Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in
ConfigureDefaultUpdData()
** CID 1255945: Dereference null return value (NULL_RETURNS)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
** CID 1255944: Dereference null return value (NULL_RETURNS)
/src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
** CID 1255943: Dereference null return value (NULL_RETURNS)
/src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
** CID 1255942: Unused value (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_()
*** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in
ConfigureDefaultUpdData()
149 case MIPI_DEV_FUNC: /* Camera / Image
Signal Processing */
150 if (FspInfo-ImageRevision =
FSP_GOLD3_REV_ID) {
151 UpdData-ISPEnable =
dev-enabled;
152 } else {
153 /* Gold2 and earlier FSP:
ISPEnable is the filed*/
154 /* next to PcdGttSize in
UPD_DATA_REGION struct */
CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
Using UpdData-PcdGttSize as an array. This might corrupt or
misinterpret adjacent memory locations.
155
*((UpdData-PcdGttSize)+sizeof(UINT8)) = dev-enabled;
156 printk (BIOS_DEBUG,
157 Baytrail Gold2 or
earlier FSP, adjust ISPEnable offset.\n);
158 }
159 printk(BIOS_DEBUG, MIPI/ISP:\t\t%s\n,
160
UpdData-PcdEnableSdio?Enabled:Disabled);
*** CID 1255945: Dereference null return value (NULL_RETURNS)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
92 file = cbfs_get_file(media, (const char*)CONFIG_CBFS_AGESA_NAME);
93 if (!file) return NULL;
94 agesa = cbfs_get_file_content(media, (const
char*)CONFIG_CBFS_AGESA_NAME, ntohl(file-type), file_size);
95 if (!agesa) return NULL;
96
97 image = LibAmdLocateImage(agesa, agesa + ntohl(file-len) - 1, 4096,
name);
CID 1255945: Dereference null return value (NULL_RETURNS)
Dereferencing a null pointer image.
98 module = (AMD_MODULE_HEADER*)image-ModuleInfoOffset;
99
100 return module;
101 }
102
103 /**
*** CID 1255944: Dereference null return value (NULL_RETURNS)
/src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
31 #define DIMENSION(array)(sizeof (array)/ sizeof (array [0]))
32
33 AGESA_STATUS AmdMemoryReadSPD (UINT32 unused1, UINT32 unused2,
AGESA_READ_SPD_PARAMS *info)
34 {
35 int spdAddress;
36 ROMSTAGE_CONST struct device *dev = dev_find_slot(0, PCI_DEVFN(0x18,
2));
CID 1255944: Dereference null return value (NULL_RETURNS)
Dereferencing a null pointer dev.
37 ROMSTAGE_CONST struct northbridge_amd_pi_00730F01_config *config =
dev-chip_info;
38
39 if ((dev == 0) || (config == 0))
40 return AGESA_ERROR;
41
42 if (info-SocketId = DIMENSION(config-spdAddrLookup ))
*** CID 1255943: Dereference null return value (NULL_RETURNS)
/src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
158
159 static void move_stack_high_mem(void)
160 {
161 void *high_stack;
162
163 high_stack = cbmem_find(CBMEM_ID_RESUME_SCRATCH);
CID 1255943: Dereference null return value (NULL_RETURNS)
Dereferencing a pointer that might be null high_stack when calling
memcpy. [Note: The source code implementation of the function has been
overridden by a builtin model.]
164 memcpy(high_stack, (void *)BSP_STACK_BASE_ADDR,
165 (CONFIG_HIGH_SCRATCH_MEMORY_SIZE