Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1498391: (TAINTED_SCALAR)
/src/commonlib/fsp_relocate.c: 229 in pe_relocate()
/src/commonlib/fsp_relocate.c: 256 in pe_relocate()
________________________________________________________________________________________________________
*** CID 1498391: (TAINTED_SCALAR)
/src/commonlib/fsp_relocate.c: 229 in pe_relocate()
223 rsize =
read_le32(&ophdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);
224 roffset =
read_le32(&ophdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
225 printk(FSP_DBG_LVL, "relocation table at offset-%x,size=%x\n",
roffset, rsize);
226 // TODO - add support for PE32+ also
227
228 offset = roffset;
>>> CID 1498391: (TAINTED_SCALAR)
>>> Using tainted variable "roffset + rsize" as a loop boundary.
229 while (offset < (roffset + rsize)) {
230 uint32_t vaddr;
231 uint32_t rlen, rnum;
232 uint16_t *rdata;
233 uint32_t i;
234 EFI_IMAGE_DATA_DIRECTORY *relocd;
/src/commonlib/fsp_relocate.c: 256 in pe_relocate()
250 printk(FSP_DBG_LVL, "\t\treloc type %x offset
%x aoff %x, base-0x%x\n",
251 rtype, roff, aoff,
img_base_off);
252 switch (rtype) {
253 case EFI_IMAGE_REL_BASED_ABSOLUTE:
254 continue;
255 case EFI_IMAGE_REL_BASED_HIGHLOW:
>>> CID 1498391: (TAINTED_SCALAR)
>>> Using tainted variable "aoff" as an index to pointer "pe_base".
256 val = read_le32(&pe_base[aoff]);
257 printk(FSP_DBG_LVL, "Adjusting %p %x ->
%x\n",
258 &pe_base[aoff], val, val +
delta);
259 write_le32(&pe_base[aoff], val + delta);
260 break;
261 case EFI_IMAGE_REL_BASED_DIR64:
** CID 1498390: Null pointer dereferences (FORWARD_NULL)
/src/commonlib/fsp_relocate.c: 650 in relocate_fvh()
________________________________________________________________________________________________________
*** CID 1498390: Null pointer dereferences (FORWARD_NULL)
/src/commonlib/fsp_relocate.c: 650 in relocate_fvh()
644 printk(FSP_DBG_LVL, "TE image at offset
%zx\n",
645 section_offset);
646 te_relocate(section_addr, section_data);
647 } else if (read_le8(&csh->Type) ==
EFI_SECTION_PE32) {
648 printk(FSP_DBG_LVL, "PE32 image at
offset %zx\n",
649 section_offset);
>>> CID 1498390: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "fih_offset".
650 pe_relocate(new_addr, section_data,
fsp, *fih_offset);
651 }
652
653 offset += data_size + data_offset;
654 /* Sections are aligned to 4 bytes. */
655 offset = ALIGN_UP(offset, 4);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DEAqJ_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn1709i6BtFAMY7VNil93KAmEaYZ9N1NKECHCPlboZ9suiFRBPdmiXO-2FiNSiovxoGh9a6zVcwBnUjznsKbZ2HjCT1oUTP602gF7hQul-2FDqSeW1htjHKbwU1LX1-2FplkbRPA-2BlQEYEoE35V4VwVBvbMOpp3i542ulx-2B5M2dmudrU7dzg-3D-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
