Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1490122: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 305 in get_dpr_size()
________________________________________________________________________________________________________
*** CID 1490122: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 305 in get_dpr_size()
299 }
300 uint64_t get_dpr_size(struct device *dev)
301 {
302 uint64_t size;
303 uint32_t dpr_reg = pci_read_config32(dev, DPR_REG);
304 uint32_t size_field = (dpr_reg & MASK_DPR_LENGTH) >>
MASK_DPR_LENGTH_LSB;
>>> CID 1490122: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "size_field * 1048576U" with type
>>> "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
>>> and then used in a context that expects an expression of type "uint64_t"
>>> (64 bits, unsigned).
305 size = size_field * MiB;
306 return size;
** CID 1490121: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 254 in get_dsm_size()
________________________________________________________________________________________________________
*** CID 1490121: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/intel/alderlake/systemagent.c: 254 in get_dsm_size()
248 uint32_t reg32 = pci_read_config32(dev, GGC);
249 uint64_t size;
250 uint32_t size_field = (reg32 & MASK_DSM_LENGTH) >>
MASK_DSM_LENGTH_LSB;
251 if (size_field <= 0x10) { // 0x0 - 0x10
252 size = size_field * 32 * MiB;
253 } else if ((size_field >= 0xF0) && (size_field >= 0xFE)) {
>>> CID 1490121: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(size_field - 239U) * 4U *
>>> 1048576U" with type "unsigned int" (32 bits, unsigned) is evaluated using
>>> 32-bit arithmetic, and then used in a context that expects an expression of
>>> type "uint64_t" (64 bits, unsigned).
254 size = (size_field - 0xEF) * 4 * MiB;
255 } else {
256 switch (size_field) {
257 case 0x20:
258 size = 1 * GiB;
259 break;
** CID 1490120: Resource leaks (RESOURCE_LEAK)
/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c: 217 in
test_cbfs_map_valid_hash_impl()
________________________________________________________________________________________________________
*** CID 1490120: Resource leaks (RESOURCE_LEAK)
/payloads/libpayload/tests/libcbfs/cbfs-verification-test.c: 217 in
test_cbfs_map_valid_hash_impl()
211 mapping = cbfs_map(TEST_DATA_1_FILENAME, &size);
212 assert_non_null(mapping);
213 assert_int_equal(TEST_DATA_1_SIZE, size);
214 assert_memory_equal(test_data_1, mapping, size);
215 cbfs_unmap(mapping);
216 }
>>> CID 1490120: Resource leaks (RESOURCE_LEAK)
>>> Variable "mapping" going out of scope leaks the storage it points to.
217 }
218
219 static void test_cbfs_map_valid_hash(void **state)
220 {
221 test_cbfs_map_valid_hash_impl(state, false);
222 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DW7qS_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn2Lam0iRksDuu5wAM5HDg-2F0Km-2BOQSxCQoSjtAAEv13lgotKuXqhnEPXEcqqAj-2FLR-2F1GI2ARdV7g4VEHXHn-2B2myeaPjBQAzDAEfVGoDTaiEHiIPNVxwrMnqW7neCX-2FftVZbsFDREOFnrJelU3vgsMYOx1SBsknWA10fBtAkGGnSn6Q-3D-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
