fyi; I should see if I can get this put to the list directly... ---------- Forwarded message --------- From: <scan-ad...@coverity.com> Date: Thu, Jan 28, 2021 at 11:59 AM Subject: New Defects reported by Coverity Scan for RTEMS To: <ged...@gwmail.gwu.edu>
Hi, Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan. 7 new defect(s) introduced to RTEMS found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s) ** CID 1472601: Null pointer dereferences (NULL_RETURNS) /bsps/shared/ofw/ofw.c: 627 in rtems_ofw_get_reg() ________________________________________________________________________________________________________ *** CID 1472601: Null pointer dereferences (NULL_RETURNS) /bsps/shared/ofw/ofw.c: 627 in rtems_ofw_get_reg() 621 nranges = len / sizeof(rtems_ofw_ranges); 622 623 offset = 0; 624 for (int i=0; i < nregs; i++) { 625 for (int j=0; j < nranges; j++) { 626 >>> CID 1472601: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing "ptr", which is known to be "NULL". 627 range.parent_bus = fdt32_to_cpu(ptr[j].parent_bus); 628 range.child_bus = fdt32_to_cpu(ptr[j].child_bus); 629 range.size = fdt32_to_cpu(ptr[j].size); 630 631 if (buf[i].start >= range.child_bus && 632 buf[i].start < range.child_bus + range.size) { ** CID 1472600: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 377 in rtems_ofw_get_enc_prop_alloc() ________________________________________________________________________________________________________ *** CID 1472600: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 377 in rtems_ofw_get_enc_prop_alloc() 371 if (*buf == NULL) { 372 return -1; 373 } 374 375 if (rtems_ofw_get_enc_prop(node, propname, *buf, len) == -1) { 376 rtems_ofw_free(buf); >>> CID 1472600: Memory - corruptions (USE_AFTER_FREE) >>> Dereferencing freed pointer "buf". 377 *buf = NULL; 378 return -1; 379 } 380 } 381 382 return len; ** CID 1472599: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 348 in rtems_ofw_get_prop_alloc_multi() ________________________________________________________________________________________________________ *** CID 1472599: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 348 in rtems_ofw_get_prop_alloc_multi() 342 if (*buf == NULL) { 343 return -1; 344 } 345 346 if (rtems_ofw_get_prop(node, propname, *buf, len) == -1) { 347 rtems_ofw_free(buf); >>> CID 1472599: Memory - corruptions (USE_AFTER_FREE) >>> Dereferencing freed pointer "buf". 348 *buf = NULL; 349 return -1; 350 } 351 } 352 353 return (len / elsz); ** CID 1472598: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 317 in rtems_ofw_get_prop_alloc() ________________________________________________________________________________________________________ *** CID 1472598: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 317 in rtems_ofw_get_prop_alloc() 311 if (*buf == NULL) { 312 return -1; 313 } 314 315 if (rtems_ofw_get_prop(node, propname, *buf, len) == -1) { 316 rtems_ofw_free(buf); >>> CID 1472598: Memory - corruptions (USE_AFTER_FREE) >>> Dereferencing freed pointer "buf". 317 *buf = NULL; 318 return -1; 319 } 320 } 321 322 return len; ** CID 1472597: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1472597: Memory - corruptions (ARRAY_VS_SINGLETON) /bsps/shared/ofw/ofw.c: 510 in rtems_ofw_get_effective_phandle() 504 505 for (child = rtems_ofw_child(node); child != 0; child = rtems_ofw_peer(child)) { 506 ref = rtems_ofw_get_effective_phandle(child, xref); 507 if (ref != -1) 508 return ref; 509 >>> CID 1472597: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Passing "&ref" to function "rtems_ofw_get_enc_prop" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 510 if (rtems_ofw_get_enc_prop(child, "phandle", &ref, sizeof(ref)) == -1 && 511 rtems_ofw_get_enc_prop(child, "ibm,phandle", &ref, sizeof(ref)) == -1 && 512 rtems_ofw_get_enc_prop(child, "linux,phandle", &ref, sizeof(ref)) == -1 513 ) { 514 continue; 515 } ** CID 1472596: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 408 in rtems_ofw_get_enc_prop_alloc_multi() ________________________________________________________________________________________________________ *** CID 1472596: Memory - corruptions (USE_AFTER_FREE) /bsps/shared/ofw/ofw.c: 408 in rtems_ofw_get_enc_prop_alloc_multi() 402 if (*buf == NULL) { 403 return -1; 404 } 405 406 if (rtems_ofw_get_enc_prop(node, propname, *buf, len) == -1) { 407 rtems_ofw_free(buf); >>> CID 1472596: Memory - corruptions (USE_AFTER_FREE) >>> Dereferencing freed pointer "buf". 408 *buf = NULL; 409 return -1; 410 } 411 } 412 413 return (len / elsz); ** CID 1472595: Memory - corruptions (ARRAY_VS_SINGLETON) ________________________________________________________________________________________________________ *** CID 1472595: Memory - corruptions (ARRAY_VS_SINGLETON) /bsps/shared/ofw/ofw.c: 538 in rtems_ofw_xref_from_node() 532 } 533 534 phandle_t rtems_ofw_xref_from_node( phandle_t node ) 535 { 536 phandle_t ref; 537 >>> CID 1472595: Memory - corruptions (ARRAY_VS_SINGLETON) >>> Passing "&ref" to function "rtems_ofw_get_enc_prop" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 538 if (rtems_ofw_get_enc_prop(node, "phandle", &ref, sizeof(ref)) == -1 && 539 rtems_ofw_get_enc_prop(node, "ibm,phandle", &ref, sizeof(ref)) == -1 && 540 rtems_ofw_get_enc_prop(node, "linux,phandle", &ref, sizeof(ref)) == -1) 541 { 542 return node; 543 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3D4rCS_NXfCUf1CLFYLbjXajJIgHlbL5qYn95oel6MvjPauKObfKXAxQ82kyzbTTgHGbdRzqrUhmhYWDX-2FyQdnWo5YnM-2FFUamWoMY-2BoKaEuqI2cyQv-2F-2Fhu0OTnekxXXUMfFLrMvhuvV4eI1uHLQGggvvsj-2FLfNGn-2BGPcv-2FG4UQSY4tky86S7nsFiHxxfqeXd31O6xy-2FCgLy2h3kVviDDWthwfms12-2BjQqk8Zt9jVBFB6z3QmdY-3D To manage Coverity Scan email notifications for "ged...@gwmail.gwu.edu", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxkxN7gn3yK5ofbuH1ptBFYw9YgpazuIaA-2BBUVKiHj8oUDwYWUynp42iaapm4KJU8XqWU01jaV7ANE1ZK33b9AxrNSft0QTNSkD2bLN6ho-2BnY-3DliTr_NXfCUf1CLFYLbjXajJIgHlbL5qYn95oel6MvjPauKObfKXAxQ82kyzbTTgHGbdRz-2BKYfPnlg8v0lG2OqkZltGqoPujs4o3Ew0WTou9CIxoFc4RjvuFhkcXGRn3c7g6KmB509Izxa1pJ-2F-2FjZk3UcbB8IeOv8BL-2FA9BKCOzInvZG8-2BJhuSFCgnDMpdzFxT189-2FHmarweYa8ZFAFFgf29GheX05-2F2-2FArB0zn-2F7w52Pa2yo-3D
_______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel