Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1385420: Null pointer dereferences (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/region-init.c: 45 in VbGbbReadHWID()
________________________________________________________________________________________________________
*** CID 1385420: Null pointer dereferences (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/region-init.c: 45 in VbGbbReadHWID()
39 struct vb2_shared_data *sd = vb2_get_sd(ctx);
40
41 if (!max_size)
42 return VBERROR_INVALID_PARAMETER;
43 *hwid = '\0';
44 StrnAppend(hwid, "{INVALID}", max_size);
>>> CID 1385420: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "ctx" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
45 if (!ctx)
46 return VBERROR_INVALID_GBB;
47
48 if (0 == sd->gbb->hwid_size) {
49 VB2_DEBUG("VbHWID(): invalid hwid size\n");
50 return VBERROR_SUCCESS; /* oddly enough! */
** CID 1385419: Memory - corruptions (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1265 in
cru_register_save()
________________________________________________________________________________________________________
*** CID 1385419: Memory - corruptions (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1265 in
cru_register_save()
1259
1260 void cru_register_save(void)
1261 {
1262 int i;
1263
1264 for (i = 0; i <= CRU_SDIO0_CON1; i = i + 4)
>>> CID 1385419: Memory - corruptions (OVERRUN)
>>> Overrunning array "store_cru" of 355 4-byte elements at element index
>>> 355 (byte offset 1420) using index "i / 4" (which evaluates to 355).
1265 store_cru[i / 4] = mmio_read_32(CRU_BASE + i);
1266 }
1267
1268 void cru_register_restore(void)
1269 {
1270 int i;
** CID 1385418: Memory - illegal accesses (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1296 in
cru_register_restore()
________________________________________________________________________________________________________
*** CID 1385418: Memory - illegal accesses (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1296 in
cru_register_restore()
1290 * CRU_GLB_CNT_TH and CRU_CLKSEL_CON97~CRU_CLKSEL_CON107
1291 * not need do high 16bit mask
1292 */
1293 else if ((i > 0x27c && i < 0x2b0) || (i == 0x508))
1294 mmio_write_32(CRU_BASE + i, store_cru[i / 4]);
1295 else
>>> CID 1385418: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "store_cru" of 355 4-byte elements at element index
>>> 355 (byte offset 1420) using index "i / 4" (which evaluates to 355).
1296 mmio_write_32(CRU_BASE + i,
1297 REG_SOC_WMSK | store_cru[i / 4]);
1298 }
1299 }
1300
1301 void wdt_register_save(void)
** CID 1385417: (NO_EFFECT)
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv2.c: 166 in plat_ic_is_sgi()
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv3.c: 190 in plat_ic_is_sgi()
________________________________________________________________________________________________________
*** CID 1385417: (NO_EFFECT)
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv2.c: 166 in plat_ic_is_sgi()
160 {
161 return (id >= MIN_PPI_ID) && (id < MIN_SPI_ID);
162 }
163
164 int plat_ic_is_sgi(unsigned int id)
165 {
>>> CID 1385417: (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is
>>> always true. "id >= 0U".
166 return (id >= MIN_SGI_ID) && (id < MIN_PPI_ID);
167 }
168
169 unsigned int plat_ic_get_interrupt_active(unsigned int id)
170 {
171 return gicv2_get_interrupt_active(id);
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv3.c: 190 in plat_ic_is_sgi()
184 {
185 return (id >= MIN_PPI_ID) && (id < MIN_SPI_ID);
186 }
187
188 int plat_ic_is_sgi(unsigned int id)
189 {
>>> CID 1385417: (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is
>>> always true. "id >= 0U".
190 return (id >= MIN_SGI_ID) && (id < MIN_PPI_ID);
191 }
192
193 unsigned int plat_ic_get_interrupt_active(unsigned int id)
194 {
195 return gicv3_get_interrupt_active(id, plat_my_core_pos());
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5aYGXzds5cLMhnEDKfV4jjd7s8G5JwffZ4Nalg8MSWmLLLqfRzB5dmXCnSMTvssg4tYOQquOmQZBGjRfLLIP2cERGwdmM2Hcz5NePQIaqLkHWneFGpyVrW-2FXSpL50w1RqqQUCQS5G1L1Hi1QzcEAghW1Jm-2Bgt0HNLgHmQovJCD-2BESsnAW-2BG9AobV975ZOuu328-3D
To manage Coverity Scan email notifications for "coreboot@coreboot.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqfkfgGF5ECMwHI0-2FVznrU953Dvw3Ddjop950pccFQ-2Br0qaXkQSgAjbZsF6g7Yem3Y-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5aYGXzds5cLMhnEDKfV4jjdGSFteFDiF7nzvIQmwVdG8dK06eVg-2BsG1tBlCt6fs-2FZ0pbtX9FU64e-2F5t1EY2sfN2I06xAfOG7X0p66AqiQDhBFSm5DvYzsx683J557-2B1NBagpDOC3ll4kWKt9kTy6zqKtmKDEydr8-2BVU0K-2B-2BJyiNzMMaoz-2Bf3Ayxo8opMdRYTgI-3D
--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
