Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
1 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1516782: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1516782: (TAINTED_SCALAR)
/util/cbmem/cbmem.c: 1051 in dump_tpm_std_log()
1045
1046 tcg_spec_entry = event_log;
1047 if (!strcmp((const char *)tcg_spec_entry->signature,
TCG_EFI_SPEC_ID_EVENT_SIGNATURE)) {
1048 if (tcg_spec_entry->spec_version_major == 2 &&
1049 tcg_spec_entry->spec_version_minor == 0 &&
1050 le32toh(tcg_spec_entry->event_type) ==
EV_NO_ACTION) {
>>> CID 1516782: (TAINTED_SCALAR)
>>> Passing tainted expression "tcg_spec_entry->num_of_algorithms" to
>>> "parse_tpm2_log", which uses it as an offset.
1051 parse_tpm2_log(tcg_spec_entry);
1052 } else {
1053 fprintf(stderr, "Unknown TPM2 log
specification.\n");
1054 }
1055 unmap_memory(&log_mapping);
1056 return;
/util/cbmem/cbmem.c: 1051 in dump_tpm_std_log()
1045
1046 tcg_spec_entry = event_log;
1047 if (!strcmp((const char *)tcg_spec_entry->signature,
TCG_EFI_SPEC_ID_EVENT_SIGNATURE)) {
1048 if (tcg_spec_entry->spec_version_major == 2 &&
1049 tcg_spec_entry->spec_version_minor == 0 &&
1050 le32toh(tcg_spec_entry->event_type) ==
EV_NO_ACTION) {
>>> CID 1516782: (TAINTED_SCALAR)
>>> Passing tainted expression "tcg_spec_entry->digest_sizes" to
>>> "parse_tpm2_log", which uses it as a loop boundary.
1051 parse_tpm2_log(tcg_spec_entry);
1052 } else {
1053 fprintf(stderr, "Unknown TPM2 log
specification.\n");
1054 }
1055 unmap_memory(&log_mapping);
1056 return;
/util/cbmem/cbmem.c: 1038 in dump_tpm_std_log()
1032 tspec_entry = event_log;
1033 if (!strcmp((const char *)tspec_entry->signature,
TCPA_SPEC_ID_EVENT_SIGNATURE)) {
1034 if (tspec_entry->spec_version_major == 1 &&
1035 tspec_entry->spec_version_minor == 2 &&
1036 tspec_entry->spec_errata >= 1 &&
1037 le32toh(tspec_entry->entry.event_type) ==
EV_NO_ACTION) {
>>> CID 1516782: (TAINTED_SCALAR)
>>> Passing tainted expression "tspec_entry->vendor_info_size" to
>>> "parse_tpm12_log", which uses it as an offset.
1038 parse_tpm12_log(tspec_entry);
1039 } else {
1040 fprintf(stderr, "Unknown TPM1.2 log
specification\n");
1041 }
1042 unmap_memory(&log_mapping);
1043 return;
/util/cbmem/cbmem.c: 1038 in dump_tpm_std_log()
1032 tspec_entry = event_log;
1033 if (!strcmp((const char *)tspec_entry->signature,
TCPA_SPEC_ID_EVENT_SIGNATURE)) {
1034 if (tspec_entry->spec_version_major == 1 &&
1035 tspec_entry->spec_version_minor == 2 &&
1036 tspec_entry->spec_errata >= 1 &&
1037 le32toh(tspec_entry->entry.event_type) ==
EV_NO_ACTION) {
>>> CID 1516782: (TAINTED_SCALAR)
>>> Passing tainted expression "tspec_entry->vendor_info" to
>>> "parse_tpm12_log", which uses it as a loop boundary.
1038 parse_tpm12_log(tspec_entry);
1039 } else {
1040 fprintf(stderr, "Unknown TPM1.2 log
specification\n");
1041 }
1042 unmap_memory(&log_mapping);
1043 return;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3DREJO_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3M8lgThQpu6smGKwilZs-2Fe5HNtls9mVAhNeodW5bHfjdVDAlMs3EwafqV81AFNXKYKHJnfZ7uslITVI3mwdMWZGVIYeFViHS9EXTaGEyIu6FDcdMHxA1ihZgneG1CHkS0jLkV1cPQXLIWkU0qwwIfoLn7iTIDWdds0qPg1it-2B7SQ-3D-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
