Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
250 new defect(s) introduced to coreboot found with Coverity Scan.
42 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 250 defect(s)
** CID 1325829: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 148 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 151 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 166 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 167 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 171 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 173 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 177 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 179 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 148 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 151 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 166 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 167 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 171 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 173 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 177 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 179 in htif_interrupt()
________________________________________________________________________________________________________
*** CID 1325829: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 148 in htif_interrupt()
142 return 0;
143
144 uintptr_t dev = FROMHOST_DEV(fromhost);
145 uintptr_t cmd = FROMHOST_CMD(fromhost);
146 uintptr_t data = FROMHOST_DATA(fromhost);
147
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
148 sbi_device_message* m = HLS()->device_request_queue_head;
149 sbi_device_message* prev = 0x0;
150 unsigned long i, n;
151 for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152 /*
153 if (!supervisor_paddr_valid(m, sizeof(*m))
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 151 in htif_interrupt()
145 uintptr_t cmd = FROMHOST_CMD(fromhost);
146 uintptr_t data = FROMHOST_DATA(fromhost);
147
148 sbi_device_message* m = HLS()->device_request_queue_head;
149 sbi_device_message* prev = 0x0;
150 unsigned long i, n;
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
151 for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152 /*
153 if (!supervisor_paddr_valid(m, sizeof(*m))
154 && EXTRACT_FIELD(read_csr(mstatus), MSTATUS_PRV1) !=
PRV_M)
155 panic("htif: page fault");
156 */
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 166 in htif_interrupt()
160 m->data = data;
161
162 // dequeue from request queue
163 if (prev)
164 prev->sbi_private_data = (uintptr_t)next;
165 else
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
166 HLS()->device_request_queue_head = next;
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
171 if (HLS()->device_response_queue_tail)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 167 in htif_interrupt()
161
162 // dequeue from request queue
163 if (prev)
164 prev->sbi_private_data = (uintptr_t)next;
165 else
166 HLS()->device_request_queue_head = next;
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
171 if (HLS()->device_response_queue_tail)
172 {
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 171 in htif_interrupt()
165 else
166 HLS()->device_request_queue_head = next;
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
171 if (HLS()->device_response_queue_tail)
172 {
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 173 in htif_interrupt()
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
171 if (HLS()->device_response_queue_tail)
172 {
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
177 HLS()->device_response_queue_head = m;
178 }
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 177 in htif_interrupt()
171 if (HLS()->device_response_queue_tail)
172 {
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
177 HLS()->device_response_queue_head = m;
178 }
179 HLS()->device_response_queue_tail = m;
180
181 // signal software interrupt
182 set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 179 in htif_interrupt()
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
177 HLS()->device_response_queue_head = m;
178 }
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
179 HLS()->device_response_queue_tail = m;
180
181 // signal software interrupt
182 set_csr(mip, MIP_SSIP);
183 return 0;
184 }
/src/mainboard/emulation/spike-riscv/spike_util.c: 148 in htif_interrupt()
142 return 0;
143
144 uintptr_t dev = FROMHOST_DEV(fromhost);
145 uintptr_t cmd = FROMHOST_CMD(fromhost);
146 uintptr_t data = FROMHOST_DATA(fromhost);
147
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
148 sbi_device_message* m = HLS()->device_request_queue_head;
149 sbi_device_message* prev = 0x0;
150 unsigned long i, n;
151 for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152 /*
153 if (!supervisor_paddr_valid(m, sizeof(*m))
/src/mainboard/emulation/spike-riscv/spike_util.c: 151 in htif_interrupt()
145 uintptr_t cmd = FROMHOST_CMD(fromhost);
146 uintptr_t data = FROMHOST_DATA(fromhost);
147
148 sbi_device_message* m = HLS()->device_request_queue_head;
149 sbi_device_message* prev = 0x0;
150 unsigned long i, n;
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
151 for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152 /*
153 if (!supervisor_paddr_valid(m, sizeof(*m))
154 && EXTRACT_FIELD(read_csr(mstatus), MSTATUS_PRV1) !=
PRV_M)
155 panic("htif: page fault");
156 */
/src/mainboard/emulation/spike-riscv/spike_util.c: 166 in htif_interrupt()
160 m->data = data;
161
162 // dequeue from request queue
163 if (prev)
164 prev->sbi_private_data = (uintptr_t)next;
165 else
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
166 HLS()->device_request_queue_head = next;
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
171 if (HLS()->device_response_queue_tail)
/src/mainboard/emulation/spike-riscv/spike_util.c: 167 in htif_interrupt()
161
162 // dequeue from request queue
163 if (prev)
164 prev->sbi_private_data = (uintptr_t)next;
165 else
166 HLS()->device_request_queue_head = next;
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
171 if (HLS()->device_response_queue_tail)
172 {
/src/mainboard/emulation/spike-riscv/spike_util.c: 171 in htif_interrupt()
165 else
166 HLS()->device_request_queue_head = next;
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
171 if (HLS()->device_response_queue_tail)
172 {
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
/src/mainboard/emulation/spike-riscv/spike_util.c: 173 in htif_interrupt()
167 HLS()->device_request_queue_size = n-1;
168 m->sbi_private_data = 0;
169
170 // enqueue to response queue
171 if (HLS()->device_response_queue_tail)
172 {
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
177 HLS()->device_response_queue_head = m;
178 }
/src/mainboard/emulation/spike-riscv/spike_util.c: 177 in htif_interrupt()
171 if (HLS()->device_response_queue_tail)
172 {
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
177 HLS()->device_response_queue_head = m;
178 }
179 HLS()->device_response_queue_tail = m;
180
181 // signal software interrupt
182 set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/spike-riscv/spike_util.c: 179 in htif_interrupt()
173
HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174 }
175 else
176 {
177 HLS()->device_response_queue_head = m;
178 }
>>> CID 1325829: (UNINIT)
>>> Using uninitialized value "sp".
179 HLS()->device_response_queue_tail = m;
180
181 // signal software interrupt
182 set_csr(mip, MIP_SSIP);
183 return 0;
184 }
** CID 1325828: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 111 in mcall_dev_resp()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 115 in mcall_dev_resp()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 117 in mcall_dev_resp()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 122 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 111 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 115 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 117 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 122 in mcall_dev_resp()
________________________________________________________________________________________________________
*** CID 1325828: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 111 in mcall_dev_resp()
105 }
106
107 uintptr_t mcall_dev_resp(void)
108 {
109 htif_interrupt(0, 0);
110
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
111 sbi_device_message* m = HLS()->device_response_queue_head;
112 if (m) {
113 //printm("resp %p\n", m);
114 sbi_device_message* next =
(void*)atomic_read(&m->sbi_private_data);
115 HLS()->device_response_queue_head = next;
116 if (!next) {
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 115 in mcall_dev_resp()
109 htif_interrupt(0, 0);
110
111 sbi_device_message* m = HLS()->device_response_queue_head;
112 if (m) {
113 //printm("resp %p\n", m);
114 sbi_device_message* next =
(void*)atomic_read(&m->sbi_private_data);
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
115 HLS()->device_response_queue_head = next;
116 if (!next) {
117 HLS()->device_response_queue_tail = 0;
118
119 // only clear SSIP if no other events are
pending
120 clear_csr(mip, MIP_SSIP);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 117 in mcall_dev_resp()
111 sbi_device_message* m = HLS()->device_response_queue_head;
112 if (m) {
113 //printm("resp %p\n", m);
114 sbi_device_message* next =
(void*)atomic_read(&m->sbi_private_data);
115 HLS()->device_response_queue_head = next;
116 if (!next) {
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
117 HLS()->device_response_queue_tail = 0;
118
119 // only clear SSIP if no other events are
pending
120 clear_csr(mip, MIP_SSIP);
121 mb();
122 if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 122 in mcall_dev_resp()
116 if (!next) {
117 HLS()->device_response_queue_tail = 0;
118
119 // only clear SSIP if no other events are
pending
120 clear_csr(mip, MIP_SSIP);
121 mb();
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
122 if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
123 }
124 }
125 return (uintptr_t)m;
126 }
127
/src/mainboard/emulation/spike-riscv/spike_util.c: 111 in mcall_dev_resp()
105 }
106
107 uintptr_t mcall_dev_resp(void)
108 {
109 htif_interrupt(0, 0);
110
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
111 sbi_device_message* m = HLS()->device_response_queue_head;
112 if (m) {
113 //printm("resp %p\n", m);
114 sbi_device_message* next =
(void*)atomic_read(&m->sbi_private_data);
115 HLS()->device_response_queue_head = next;
116 if (!next) {
/src/mainboard/emulation/spike-riscv/spike_util.c: 115 in mcall_dev_resp()
109 htif_interrupt(0, 0);
110
111 sbi_device_message* m = HLS()->device_response_queue_head;
112 if (m) {
113 //printm("resp %p\n", m);
114 sbi_device_message* next =
(void*)atomic_read(&m->sbi_private_data);
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
115 HLS()->device_response_queue_head = next;
116 if (!next) {
117 HLS()->device_response_queue_tail = 0;
118
119 // only clear SSIP if no other events are
pending
120 clear_csr(mip, MIP_SSIP);
/src/mainboard/emulation/spike-riscv/spike_util.c: 117 in mcall_dev_resp()
111 sbi_device_message* m = HLS()->device_response_queue_head;
112 if (m) {
113 //printm("resp %p\n", m);
114 sbi_device_message* next =
(void*)atomic_read(&m->sbi_private_data);
115 HLS()->device_response_queue_head = next;
116 if (!next) {
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
117 HLS()->device_response_queue_tail = 0;
118
119 // only clear SSIP if no other events are
pending
120 clear_csr(mip, MIP_SSIP);
121 mb();
122 if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/spike-riscv/spike_util.c: 122 in mcall_dev_resp()
116 if (!next) {
117 HLS()->device_response_queue_tail = 0;
118
119 // only clear SSIP if no other events are
pending
120 clear_csr(mip, MIP_SSIP);
121 mb();
>>> CID 1325828: (UNINIT)
>>> Using uninitialized value "sp".
122 if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
123 }
124 }
125 return (uintptr_t)m;
126 }
127
** CID 1325827: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 130 in mcall_hart_id()
/src/mainboard/emulation/spike-riscv/spike_util.c: 130 in mcall_hart_id()
________________________________________________________________________________________________________
*** CID 1325827: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 130 in mcall_hart_id()
124 }
125 return (uintptr_t)m;
126 }
127
128 uintptr_t mcall_hart_id(void)
129 {
>>> CID 1325827: (UNINIT)
>>> Using uninitialized value "sp".
130 return HLS()->hart_id;
131 }
132
133 void hls_init(uint32_t hart_id)
134 {
135 memset(HLS(), 0, sizeof(*HLS()));
/src/mainboard/emulation/spike-riscv/spike_util.c: 130 in mcall_hart_id()
124 }
125 return (uintptr_t)m;
126 }
127
128 uintptr_t mcall_hart_id(void)
129 {
>>> CID 1325827: (UNINIT)
>>> Using uninitialized value "sp".
130 return HLS()->hart_id;
131 }
132
133 void hls_init(uint32_t hart_id)
134 {
135 memset(HLS(), 0, sizeof(*HLS()));
** CID 1325826: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 61 in mcall_send_ipi()
/src/mainboard/emulation/spike-riscv/spike_util.c: 61 in mcall_send_ipi()
________________________________________________________________________________________________________
*** CID 1325826: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 61 in mcall_send_ipi()
55
56 uintptr_t mcall_send_ipi(uintptr_t recipient)
57 {
58 //if (recipient >= num_harts)
59 //return -1;
60
>>> CID 1325826: (UNINIT)
>>> Using uninitialized value "sp".
61 if (atomic_swap(&OTHER_HLS(recipient)->ipi_pending, 1) == 0) {
62 mb();
63 write_csr(send_ipi, recipient);
64 }
65
66 return 0;
/src/mainboard/emulation/spike-riscv/spike_util.c: 61 in mcall_send_ipi()
55
56 uintptr_t mcall_send_ipi(uintptr_t recipient)
57 {
58 //if (recipient >= num_harts)
59 //return -1;
60
>>> CID 1325826: (UNINIT)
>>> Using uninitialized value "sp".
61 if (atomic_swap(&OTHER_HLS(recipient)->ipi_pending, 1) == 0) {
62 mb();
63 write_csr(send_ipi, recipient);
64 }
65
66 return 0;
** CID 1325825: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 135 in hls_init()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 136 in hls_init()
/src/mainboard/emulation/spike-riscv/spike_util.c: 135 in hls_init()
/src/mainboard/emulation/spike-riscv/spike_util.c: 136 in hls_init()
________________________________________________________________________________________________________
*** CID 1325825: (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 135 in hls_init()
129 {
130 return HLS()->hart_id;
131 }
132
133 void hls_init(uint32_t hart_id)
134 {
>>> CID 1325825: (UNINIT)
>>> Using uninitialized value "sp".
135 memset(HLS(), 0, sizeof(*HLS()));
136 HLS()->hart_id = hart_id;
137 }
138
139 uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140 uintptr_t fromhost = swap_csr(mfromhost, 0);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 136 in hls_init()
130 return HLS()->hart_id;
131 }
132
133 void hls_init(uint32_t hart_id)
134 {
135 memset(HLS(), 0, sizeof(*HLS()));
>>> CID 1325825: (UNINIT)
>>> Using uninitialized value "sp".
136 HLS()->hart_id = hart_id;
137 }
138
139 uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140 uintptr_t fromhost = swap_csr(mfromhost, 0);
141 if (!fromhost)
/src/mainboard/emulation/spike-riscv/spike_util.c: 135 in hls_init()
129 {
130 return HLS()->hart_id;
131 }
132
133 void hls_init(uint32_t hart_id)
134 {
>>> CID 1325825: (UNINIT)
>>> Using uninitialized value "sp".
135 memset(HLS(), 0, sizeof(*HLS()));
136 HLS()->hart_id = hart_id;
137 }
138
139 uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140 uintptr_t fromhost = swap_csr(mfromhost, 0);
/src/mainboard/emulation/spike-riscv/spike_util.c: 136 in hls_init()
130 return HLS()->hart_id;
131 }
132
133 void hls_init(uint32_t hart_id)
134 {
135 memset(HLS(), 0, sizeof(*HLS()));
>>> CID 1325825: (UNINIT)
>>> Using uninitialized value "sp".
136 HLS()->hart_id = hart_id;
137 }
138
139 uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140 uintptr_t fromhost = swap_csr(mfromhost, 0);
141 if (!fromhost)
** CID 1302458: Control flow issues (DEADCODE)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 75 in write_pstates_for_core()
________________________________________________________________________________________________________
*** CID 1302458: Control flow issues (DEADCODE)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 75 in write_pstates_for_core()
69 /* Write PPC object */
70 acpigen_write_PPC(pstate_num);
71
72 /* Write PSD indicating coordination type */
73 if ((single_link) && (mctGetLogicalCPUID(0) & AMD_DR_GT_Bx)) {
74 /* Revision C or greater single-link processor */
>>> CID 1302458: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "cpuid1 = cpuid(-2147483640);".
75 cpuid1 = cpuid(0x80000008);
76 acpigen_write_PSD_package(0, (cpuid1.ecx & 0xff) + 1, SW_ALL);
77 }
78 else {
79 /* Find the local APIC ID for the specified core ID */
80 struct device* cpu;
** CID 1302450: Security best practices violations (STRING_OVERFLOW)
/src/drivers/intel/gma/acpi.c: 50 in drivers_intel_gma_displays_ssdt_generate()
________________________________________________________________________________________________________
*** CID 1302450: Security best practices violations (STRING_OVERFLOW)
/src/drivers/intel/gma/acpi.c: 50 in drivers_intel_gma_displays_ssdt_generate()
44 char *ptr;
45 int kind;
46 kind = (conf->did[i] >> 8) & 0xf;
47 if (kind >= ARRAY_SIZE(names)) {
48 kind = 0;
49 }
>>> CID 1302450: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 10 byte fixed-size string "name" by copying
>>> "names[kind]" without checking the length.
50 strcpy(name, names[kind]);
51 for (ptr = name; *ptr; ptr++);
52 *ptr++ = counters[kind] + '0';
53 *ptr++ = '\0';
54 counters[kind]++;
55 acpigen_write_device(name);
** CID 1300288: Incorrect expression (IDENTICAL_BRANCHES)
/src/drivers/xgi/common/vb_setmode.c: 2608 in XGI_GetCRT2Data()
________________________________________________________________________________________________________
*** CID 1300288: Incorrect expression (IDENTICAL_BRANCHES)
/src/drivers/xgi/common/vb_setmode.c: 2608 in XGI_GetCRT2Data()
2602 } else if (pVBInfo->LCDResInfo == Panel_1280x960) {
2603 tempax = 1280;
2604 if (pVBInfo->VGAVDE == 350)
2605 tempbx = 700;
2606 else if (pVBInfo->VGAVDE == 400)
2607 tempbx = 800;
>>> CID 1300288: Incorrect expression (IDENTICAL_BRANCHES)
>>> The same code is executed regardless of whether "pVBInfo->VGAVDE ==
>>> 1024" is true, because the 'then' and 'else' branches are identical. Should
>>> one of the branches be modified, or the entire 'if' statement replaced?
2608 else if (pVBInfo->VGAVDE == 1024)
2609 tempbx = 960;
2610 else
2611 tempbx = 960;
2612 } else if (pVBInfo->LCDResInfo == Panel_1400x1050) {
2613 tempax = 1400;
** CID 1295501: Null pointer dereferences (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 464 in gpio_get()
________________________________________________________________________________________________________
*** CID 1295501: Null pointer dereferences (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 464 in gpio_get()
458 {
459 struct cygnus_gpio *chip;
460 unsigned gpio_num;
461
462 chip = cygnus_get_gpio_core(gpio, &gpio_num);
463 if (chip == NULL) {
>>> CID 1295501: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "chip".
464 dev_dbg(chip, "unable to find chip for gpio %d", gpio);
465 return -1;
466 }
467
468 return cygnus_gpio_get(chip, gpio_num);
469 }
** CID 1295500: Control flow issues (DEADCODE)
/src/soc/broadcom/cygnus/shmoo_and28.c: 4278 in soc_and28_shmoo_ctl()
________________________________________________________________________________________________________
*** CID 1295500: Control flow issues (DEADCODE)
/src/soc/broadcom/cygnus/shmoo_and28.c: 4278 in soc_and28_shmoo_ctl()
4272
4273 if(!stat)
4274 {
4275 scPtr = &shmoo_container;
4276 if(scPtr == NULL)
4277 {
>>> CID 1295500: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 4;".
4278 return SOC_E_MEMORY;
4279 }
4280 sal_memset(scPtr, 0, sizeof(and28_shmoo_container_t));
4281
4282 if(phy_ndx != SHMOO_AND28_INTERFACE_RSVP)
4283 {
** CID 1295499: Control flow issues (DEADCODE)
/src/soc/intel/common/nvm.c: 113 in nvm_is_write_protected()
________________________________________________________________________________________________________
*** CID 1295499: Control flow issues (DEADCODE)
/src/soc/intel/common/nvm.c: 113 in nvm_is_write_protected()
107 }
108 wp_spi = !!(sr1 & 0x80);
109
110 printk(BIOS_DEBUG, "SPI flash protection: WPSW=%d SRP0=%d\n",
111 wp_gpio, wp_spi);
112
>>> CID 1295499: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "wp_spi" inside this statement:
>>> "return wp_gpio && wp_spi;".
113 return wp_gpio && wp_spi;
114 }
115
116 /* Apply protection to a range of flash */
117 int nvm_protect(void *start, size_t size)
118 {
** CID 1295498: Null pointer dereferences (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 404 in gpio_free()
________________________________________________________________________________________________________
*** CID 1295498: Null pointer dereferences (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 404 in gpio_free()
398 {
399 struct cygnus_gpio *chip;
400 unsigned gpio_num;
401
402 chip = cygnus_get_gpio_core(gpio, &gpio_num);
403 if (chip == NULL) {
>>> CID 1295498: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "chip".
404 dev_dbg(chip, "unable to find chip for gpio %d", gpio);
405 return;
406 }
407
408 cygnus_gpio_free(chip, gpio_num);
409 }
** CID 1295497: Integer handling issues (NO_EFFECT)
/src/soc/broadcom/cygnus/i2c.c: 240 in i2c_init()
________________________________________________________________________________________________________
*** CID 1295497: Integer handling issues (NO_EFFECT)
/src/soc/broadcom/cygnus/i2c.c: 240 in i2c_init()
234 }
235
236 void i2c_init(unsigned int bus, unsigned int hz)
237 {
238 struct cygnus_i2c_regs *regs = i2c_bus[bus];
239
>>> CID 1295497: Integer handling issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is
>>> always true. "bus >= 0U".
240 assert(bus >= 0 && bus <= 1);
241
242 setbits_le32(®s->i2c_con, I2C_SMB_RESET);
243 udelay(100); /* wait 100 usec per spec */
244 clrbits_le32(®s->i2c_con, I2C_SMB_RESET);
245
** CID 1295496: Null pointer dereferences (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 436 in gpio_input_pulldown()
________________________________________________________________________________________________________
*** CID 1295496: Null pointer dereferences (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 436 in gpio_input_pulldown()
430 {
431 struct cygnus_gpio *chip;
432 unsigned gpio_num;
433
434 chip = cygnus_get_gpio_core(gpio, &gpio_num);
435 if (chip == NULL) {
>>> CID 1295496: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "chip".
436 dev_dbg(chip, "unable to find chip for gpio %d", gpio);
437 return;
438 }
439
440 cygnus_gpio_set_pull(chip, gpio_num, 0, 0);
441 }
** CID 1241910: (OVERRUN)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Nb/Family/LN/F12NbServices.c: 223 in
NbFmFuseAdjustFuseTablePatch()
/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c: 218 in
NbFmFuseAdjustFuseTablePatch()
________________________________________________________________________________________________________
*** CID 1241910: (OVERRUN)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Nb/Family/LN/F12NbServices.c: 223 in
NbFmFuseAdjustFuseTablePatch()
217 if (PpFuseArray->PolicyLabel[SwSatateIndex] ==
POLICY_LABEL_PERFORMANCE) {
218 break;
219 }
220 }
221 MaxSclkIndex = 0;
222 CurrentSclkDpmDid = 0xff;
>>> CID 1241910: (OVERRUN)
>>> Overrunning array "PpFuseArray->SclkDpmValid" of 6 bytes at byte offset
>>> 6 using index "SwSatateIndex" (which evaluates to 6).
223 ASSERT (PpFuseArray->SclkDpmValid[SwSatateIndex] != 0);
224 for (DpmStateIndex = 0; DpmStateIndex <
PP_FUSE_MAX_NUM_DPM_STATE; DpmStateIndex++) {
225 if ((PpFuseArray->SclkDpmValid[SwSatateIndex] & (1 <<
DpmStateIndex)) != 0) {
226 if (PpFuseArray->SclkDpmDid[DpmStateIndex] <
CurrentSclkDpmDid) {
227 CurrentSclkDpmDid = PpFuseArray->SclkDpmDid[DpmStateIndex];
228 MaxSclkIndex = DpmStateIndex;
/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c: 218 in
NbFmFuseAdjustFuseTablePatch()
212 if (PpFuseArray->PolicyLabel[SwSatateIndex] ==
POLICY_LABEL_PERFORMANCE) {
213 break;
214 }
215 }
216 MaxSclkIndex = 0;
217 CurrentSclkDpmDid = 0xff;
>>> CID 1241910: (OVERRUN)
>>> Overrunning array "PpFuseArray->SclkDpmValid" of 6 bytes at byte offset
>>> 6 using index "SwSatateIndex" (which evaluates to 6).
218 ASSERT (PpFuseArray->SclkDpmValid[SwSatateIndex] != 0);
219 for (DpmStateIndex = 0; DpmStateIndex <
PP_FUSE_MAX_NUM_DPM_STATE; DpmStateIndex++) {
220 if ((PpFuseArray->SclkDpmValid[SwSatateIndex] & (1 <<
DpmStateIndex)) != 0) {
221 if (PpFuseArray->SclkDpmDid[DpmStateIndex] <
CurrentSclkDpmDid) {
222 CurrentSclkDpmDid = PpFuseArray->SclkDpmDid[DpmStateIndex];
223 MaxSclkIndex = DpmStateIndex;
** CID 1241909: Null pointer dereferences (FORWARD_NULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GfxIntegratedInfoTableTN.c:
812 in GfxIntInfoTableInitTN()
________________________________________________________________________________________________________
*** CID 1241909: Null pointer dereferences (FORWARD_NULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GfxIntegratedInfoTableTN.c:
812 in GfxIntInfoTableInitTN()
806 AGESA_STATUS_UPDATE (Status, AgesaStatus);
807 // Assign usFormatID to 0x000B to represent Trinity
808 PpTable->usFormatID = 0xB;
809 // Build info from fuses
810 PpFuseArray = GnbLocateHeapBuffer (AMD_PP_FUSE_TABLE_HANDLE,
GnbLibGetHeader (Gfx));
811 ASSERT (PpFuseArray != NULL);
>>> CID 1241909: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "PpFuseArray" to null implies that "PpFuseArray" might be
>>> null.
812 if (PpFuseArray != NULL) {
813 // Build Display clock info
814 GfxIntInfoTableInitDispclkTable (PpFuseArray,
&SystemInfoTableV2.sIntegratedSysInfo, Gfx);
815 // Build Sclk info table
816 GfxIntInfoTableInitSclkTable (PpFuseArray,
&SystemInfoTableV2.sIntegratedSysInfo, Gfx);
817 } else {
** CID 1241908: (DEADCODE)
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuMicrocodePatch.c: 151 in
LoadMicrocodePatch()
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuMicrocodePatch.c: 150 in
LoadMicrocodePatch()
________________________________________________________________________________________________________
*** CID 1241908: (DEADCODE)
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuMicrocodePatch.c: 151 in
LoadMicrocodePatch()
145 }
146 break; // Once we find a microcode patch that matches the
processor, exit the for loop
147 }
148 }
149 }
150 } else {
>>> CID 1241908: (DEADCODE)
>>> Execution cannot reach the expression "1" inside this statement: "1 ?
>>> (VOID)0 : AmdIdsDebugPr...".
151 IDS_HDT_CONSOLE (CPU_TRACE, " Force Ucode loaded from offset
%x\n", ForceLoadMicrocodePatchPtr);
152 if (LoadMicrocode (ForceLoadMicrocodePatchPtr, StdHeader)) {
153 Status = TRUE;
154 } else {
155 PutEventLog (AGESA_ERROR,
156 CPU_ERROR_MICRO_CODE_PATCH_IS_NOT_LOADED,
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuMicrocodePatch.c: 150 in
LoadMicrocodePatch()
144 }
145 break; // Once we find a microcode patch that matches the
processor, exit the for loop
146 }
147 }
148 }
149 } else {
>>> CID 1241908: (DEADCODE)
>>> Execution cannot reach this statement: "if (LoadMicrocode(ForceLoad...".
150 if (LoadMicrocode (ForceLoadMicrocodePatchPtr, StdHeader)) {
151 Status = TRUE;
152 } else {
153 PutEventLog (AGESA_ERROR,
154 CPU_ERROR_MICRO_CODE_PATCH_IS_NOT_LOADED,
155 0, 0, 0, 0, StdHeader);
** CID 1241907: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbSmuLibV7/GnbSmuInitLibV7.c:
258 in GnbSmuFirmwareLoadV7()
________________________________________________________________________________________________________
*** CID 1241907: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbSmuLibV7/GnbSmuInitLibV7.c:
258 in GnbSmuFirmwareLoadV7()
252
253 // Step5, 12, Load firmware
254 IDS_HDT_CONSOLE (GNB_TRACE, "Step5, 12, Load firmware\n");
255 // 4 means byte length of next address during firmware download
256 UraTuple.StepLength = 4;
257 UraTuple.Value = (UINT32) ((UINTN) (Firmware));
>>> CID 1241907: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Taking address with "&UraTuple" yields a singleton pointer.
258 GnbUraCombinedSet (&DevObject, TRxSmuRamStartAddr |
GNB_URA_STREAM_SET, &UraTuple, (Firmware->ImageSize >> 2));
259
260 if (BfxSmuProtectedMode == 0) {
261 IDS_HDT_CONSOLE (GNB_TRACE, "Step6, write jmp to RAM firmware\n");
262 //Step 6, Write jmp to RAM firmware
263 RxSmuRamStartAddr = 0xE0000000 + ((SMC_RAM_START_ADDR +
Firmware->HeaderSize) >> 2);
** CID 1241906: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f14/Proc/CPU/cpuApicUtilities.c: 1010 in
ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f12/Proc/CPU/cpuApicUtilities.c: 961 in
ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuApicUtilities.c: 966 in
ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuApicUtilities.c: 966 in
ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f15/Proc/CPU/cpuApicUtilities.c: 967 in
ApUtilTransmitBuffer()
________________________________________________________________________________________________________
*** CID 1241906: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f14/Proc/CPU/cpuApicUtilities.c: 1010 in
ApUtilTransmitBuffer()
1004 ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
1005
1006 ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
1007 WaitForStatus.WaitForStatusFlags = 0;
1008 ApUtilWaitForCoreStatus (Socket, Core, &WaitForStatus, StdHeader);
1009 if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>> CID 1241906: (ARRAY_VS_SINGLETON)
>>> Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
1010 ApUtilTransmitPointer (Socket, Core, (VOID **)
&BufferInfo->DataPtr, StdHeader);
1011 } else {
1012 ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
1013 CurrentStatus = CORE_STS_DATA_READY_0;
1014 WaitForStatus.Status = &CurrentStatus;
1015 WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f12/Proc/CPU/cpuApicUtilities.c: 961 in
ApUtilTransmitBuffer()
955 ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
956
957 ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
958 WaitForStatus.WaitForStatusFlags = 0;
959 ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
960 if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>> CID 1241906: (ARRAY_VS_SINGLETON)
>>> Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
961 ApUtilTransmitPointer (TargetApicId, (VOID **)
&BufferInfo->DataPtr, StdHeader);
962 } else {
963 ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
964 CurrentStatus = CORE_STS_DATA_READY_0;
965 WaitForStatus.Status = &CurrentStatus;
966 WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuApicUtilities.c: 966 in
ApUtilTransmitBuffer()
960 ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
961
962 ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
963 WaitForStatus.WaitForStatusFlags = 0;
964 ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
965 if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>> CID 1241906: (ARRAY_VS_SINGLETON)
>>> Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
966 ApUtilTransmitPointer (TargetApicId, (VOID **)
&BufferInfo->DataPtr, StdHeader);
967 } else {
968 ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
969 CurrentStatus = CORE_STS_DATA_READY_0;
970 WaitForStatus.Status = &CurrentStatus;
971 WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuApicUtilities.c: 966 in
ApUtilTransmitBuffer()
960 ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
961
962 ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
963 WaitForStatus.WaitForStatusFlags = 0;
964 ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
965 if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>> CID 1241906: (ARRAY_VS_SINGLETON)
>>> Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
966 ApUtilTransmitPointer (TargetApicId, (VOID **)
&BufferInfo->DataPtr, StdHeader);
967 } else {
968 ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
969 CurrentStatus = CORE_STS_DATA_READY_0;
970 WaitForStatus.Status = &CurrentStatus;
971 WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f15/Proc/CPU/cpuApicUtilities.c: 967 in
ApUtilTransmitBuffer()
961 ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
962
963 ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
964 WaitForStatus.WaitForStatusFlags = 0;
965 ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
966 if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>> CID 1241906: (ARRAY_VS_SINGLETON)
>>> Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
967 ApUtilTransmitPointer (TargetApicId, (VOID **)
&BufferInfo->DataPtr, StdHeader);
968 } else {
969 ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
970 CurrentStatus = CORE_STS_DATA_READY_0;
971 WaitForStatus.Status = &CurrentStatus;
972 WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
** CID 1241905: (BAD_SHIFT)
/src/vendorcode/amd/agesa/f15/Proc/Mem/Ps/mp.c: 1149 in
MemPCheckTblDrvOverrideConfig()
/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mp.c: 1143 in
MemPCheckTblDrvOverrideConfig()
/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Ps/mp.c: 1154 in
MemPCheckTblDrvOverrideConfig()
________________________________________________________________________________________________________
*** CID 1241905: (BAD_SHIFT)
/src/vendorcode/amd/agesa/f15/Proc/Mem/Ps/mp.c: 1149 in
MemPCheckTblDrvOverrideConfig()
1143
1144 CurrentChannel = NBPtr->ChannelPtr;
1145
1146 // Get platform configuration.
1147 MaxDimmPerCh = GetMaxDimmsPerChannel
(NBPtr->RefPtr->PlatformMemoryConfiguration, NBPtr->MCTPtr->SocketId,
CurrentChannel->ChannelID);
1148 CurDDRrate = (UINT32) (1 << (CurrentChannel->DCTPtr->Timings.Speed /
66));
>>> CID 1241905: (BAD_SHIFT)
>>> In expression "1 << ((NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 :
>>> ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 :
>>> ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255)))", left shifting by
>>> more than 31 bits has undefined behavior. The shift amount,
>>> "(NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage
>>> == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255))",
>>> is 255.
1149 DDR3Voltage = (UINT8) (1 << CONVERT_VDDIO_TO_ENCODED
(NBPtr->RefPtr->DDR3Voltage));
1150 RankTypeOfPopulatedDimm = MemAGetPsRankType (CurrentChannel);
1151
1152 if ((MaxDimmPerCh == Buffer[0]) && ((DDR3Voltage & Buffer[1]) != 0)
&&
1153 ((CurDDRrate & *(UINT32 *)&Buffer[2]) != 0) &&
((RankTypeOfPopulatedDimm & *(UINT16 *)&Buffer[6]) != 0)) {
1154 return TRUE;
/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mp.c: 1143 in
MemPCheckTblDrvOverrideConfig()
1137
1138 CurrentChannel = NBPtr->ChannelPtr;
1139
1140 // Get platform configuration.
1141 MaxDimmPerCh = GetMaxDimmsPerChannel
(NBPtr->RefPtr->PlatformMemoryConfiguration, NBPtr->MCTPtr->SocketId,
CurrentChannel->ChannelID);
1142 CurDDRrate = (UINT32) (1 << (CurrentChannel->DCTPtr->Timings.Speed /
66));
>>> CID 1241905: (BAD_SHIFT)
>>> In expression "1 << ((NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 :
>>> ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 :
>>> ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255)))", left shifting by
>>> more than 31 bits has undefined behavior. The shift amount,
>>> "(NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage
>>> == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255))",
>>> is 255.
1143 DDR3Voltage = (UINT8) (1 << CONVERT_VDDIO_TO_ENCODED
(NBPtr->RefPtr->DDR3Voltage));
1144 RankTypeOfPopulatedDimm = MemAGetPsRankType (CurrentChannel);
1145
1146 if ((MaxDimmPerCh == Buffer[0]) && ((DDR3Voltage & Buffer[1]) != 0)
&&
1147 ((CurDDRrate & *(UINT32 *)&Buffer[2]) != 0) &&
((RankTypeOfPopulatedDimm & *(UINT16 *)&Buffer[6]) != 0)) {
1148 return TRUE;
/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Ps/mp.c: 1154 in
MemPCheckTblDrvOverrideConfig()
1148
1149 CurrentChannel = NBPtr->ChannelPtr;
1150
1151 // Get platform configuration.
1152 MaxDimmPerCh = GetMaxDimmsPerChannel
(NBPtr->RefPtr->PlatformMemoryConfiguration, NBPtr->MCTPtr->SocketId,
CurrentChannel->ChannelID);
1153 CurDDRrate = (UINT32) (1 << (CurrentChannel->DCTPtr->Timings.Speed /
66));
>>> CID 1241905: (BAD_SHIFT)
>>> In expression "1 << ((NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 :
>>> ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 :
>>> ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255)))", left shifting by
>>> more than 31 bits has undefined behavior. The shift amount,
>>> "(NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage
>>> == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255))",
>>> is 255.
1154 DDR3Voltage = (UINT8) (1 << CONVERT_VDDIO_TO_ENCODED
(NBPtr->RefPtr->DDR3Voltage));
1155 RankTypeOfPopulatedDimm = MemAGetPsRankType (CurrentChannel);
1156
1157 if ((MaxDimmPerCh == Buffer[0]) && ((DDR3Voltage & Buffer[1]) != 0)
&&
1158 ((CurDDRrate & *(UINT32 *)&Buffer[2]) != 0) &&
((RankTypeOfPopulatedDimm & *(UINT16 *)&Buffer[6]) != 0)) {
1159 return TRUE;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/coreboot?tab=overview
To manage Coverity Scan email notifications for "[email protected]", click
https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=49533df725f93b78361afb7b89ccde93
--
coreboot mailing list: [email protected]
http://www.coreboot.org/mailman/listinfo/coreboot
