Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in
ConfigureDefaultUpdData()
** CID 1255945: Dereference null return value (NULL_RETURNS)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
** CID 1255944: Dereference null return value (NULL_RETURNS)
/src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
** CID 1255943: Dereference null return value (NULL_RETURNS)
/src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
** CID 1255942: Unused value (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_()
________________________________________________________________________________________________________
*** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in
ConfigureDefaultUpdData()
149 case MIPI_DEV_FUNC: /* Camera / Image
Signal Processing */
150 if (FspInfo->ImageRevision >=
FSP_GOLD3_REV_ID) {
151 UpdData->ISPEnable =
dev->enabled;
152 } else {
153 /* Gold2 and earlier FSP:
ISPEnable is the filed */
154 /* next to PcdGttSize in
UPD_DATA_REGION struct */
>>> CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Using "&UpdData->PcdGttSize" as an array. This might corrupt or
>>> misinterpret adjacent memory locations.
155
*(&(UpdData->PcdGttSize)+sizeof(UINT8)) = dev->enabled;
156 printk (BIOS_DEBUG,
157 "Baytrail Gold2 or
earlier FSP, adjust ISPEnable offset.\n");
158 }
159 printk(BIOS_DEBUG, "MIPI/ISP:\t\t%s\n",
160
UpdData->PcdEnableSdio?"Enabled":"Disabled");
________________________________________________________________________________________________________
*** CID 1255945: Dereference null return value (NULL_RETURNS)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
92 file = cbfs_get_file(&media, (const char*)CONFIG_CBFS_AGESA_NAME);
93 if (!file) return NULL;
94 agesa = cbfs_get_file_content(&media, (const
char*)CONFIG_CBFS_AGESA_NAME, ntohl(file->type), &file_size);
95 if (!agesa) return NULL;
96
97 image = LibAmdLocateImage(agesa, agesa + ntohl(file->len) - 1, 4096,
name);
>>> CID 1255945: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "image".
98 module = (AMD_MODULE_HEADER*)image->ModuleInfoOffset;
99
100 return module;
101 }
102
103 /**********************************************************************
________________________________________________________________________________________________________
*** CID 1255944: Dereference null return value (NULL_RETURNS)
/src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
31 #define DIMENSION(array)(sizeof (array)/ sizeof (array [0]))
32
33 AGESA_STATUS AmdMemoryReadSPD (UINT32 unused1, UINT32 unused2,
AGESA_READ_SPD_PARAMS *info)
34 {
35 int spdAddress;
36 ROMSTAGE_CONST struct device *dev = dev_find_slot(0, PCI_DEVFN(0x18,
2));
>>> CID 1255944: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "dev".
37 ROMSTAGE_CONST struct northbridge_amd_pi_00730F01_config *config =
dev->chip_info;
38
39 if ((dev == 0) || (config == 0))
40 return AGESA_ERROR;
41
42 if (info->SocketId >= DIMENSION(config->spdAddrLookup ))
________________________________________________________________________________________________________
*** CID 1255943: Dereference null return value (NULL_RETURNS)
/src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
158
159 static void move_stack_high_mem(void)
160 {
161 void *high_stack;
162
163 high_stack = cbmem_find(CBMEM_ID_RESUME_SCRATCH);
>>> CID 1255943: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "high_stack" when calling
>>> "memcpy". [Note: The source code implementation of the function has been
>>> overridden by a builtin model.]
164 memcpy(high_stack, (void *)BSP_STACK_BASE_ADDR,
165 (CONFIG_HIGH_SCRATCH_MEMORY_SIZE - BIOS_HEAP_SIZE));
166
167 __asm__
168 volatile ("add %0, %%esp; add %0, %%ebp; invd"::"g"
169 (high_stack - BSP_STACK_BASE_ADDR)
________________________________________________________________________________________________________
*** CID 1255942: Unused value (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_()
567
568 dbgp_mdelay(100);
569
570 ret = dbgp_probe_gadget(info->ehci_debug, &info->ep_pipe[0]);
571 if (ret < 0) {
572 dprintk(BIOS_INFO, "Could not probe gadget on debug
port.\n");
>>> CID 1255942: Unused value (UNUSED_VALUE)
>>> Value "-6" is assigned to "ret" here, but that stored value is not used
>>> before it is overwritten.
573 ret = -6;
574 goto err;
575 }
576
577 return 0;
578 err:
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1016?tab=overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
--
coreboot mailing list: [email protected]
http://www.coreboot.org/mailman/listinfo/coreboot
