR_REV, strlen(STR_REV)) == 0)
236 rev = strtol(result + strlen(STR_REV), NULL, 0);
237 DEBUG("Raw data = [%s], parsed version is %d", result, rev);
238
239 free(result);
>>> CID 1401793: Insecure data handling (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed
>>> or truncated value) "rev" used as return value.
240 return rev;
241 }
242
243 /*
244 * A helper function to invoke flashrom(8) command.
245 * Returns 0 if success, non-zero if error.
** CID 1401086: Null pointer dereferences (FORWARD_NULL)
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
123 new defect(s) introduced to coreboot found with Coverity Scan.
71 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 123 defect(s)
** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in
PcieTopologySelectMasterPllKB()
*** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in
PcieTopologySelectMasterPllKB()
410 MasterLane = (EngineMasterLane < MasterLane) ? EngineMasterLane
: MasterLane;
411 if (PcieConfigIsSbPcieEngine (EngineList)) {
412 break;
413 }
414 }
415 }
>>> CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
416 EngineList = PcieLibGetNextDescriptor (EngineList);
417 }
418
419 if (MasterLane == 0x) {
420 if (MasterHotplugLane != 0x) {
421 MasterLane = MasterHotplugLane;
** CID 1402118:(OVERRUN)
*** CID 1402118:(OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 1219 in validateImcFirmware()
1213 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, );
1214 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, );
1215 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, );
1216 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) &&
(ImcBinSig2 == 0x435F) ) {
1217 dbIMCChecksume = 0;
1218 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x1; CurAddr++
) {
>>> CID 1402118:(OVERRUN)
>>> Overrunning buffer pointed to by "" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
1219 ReadMEM (CurAddr, AccWidthUint8, );
1220 dbIMCChecksume = dbIMCChecksume + dbIMC;
1221 }
1222 }
1223 }
1224 if ( dbIMCChecksume ) {
/src/vendorcode/amd/cimx/sb800/SBCMN.c: 953 in validateImcFirmware()
947 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, );
948 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, );
949 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, );
950 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) &&
(ImcBinSig2 == 0x435F) ) {
951 dbIMCChecksume = 0;
952 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x1; CurAddr++ )
{
>>> CID 1402118:(OVERRUN)
>>> Overrunning buffer pointed to by "" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
953 ReadMEM (CurAddr, AccWidthUint8, );
954 dbIMCChecksume = dbIMCChecksume + dbIMC;
955 }
956 }
957 }
958 if ( dbIMCChecksume ) {
** CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/PCIe/Family/LN/F12PcieWrapperServices.c:
434 in PcieLnConfigureDdiEnginesLaneAllocation()
*** CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/PCIe/Family/LN/F12PcieWrapperServices.c:
434 in PcieLnConfigureDdiEnginesLaneAllocation()
428 }
429 LaneIndex = 0;
430 while (EnginesList != NULL) {
431 PcieConfigResetDescriptorFlags (EnginesList, DESCRIPTOR_ALLOCATED);
432 EnginesList->EngineData.StartLane = DdiLaneConfigurationTable
[ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
433 EnginesList->EngineData.EndLane = DdiLaneConfigurationTable
[ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
>>> CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EnginesList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
434 EnginesList = PcieLibGetNextDescriptor (EnginesList);
435 }
436 return AGESA_SUCCESS;
437 }
438
439
/**/
** CID 1402116:(ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
169 in PcieMapTopologyOnComplex()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
169 in PcieMapTopologyOnComplex()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
182 in PcieMapTopologyOnComplex()
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
52 new defect(s) introduced to coreboot found with Coverity Scan.
146 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 52 defect(s)
** CID 1403002:(UNINIT)
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 548 in
dramc_find_gating_window()
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 542 in
dramc_find_gating_window()
*** CID 1403002:(UNINIT)
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 548 in
dramc_find_gating_window()
542 pass_count_1[dqs]++;
543
544 if (pass_begin[dqs] == 1 &&
545 pass_count_1[dqs] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END)
546 dqs_high[dqs] = 0;
547
>>> CID 1403002:(UNINIT)
>>> Using uninitialized value "pass_count_1[0]".
548 if (pass_count_1[0] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END &&
549 pass_count_1[1] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END) {
550 dramc_dbg("All bytes gating window > 1
coarse_tune,"
551 " Early break\n");
552 *dly_fine_xt = DQS_GW_FINE_END;
553 *coarse_tune = GATING_END;
/src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 542 in
dramc_find_gating_window()
536 dramc_dbg("[Byte %d]First pass (%d, %d, %d)\n",
537 dqs, dly_coarse_large,
538 dly_coarse_0p5t, *dly_fine_xt);
539 }
540
541 if (pass_begin[dqs] == 1)
>>> CID 1403002:(UNINIT)
>>> Using uninitialized value "pass_count_1[dqs]".
542 pass_count_1[dqs]++;
543
544 if (pass_begin[dqs] == 1 &&
545 pass_count_1[dqs] * DQS_GW_FINE_STEP >
DQS_GW_FINE_END)
546 dqs_high[dqs] = 0;
547
** CID 1403001: Null pointer dereferences (FORWARD_NULL)
*** CID 1403001: Null pointer dereferences (FORWARD_NULL)
/src/soc/mediatek/mt8183/gpio.c: 184 in gpio_set_spi_driving()
178 case 5:
179 reg = (void *)(IOCFG_LM_BASE + GPIO_DRV0_OFFSET);
180 offset = 8;
181 break;
182 }
183
>>> CID 1403001: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "reg" to "read32", which dereferences it.
184 clrsetbits_le32(reg, 0xf << offset, reg_val << offset);
** CID 1403000: Null pointer dereferences (NULL_RETURNS)
/src/mainboard/amd/serengeti_cheetah_fam10/get_bus_conf.c: 40 in get_hcid()
*** CID 1403000: Null pointer dereferences (NULL_RETURNS)
/src/mainboard/amd/serengeti_cheetah_fam10/get_bus_conf.c: 40 in get_hcid()
34 u32 busn = (sysconf.pci1234[i] >> 12) & 0xff;
35 u32 devn = sysconf.hcdn[i] & 0xff;
36 struct device *dev;
37
38 dev = dev_find_slot(busn, PCI_DEVFN(devn,0));
39
>>> CID 1403000: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "dev".
40 switch (dev->device) {
41 case 0x7458: /* 8132 */
42 id = 1;
43 break;
44 case 0x7454: /* 8151 */
45 id = 2;
** CID 1402999: Memory - illegal accesses (OVERRUN)
/src/console/vtxprintf.c: 110 in number()
*** CID 1402999: Memory - illegal accesses (OVERRUN)
/src/console/vtxprintf.c: 110 in number()
104 }
105 if (type & SPECIAL) {
106 if (base == 8)
107 call_tx('0'), count++;
108 else if (base == 16) {
109 call_tx('0'), count++;
>>> CID 1402999: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 17 bytes at byte offset 33 by dereferencing
>>> pointer "digits + 33".
110 call_tx(digits[33]), count++;
111 }
112 }
113 if (!(type & LEFT)) {
114 while (size-- > 0)
115 call_tx(c), count++;
** CID 1402998: Control flow issues (DEADCODE)
/src/lib/fit_payload.c: 231 in fit_payload()
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
356 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1401935: Error handling issues (CHECKED_RETURN)
/3rdparty/vboot/futility/updater.c: 1785 in save_from_stdin()
*** CID 1401935: Error handling issues (CHECKED_RETURN)
/3rdparty/vboot/futility/updater.c: 1785 in save_from_stdin()
1779assert(in);
1780if (!out)
1781return -1;
1782
1783while (!feof(in)) {
1784sz = fread(buffer, 1, sizeof(buffer), in);
>>> CID 1401935: Error handling issues (CHECKED_RETURN)
>>> Calling "fwrite" without checking return value (as is done elsewhere 23
>>> out of 28 times).
1785fwrite(buffer, 1, sz, out);
1786}
1787fclose(out);
1788return 0;
1789 }
1790
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvaU4HClancRgJSp1vcdHRWU-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5bbrs-2BX6ZS8Qa21NneyN4LIzx13VEWZ80L2Ouuf1gIjjG2NLWLHI8Xlm-2BHoz1LIkoopp-2FIQgdCPB7DWOzcqgz7mwEcf3JSe86im3z7TkwS0AOkQcvwcVXm9dNGz1oZTCf6t2Ze03mywDH-2FeNhYtM5bOM-2BUp9l9gpcsTrftLA-2FTAFj9M3Ho0D-2FFROeA86C8OlF8-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
34 new defect(s) introduced to coreboot found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 34 defect(s)
** CID 1401794: Control flow issues (MISSING_BREAK)
/3rdparty/vboot/firmware/lib/vboot_ui.c: 266 in vb2_enter_vendor_data_ui()
*** CID 1401794: Control flow issues (MISSING_BREAK)
/3rdparty/vboot/firmware/lib/vboot_ui.c: 266 in vb2_enter_vendor_data_ui()
260 case VB_KEY_ESC:
261 /* Escape pressed - return to developer screen
*/
262 VB2_DEBUG("Vendor Data UI - user pressed Esc: "
263 "exit to Developer screen\n");
264 data_value[0] = '\0';
265 return VBERROR_SUCCESS;
>>> CID 1401794: Control flow issues (MISSING_BREAK)
>>> The case for value "122U" is not terminated by a 'break' statement.
266 case 'a'...'z':
267 key = toupper(key);
268 case '0'...'9':
269 case 'A'...'Z':
270 if ((len > 0 && is_vowel(key)) ||
271 len >= VENDOR_DATA_LENGTH) {
** CID 1401793: Insecure data handling (INTEGER_OVERFLOW)
/3rdparty/vboot/futility/updater.c: 240 in host_get_platform_version()
*** CID 1401793: Insecure data handling (INTEGER_OVERFLOW)
/3rdparty/vboot/futility/updater.c: 240 in host_get_platform_version()
234 /* Result should be 'revN' */
235 if (strncmp(result, STR_REV, strlen(STR_REV)) == 0)
236 rev = strtol(result + strlen(STR_REV), NULL, 0);
237 DEBUG("Raw data = [%s], parsed version is %d", result, rev);
238
239 free(result);
>>> CID 1401793: Insecure data handling (INTEGER_OVERFLOW)
>>> Overflowed or truncated value (or a value computed from an overflowed
>>> or truncated value) "rev" used as return value.
240 return rev;
241 }
242
243 /*
244 * A helper function to invoke flashrom(8) command.
245 * Returns 0 if success, non-zero if error.
** CID 1401792: Error handling issues (CHECKED_RETURN)
/3rdparty/vboot/futility/updater.c: 99 in updater_create_temp_file()
*** CID 1401792: Error handling issues (CHECKED_RETURN)
/3rdparty/vboot/futility/updater.c: 99 in updater_create_temp_file()
93 }
94 close(fd);
95 new_temp = (struct tempfile *)malloc(sizeof(*new_temp));
96 if (new_temp)
97 new_temp->filepath = strdup(new_path);
98 if (!new_temp || !new_temp->filepath) {
>>> CID 1401792: Error handling issues (CHECKED_RETURN)
>>> Calling "remove(new_path)" without checking return value. This library
>>> function may fail and return an error code.
99 remove(new_path);
100 free(new_temp);
101 ERROR("Failed to allocate buffer for new temp file.");
102 return NULL;
103 }
104 DEBUG("Created new temporary file: %s.", new_path);
** CID 1401791: Security best practices violations (SECURE_TEMP)
/3rdparty/vboot/futility/updater.c: 89 in updater_create_temp_file()
*** CID 1401791: Security best practices violations (SECURE_TEMP)
/3rdparty/vboot/futility/updater.c: 89 in updater_create_temp_file()
83 const char *updater_create_temp_file(struct updater_config *cfg)
84 {
85 struct tempfile *new_temp;
86 char new_path[] = P_tmpdir "/fwupdater.XX";
87 int fd;
88
>>> CID 1401791: Security best practices violations (SECURE_TEMP)
>>> Calling "mkstemp" without securely setting umask first.
89 fd = mkstemp(new_path);
90 if (fd < 0) {
91 ERROR("Failed to create new temp file in %s", new_path);
92 return NULL;
93 }
94 close(fd);
** CID 1401790:(RESOURCE_LEAK)
/3rdparty/vboot/futility/cmd_update.c: 137 in do_update()
/3rdparty/vboot/futility/cmd_update.c: 178 in do_update()
*** CID 1401790:(RESOURCE_LEAK)
/3rdparty/vboot/futility/cmd_update.c: 137 in do_update()
131
132 opterr = 0;
133 while ((i = getopt_long(argc, argv, short_opts, long_opts,
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
25 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1401717: Null pointer dereferences (FORWARD_NULL)
*** CID 1401717: Null pointer dereferences (FORWARD_NULL)
/src/drivers/intel/fsp1_1/car.c: 175 in mainboard_romstage_entry()
169 } else {
170 /* This leaks a mapping which this code assumes is
benign as
171 * the flash is memory mapped CPU's address space. */
172 fih =
find_fsp((uintptr_t)rdev_mmap_full(prog_rdev()));
173 }
174
>>> CID 1401717: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "fih" to "cache_as_ram_stage_main", which
>>> dereferences it.
175 cache_as_ram_stage_main(fih);
176 }
177
178 void __weak car_mainboard_pre_console_init(void)
179 {
180 }
** CID 1401394: Null pointer dereferences (NULL_RETURNS)
/src/soc/intel/broadwell/romstage/raminit.c: 125 in raminit()
*** CID 1401394: Null pointer dereferences (NULL_RETURNS)
/src/soc/intel/broadwell/romstage/raminit.c: 125 in raminit()
119 mrc_cache_stash_data(MRC_TRAINING_DATA, 0,
120 pei_data->data_to_save,
121 pei_data->data_to_save_size);
122
123 printk(BIOS_DEBUG, "create cbmem for dimm information\n");
124 mem_info = cbmem_add(CBMEM_ID_MEMINFO, sizeof(struct
memory_info));
>>> CID 1401394: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "mem_info" when calling
>>> "memset". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
125 memset(mem_info, 0, sizeof(*mem_info));
126 /* Translate pei_memory_info struct data into memory_info
struct */
127 mem_info->dimm_cnt = pei_data->meminfo.dimm_cnt;
128 for (int i = 0; i < MIN(DIMM_INFO_TOTAL, PEI_DIMM_INFO_TOTAL);
i++) {
129 struct dimm_info *dimm = _info->dimm[i];
130 const struct pei_dimm_info *pei_dimm =
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvaU4HClancRgJSp1vcdHRWU-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5YzNhHsc7Zip24AhFqKZYP6GhKmYyWAC-2F-2Bkk8yCWO-2BeCdOU74sNbSxtHA8vtpUUY9IXHPblCY1ldVt0spNebxaYjsbtWpvLVw5u7wmpNBj6sqIe2xk8NYI7Kd1me6hokLv0-2FVDe8YyBnAvGjmijZUcztUusSFo58Tb0SgWGFoHb88JdKDU5cItGppgdDPoFLzY-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
[coreboot] New Defects reported by Coverity Scan for coreboot
Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1399151: Integer handling issues (DIVIDE_BY_ZERO)
*** CID 1399151: Integer handling issues (DIVIDE_BY_ZERO)
/src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 145 in
init_octeon_dram_interface()
139
140 restart_lmc_init:
141
142 /* Poke the watchdog timer so it doesn't expire during DRAM init */
143 bdk_watchdog_poke();
144
>>> CID 1399151: Integer handling issues (DIVIDE_BY_ZERO)
>>> In function call "init_octeon3_ddr3_interface", division by expression
>>> "ddr_hertz" which may be zero has undefined behavior.
145 mem_size_mbytes = init_octeon3_ddr3_interface(node,
146 ddr_configuration,
147 ddr_hertz,
148 cpu_hertz,
149 ddr_ref_hertz,
150 board_type,
** CID 1395725: Control flow issues (DEADCODE)
/src/mainboard/intel/coffeelake_rvp/romstage.c: 23 in
mainboard_memory_init_params()
*** CID 1395725: Control flow issues (DEADCODE)
/src/mainboard/intel/coffeelake_rvp/romstage.c: 23 in
mainboard_memory_init_params()
17 #include
18 #include
19 #include
20
21 void mainboard_memory_init_params(FSPM_UPD *memupd)
22 {
>>> CID 1395725: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "spd.spd_smbus_address[spd@d...".
23 const struct spd_info spd = {
24 .spd_smbus_address[0] = 0xA0,
25 .spd_smbus_address[1] = 0xA2,
26 .spd_smbus_address[2] = 0xA4,
27 .spd_smbus_address[3] = 0xA6,
28 };
29
30 cannonlake_memcfg_init(>FspmConfig,
31 variant_memcfg_config(), );
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvaU4HClancRgJSp1vcdHRWU-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5Y7dkusFz04DFhJcyfznGrUxGIshFqhN1mQEwJtLOYgUjTvQfywYrN4kSeWVciJB6HFgAyNWHv4a1bcrekh52p7WGxDu0PtuV0jh-2Fypv-2FCDvE0sFhcFqhWi6cV7ahQvTMGsufCU9ON14YewdsUZc2SJ2BoFOEaKw-2BRc-2FsHNzeWAAUh6r1iC7AHtglmn4GiTurQ-3D
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
