Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
7 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/gcov-glue.c: 128 in coverage_init()
________________________________________________________________________________________________________
*** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/lib/gcov-glue.c: 128 in coverage_init()
122 extern long __CTOR_LIST__;
123 typedef void (*func_ptr)(void);
124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__;
125 if (ctor == NULL)
126 return;
127
>>> CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "ctor" as an array. This might corrupt or misinterpret adjacent
>>> memory locations.
128 for (; *ctor != (func_ptr) 0; ctor++)
129 (*ctor)();
130 }
131
132 void __gcov_flush(void);
133 static void coverage_exit(void *unused)
** CID 1431126: (DEADCODE)
/src/lib/libgcov.c: 425 in gcov_exit()
/src/lib/libgcov.c: 391 in gcov_exit()
________________________________________________________________________________________________________
*** CID 1431126: (DEADCODE)
/src/lib/libgcov.c: 425 in gcov_exit()
419 fname += 2;
420
421 /* Build relocated filename, stripping off leading
422 * directories from the initial filename if requested.
423 */
424 if (gcov_prefix_strip > 0) {
>>> CID 1431126: (DEADCODE)
>>> Execution cannot reach this statement: "level = 0;".
425 int level = 0;
426
427 s = fname;
428 if (IS_DIR_SEPARATOR(*s))
429 ++s;
430
/src/lib/libgcov.c: 391 in gcov_exit()
385 } else
386 #endif
387 prefix_length = 0;
388
389 /* If no prefix was specified and a prefix strip, then we assume
390 relative. */
>>> CID 1431126: (DEADCODE)
>>> Execution cannot reach the expression "prefix_length == 0UL" inside
>>> this statement: "if (gcov_prefix_strip != 0 ...".
391 if (gcov_prefix_strip != 0 && prefix_length == 0) {
392 gcov_prefix = ".";
393 prefix_length = 1;
394 }
395 /* Allocate and initialize the filename scratch space plus one.
*/
396 gi_filename = (char *) alloca(prefix_length + gcov_max_filename
+ 2);
** CID 1431125: Control flow issues (DEADCODE)
/src/lib/gcov-glue.c: 126 in coverage_init()
________________________________________________________________________________________________________
*** CID 1431125: Control flow issues (DEADCODE)
/src/lib/gcov-glue.c: 126 in coverage_init()
120 static void coverage_init(void *unused)
121 {
122 extern long __CTOR_LIST__;
123 typedef void (*func_ptr)(void);
124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__;
125 if (ctor == NULL)
>>> CID 1431125: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
126 return;
127
128 for (; *ctor != (func_ptr) 0; ctor++)
129 (*ctor)();
130 }
131
** CID 1431124: Integer handling issues (BAD_SHIFT)
/src/security/intel/txt/common.c: 166 in validate_acm()
________________________________________________________________________________________________________
*** CID 1431124: Integer handling issues (BAD_SHIFT)
/src/security/intel/txt/common.c: 166 in validate_acm()
160 /*
161 * Causes #GP if acm_header->size > processor internal
authenticated
162 * code area capacity.
163 * SAFER MODE EXTENSIONS REFERENCE.
164 * Intel 64 and IA-32 Architectures Software Developer Manuals
Vol 2D
165 */
>>> CID 1431124: Integer handling issues (BAD_SHIFT)
>>> In expression "1UL << log2_ceil((acm_header->size & 0xffffffU) << 2)",
>>> shifting by a negative amount has undefined behavior. The shift amount,
>>> "log2_ceil((acm_header->size & 0xffffffU) << 2)", is -1.
166 const size_t acm_len = 1UL << log2_ceil((acm_header->size &
0xffffff) << 2);
167 if (max_size_acm_area < acm_len) {
168 printk(BIOS_ERR, "TEE-TXT: BIOS ACM doesn't fit into AC
execution region\n");
169 return ACM_E_NOT_FIT_INTO_CPU_ACM_MEM;
170 }
171
** CID 1431123: Control flow issues (DEADCODE)
/src/lib/libgcov.c: 398 in gcov_exit()
________________________________________________________________________________________________________
*** CID 1431123: Control flow issues (DEADCODE)
/src/lib/libgcov.c: 398 in gcov_exit()
392 gcov_prefix = ".";
393 prefix_length = 1;
394 }
395 /* Allocate and initialize the filename scratch space plus one.
*/
396 gi_filename = (char *) alloca(prefix_length + gcov_max_filename
+ 2);
397 if (prefix_length)
>>> CID 1431123: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "memcpy(gi_filename, gcov_pr...".
398 memcpy(gi_filename, gcov_prefix, prefix_length);
399 gi_filename_up = gi_filename + prefix_length;
400
401 /* Now merge each file. */
402 for (gi_ptr = gcov_list; gi_ptr; gi_ptr = gi_ptr->next) {
403 unsigned int n_counts;
** CID 1255942: Code maintainability issues (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 572 in usbdebug_init_()
________________________________________________________________________________________________________
*** CID 1255942: Code maintainability issues (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 572 in usbdebug_init_()
566 dbgp_mdelay(100);
567
568 struct ehci_dbg_port *port = (void
*)(uintptr_t)info->ehci_debug;
569 ret = dbgp_probe_gadget(port, &info->ep_pipe[0]);
570 if (ret < 0) {
571 dprintk(BIOS_INFO, "Could not probe gadget on debug
port.\n");
>>> CID 1255942: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "-6" to "ret" here, but that stored value is
>>> overwritten before it can be used.
572 ret = -6;
573 goto err;
574 }
575
576 info->ep_pipe[0].status &= ~DBGP_EP_NOT_PRESENT;
577
** CID 1241836: Code maintainability issues (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 561 in usbdebug_init_()
________________________________________________________________________________________________________
*** CID 1241836: Code maintainability issues (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 561 in usbdebug_init_()
555 ctrl |= DBGP_CLAIM;
556 write32(&ehci_debug->control, ctrl);
557 ctrl = read32(&ehci_debug->control);
558 if ((ctrl & DBGP_CLAIM) != DBGP_CLAIM) {
559 dprintk(BIOS_INFO, "No device in EHCI debug port.\n");
560 write32(&ehci_debug->control, ctrl & ~DBGP_CLAIM);
>>> CID 1241836: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "-4" to "ret" here, but that stored value is
>>> overwritten before it can be used.
561 ret = -4;
562 goto err;
563 }
564 dprintk(BIOS_INFO, "EHCI debug port enabled.\n");
565
566 dbgp_mdelay(100);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D455C_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2nxZXRvU81UqbZdedmlJOF1MtVK2YYoZ-2BpAPKbyUXFQ01r-2FAgciusLsoR1kg0nsGCaDnvffgLY7VTYzoqbsFXvnvY9fXq-2F7MWU-2F6uUeftWtT201eEaFLUSbYe1gmkNTuLDvE7wz5M2lONGeeuXmv0iw6jSf-2B8G-2BfZNhoYWpjsCUlzP3-2Bkl1kFh1-2FBlnE0sJfY-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
