Based on feedback thus far:
On 04/13/19 01:31, Laszlo Ersek wrote:
> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1710
> Repo: https://github.com/lersek/edk2.git
> Branch: covscan_bz_1710
>
> "covscan" is an internal service at Red Hat that lets associates run
> static analysis tools on Fedora/RHEL packages. It drives a number of
> static analyzers.
>
> While covscan's existence is not "secret" (if you google it, you get a
> bunch of hits in the Red Hat Bugzilla), I can *not* use or offer
> covscan as a general upstream tool; for that the TianoCore community
> will have to build its own service / environment.
>
> Anyway, "covscan" happened to drop a bunch of reports on me for...
> "reasons", and so I turned a short 10 hour workday into yet anoher
> normal 15 hour workday (stealing some free time whence there was none)
> in order to do something, up-stream, about the warnings that affected
> OvmfPkg. No claim is made about the completeness of the scan's
> coverage.
>
> Some of the patches seek to suppress warnings, some strive to remedy
> valid-looking issues. We should not spend much time on this series.
>
> Cc: Anthony Perard <anthony.per...@citrix.com>
> Cc: Ard Biesheuvel <ard.biesheu...@linaro.org>
> Cc: Bob Feng <bob.c.f...@intel.com>
> Cc: Jordan Justen <jordan.l.jus...@intel.com>
> Cc: Julien Grall <julien.gr...@arm.com>
> Cc: Liming Gao <liming....@intel.com>
> Cc: Michael D Kinney <michael.d.kin...@intel.com>
> Cc: Yonghong Zhu <yonghong....@intel.com>
>
> Thanks
> Laszlo
>
> Laszlo Ersek (10):
I'll submit a v2 subseries with the first 5 patches:
> MdePkg/PiFirmwareFile: express IS_SECTION2 in terms of SECTION_SIZE
> MdePkg/PiFirmwareFile: fix undefined behavior in SECTION_SIZE
> BaseTools/PiFirmwareFile: fix undefined behavior in SECTION_SIZE
> MdePkg/PiFirmwareFile: fix undefined behavior in FFS_FILE_SIZE
> OvmfPkg/Sec: fix out-of-bounds reads
This is because patches 2 through 4 have to be reworked, and patches 1
and 5 make no real sense without 2-4.
Regarding the rest (6-10):
> OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer
> OvmfPkg/AcpiPlatformDxe: suppress invalid "deref of undef pointer"
> warning
> OvmfPkg: suppress "Value stored to ... is never read" analyzer
> warnings
> OvmfPkg/AcpiPlatformDxe: catch theoretical nullptr deref in Xen code
> OvmfPkg/BasePciCapLib: suppress invalid "nullptr deref" warning
I've dropped patch 8 because both Jordan and I dislike it quite a bit,
and it only aims to suppress invalid warnings. I can do that in RH
covscan too.
I've pushed the rest (6-7 and 9-10) with Ard's A-b, and also picked up
Phil's R-b wherever he posted it (933f1990f583..c2f643479eb3):
1 52d229238b2d OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer
2 dc5bbf10741c OvmfPkg/AcpiPlatformDxe: suppress invalid "deref of undef
pointer" warning
3 e30991740d18 OvmfPkg/AcpiPlatformDxe: catch theoretical nullptr deref
in Xen code
4 c2f643479eb3 OvmfPkg/BasePciCapLib: suppress invalid "nullptr deref"
warning
Thanks,
Laszlo
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#39301): https://edk2.groups.io/g/devel/message/39301
Mute This Topic: https://groups.io/mt/31070300/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
