Hi all, As you may know, every other week, we get together for an hour to review patches that haven't seen much progress in gerrit.
This week, and every 4th week going forward, we're going to try something different. We'll review the errors in the coverity tracker instead. https://scan.coverity.com/projects/coreboot?tab=overview Here are the some issues we want to try to review this week. coreboot/src CID | Type | File | Category | Function 1260909 | Logically dead code | cpu/x86/mp_init.c | Control flow issues | start_aps 1612094 | Overflowed constant | cpu/x86/mtrr/mtrr.c | Integer handling issues | calc_var_mtrr_range 1612075 | Bad bit shift operation | cpu/x86/mtrr/mtrr.c | Integer handling issues | calc_var_mtrr_range 1612068 | Overflowed constant | cpu/x86/mtrr/xip_cache.c | Integer handling issues | platform_prog_run 1469303 | Untrusted divisor | device/dram/ddr3.c | Insecure data handling | spd_xmp_decode_ddr3 1612007 | Overflowed return value | commonlib/bsd/ipchksum.c | Insecure data handling | ipchksum 1402153 | Untrusted value as argument | commonlib/bsd/lz4.c.inc | Insecure data handling | LZ4_decompress_generic 1401799 | Resource leak | commonlib/device_tree.c | Resource leaks | fdt_unflatten 1612046 | Unintentional integer overflow | include/cpu/x86/mtrr.h | Integer handling issues | calculate_var_mtrr_size 1431124 | Bad bit shift operation | security/intel/txt/common.c | Integer handling issues | validate_acm 1513097 | Untrusted loop bound | security/tpm/tspi/log-tpm2.c | Insecure data handling | tpm2_log_dump 1513083 | Untrusted array index read | security/tpm/tspi/log-tpm2.c | Insecure data handling | tpm2_log_add_table_entry 1469429 | Untrusted value as argument | security/tpm/tss/tcg-2.0/tss_marshaling.c | Insecure data handling | unmarshal_nv_read 1611971 | Invalid type in argument | device/device_util.c | API usage errors | dev_path | to printf format specifier | | | coreboot/payloads/libpayload CID | Type | File | Category | Function 1513086 | Out-of-bounds access | arch/arm64/mmu.c | Memory - corruptions | mmu_init 1612049 | Unintentional integer overflow | arch/x86/apic.c | Integer handling issues | apic_start_delay 1612042 | Overflowed return value | arch/x86/timer.c | Insecure data handling | get_cpu_khz_fast 1469442 | Argument cannot be negative | curses/PDCurses/pdcurses/insstr.c | Error handling issues | mvinsstr 1469386 | Argument cannot be negative | curses/PDCurses/pdcurses/insstr.c | Error handling issues | insstr 1469362 | Argument cannot be negative | curses/PDCurses/pdcurses/insstr.c | Error handling issues | winsstr 1469348 | Argument cannot be negative | curses/PDCurses/pdcurses/insstr.c | Error handling issues | mvwinsstr 1419477 | Resource leak | drivers/cbmem_console.c | Resource leaks | cbmem_console_snapshot 1612080 | Overflowed integer argument | drivers/usb/ehci.c | Insecure data handling | ehci_bulk 1611977 | Overflowed return value | drivers/usb/ehci.c | Insecure data handling | ehci_control 1612090 | Overflowed constant | drivers/usb/ohci.c | Integer handling issues | ohci_fill_intrq_td 1612019 | Overflowed return value | drivers/usb/ohci.c | Insecure data handling | ohci_control 1612017 | Overflowed return value | drivers/usb/ohci.c | Insecure data handling | ohci_bulk 1611976 | Resource leak | drivers/usb/uhci.c | Resource leaks | uhci_create_intr_queue 1487524 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_reset_endpoint 1487473 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_create_intr_queue 1487460 | Out-of-bounds write | drivers/usb/xhci.c | Memory - corruptions | xhci_create_intr_queue 1487450 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_poll_intr_queue 1487446 | Out-of-bounds write | drivers/usb/xhci.c | Memory - corruptions | xhci_destroy_intr_queue 1487439 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_bulk 1487416 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_reset_endpoint 1487383 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_bulk 1487379 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_destroy_intr_queue 1487375 | Out-of-bounds read | drivers/usb/xhci.c | Memory - illegal accesses | xhci_destroy_intr_queue 1612015 | Memset fill value of '0' | gdb/transport.c | Memory - illegal accesses | gdb_message_encode_zero_bytes 1513092 | Out-of-bounds access | libc/printf.c | Memory - corruptions | vsprintf 1612100 | Logically dead code | libc/string.c | Control flow issues | strtoul 1611985 | Logically dead code | libc/string.c | Control flow issues | strtol 1513071 | Operands don't affect result | libc/string.c | Integer handling issues | strtol 1513081 | Out-of-bounds access | liblzma/lzma.c | Memory - corruptions | ulzma Martin _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
