Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
240 new defect(s) introduced to coreboot found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 240 defect(s) ** CID 1365731: Null pointer dereferences (NULL_RETURNS) /src/drivers/intel/fsp2_0/hand_off_block.c: 109 in save_hob_list() ________________________________________________________________________________________________________ *** CID 1365731: Null pointer dereferences (NULL_RETURNS) /src/drivers/intel/fsp2_0/hand_off_block.c: 109 in save_hob_list() 103 static void *fsp_hob_list_ptr CAR_GLOBAL; 104 105 static void save_hob_list(int is_recovery) 106 { 107 uint32_t *cbmem_loc; 108 cbmem_loc = cbmem_add(CBMEM_ID_FSP_RUNTIME, sizeof(*cbmem_loc)); >>> CID 1365731: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a null pointer "cbmem_loc". 109 *cbmem_loc = (uintptr_t)fsp_get_hob_list(); 110 } 111 112 ROMSTAGE_CBMEM_INIT_HOOK(save_hob_list); 113 114 const void *fsp_get_hob_list(void) ** CID 1365730: (BUFFER_SIZE) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() ________________________________________________________________________________________________________ *** CID 1365730: (BUFFER_SIZE) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() 35 { 1, 0, 4, 5, 3, 2, 7, 6 } }; 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40 >>> CID 1365730: (BUFFER_SIZE) >>> You might overrun the 12 byte destination string >>> "mem_cfg->DqByteMapCh0" by writing the maximum 24 bytes from "dq_map". 41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); 42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40 41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); >>> CID 1365730: (BUFFER_SIZE) >>> You might overrun the 8 byte destination string >>> "mem_cfg->DqsMapCpu2DramCh0" by writing the maximum 16 bytes from "dqs_map". 42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; ** CID 1365389: (OVERRUN) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() ________________________________________________________________________________________________________ *** CID 1365389: (OVERRUN) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() 35 { 1, 0, 4, 5, 3, 2, 7, 6 } }; 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40 >>> CID 1365389: (OVERRUN) >>> Overrunning array "mem_cfg->DqByteMapCh0" of 12 bytes by passing it to >>> a function which accesses it at byte offset 23 using argument "24UL". >>> [Note: The source code implementation of the function has been overridden >>> by a builtin model.] 41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); 42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/intel/kblrvp/romstage.c: 32 in mainboard_memory_init_params() 26 27 void mainboard_memory_init_params(FSPM_UPD *mupd) 28 { 29 FSP_M_CONFIG *mem_cfg; 30 mem_cfg = &mupd->FspmConfig; 31 >>> CID 1365389: (OVERRUN) >>> Overrunning array "mem_cfg->DqByteMapCh0" of 12 bytes by passing it to >>> a function which accesses it at byte offset 23. 32 mainboard_fill_dq_map_data(&mem_cfg->DqByteMapCh0); 33 mainboard_fill_dqs_map_data(&mem_cfg->DqsMapCpu2DramCh0); 34 mainboard_fill_rcomp_res_data(&mem_cfg->RcompResistor); 35 mainboard_fill_rcomp_strength_data(&mem_cfg->RcompTarget); 36 37 mem_cfg->DqPinsInterleaved = 0; ** CID 1365388: (OVERRUN) /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() ________________________________________________________________________________________________________ *** CID 1365388: (OVERRUN) /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40 41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); >>> CID 1365388: (OVERRUN) >>> Overrunning array "mem_cfg->DqsMapCpu2DramCh0" of 8 bytes by passing it >>> to a function which accesses it at byte offset 15 using argument "16UL". >>> [Note: The source code implementation of the function has been overridden >>> by a builtin model.] 42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/intel/kblrvp/romstage.c: 33 in mainboard_memory_init_params() 27 void mainboard_memory_init_params(FSPM_UPD *mupd) 28 { 29 FSP_M_CONFIG *mem_cfg; 30 mem_cfg = &mupd->FspmConfig; 31 32 mainboard_fill_dq_map_data(&mem_cfg->DqByteMapCh0); >>> CID 1365388: (OVERRUN) >>> Overrunning array "mem_cfg->DqsMapCpu2DramCh0" of 8 bytes by passing it >>> to a function which accesses it at byte offset 15. 33 mainboard_fill_dqs_map_data(&mem_cfg->DqsMapCpu2DramCh0); 34 mainboard_fill_rcomp_res_data(&mem_cfg->RcompResistor); 35 mainboard_fill_rcomp_strength_data(&mem_cfg->RcompTarget); 36 37 mem_cfg->DqPinsInterleaved = 0; 38 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 39 if (mainboard_has_dual_channel_mem()) 40 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 41 mem_cfg->MemorySpdDataLen = SPD_LEN; ** CID 1364082: Integer handling issues (NO_EFFECT) /src/soc/rockchip/common/spi.c: 170 in rockchip_spi_set_sample_delay() ________________________________________________________________________________________________________ *** CID 1364082: Integer handling issues (NO_EFFECT) /src/soc/rockchip/common/spi.c: 170 in rockchip_spi_set_sample_delay() 164 assert(bus >= 0 && bus < ARRAY_SIZE(rockchip_spi_slaves)); 165 struct rockchip_spi *regs = rockchip_spi_slaves[bus].regs; 166 unsigned int rsd; 167 168 /* Rxd Sample Delay */ 169 rsd = DIV_ROUND_CLOSEST(delay_ns * (SPI_SRCCLK_HZ >> 8), 1*GHz >> 8); >>> CID 1364082: Integer handling issues (NO_EFFECT) >>> This greater-than-or-equal-to-zero comparison of an unsigned value is >>> always true. "rsd >= 0U". 170 assert(rsd >= 0 && rsd <= 3); 171 clrsetbits_le32(®s->ctrlr0, SPI_RXDSD_MASK << SPI_RXDSD_OFFSET, 172 rsd << SPI_RXDSD_OFFSET); 173 } 174 175 int spi_claim_bus(struct spi_slave *slave) ** CID 1363355: (SIZEOF_MISMATCH) /src/drivers/intel/fsp2_0/upd_display.c: 37 in fspm_display_arch_params() /src/drivers/intel/fsp2_0/upd_display.c: 40 in fspm_display_arch_params() ________________________________________________________________________________________________________ *** CID 1363355: (SIZEOF_MISMATCH) /src/drivers/intel/fsp2_0/upd_display.c: 37 in fspm_display_arch_params() 31 { 32 /* Display the architectural parameters for MemoryInit */ 33 printk(BIOS_SPEW, "Architectural UPD values for MemoryInit at: 0x%p\n", 34 new); 35 fsp_display_upd_value("Revision", sizeof(old->Revision), 36 old->Revision, new->Revision); >>> CID 1363355: (SIZEOF_MISMATCH) >>> Passing argument "old->NvsBufferPtr" of type "void * const" and >>> argument "4UL /* sizeof (old->NvsBufferPtr) */" to function >>> "fsp_display_upd_value" is suspicious. 37 fsp_display_upd_value("NvsBufferPtr", sizeof(old->NvsBufferPtr), 38 (uintptr_t)old->NvsBufferPtr, 39 (uintptr_t)new->NvsBufferPtr); 40 fsp_display_upd_value("StackBase", sizeof(old->StackBase), 41 (uintptr_t)old->StackBase, 42 (uintptr_t)new->StackBase); /src/drivers/intel/fsp2_0/upd_display.c: 40 in fspm_display_arch_params() 34 new); 35 fsp_display_upd_value("Revision", sizeof(old->Revision), 36 old->Revision, new->Revision); 37 fsp_display_upd_value("NvsBufferPtr", sizeof(old->NvsBufferPtr), 38 (uintptr_t)old->NvsBufferPtr, 39 (uintptr_t)new->NvsBufferPtr); >>> CID 1363355: (SIZEOF_MISMATCH) >>> Passing argument "old->StackBase" of type "void * const" and argument >>> "4UL /* sizeof (old->StackBase) */" to function "fsp_display_upd_value" is >>> suspicious. 40 fsp_display_upd_value("StackBase", sizeof(old->StackBase), 41 (uintptr_t)old->StackBase, 42 (uintptr_t)new->StackBase); 43 fsp_display_upd_value("StackSize", sizeof(old->StackSize), 44 old->StackSize, new->StackSize); 45 fsp_display_upd_value("BootLoaderTolumSize", ** CID 1362811: Resource leaks (RESOURCE_LEAK) /src/southbridge/amd/sr5650/sr5650.c: 804 in add_ivrs_device_entries() ________________________________________________________________________________________________________ *** CID 1362811: Resource leaks (RESOURCE_LEAK) /src/southbridge/amd/sr5650/sr5650.c: 804 in add_ivrs_device_entries() 798 sibling = sibling->sibling) 799 add_ivrs_device_entries(dev, sibling, depth + 1, 800 depth, root_level, current, length); 801 802 if (depth == 0) 803 free(root_level); >>> CID 1362811: Resource leaks (RESOURCE_LEAK) >>> Returning without freeing "root_level" leaks the storage that it points >>> to. 804 } 805 806 unsigned long acpi_fill_mcfg(unsigned long current) 807 { 808 struct resource *res; 809 resource_t mmconf_base = EXT_CONF_BASE_ADDRESS; ** CID 1362809: Null pointer dereferences (FORWARD_NULL) /src/soc/marvell/mvmap2315/load_validate.c: 97 in load_and_validate() ________________________________________________________________________________________________________ *** CID 1362809: Null pointer dereferences (FORWARD_NULL) /src/soc/marvell/mvmap2315/load_validate.c: 97 in load_and_validate() 91 = (void *)read32( 92 &mvmap2315_mcu_secconfig->boot_callback_pointer); 93 u8 image_digest[32]; 94 95 image_info = find_bdb_image(bdb_info, image_type); 96 >>> CID 1362809: Null pointer dereferences (FORWARD_NULL) >>> Comparing "image_info" to null implies that "image_info" might be null. 97 if (!image_info) 98 image_failure(); 99 100 set_flash_parameters(&flash_info, image_info); 101 102 if (flash_init(bootrom_info->flash_media, MVMAP2315_MMC_CLK_MHZ)) ** CID 1362808: (CONSTANT_EXPRESSION_RESULT) /src/soc/marvell/mvmap2315/mcu.c: 34 in mvmap2315_calc_checksum() /src/soc/marvell/mvmap2315/mcu.c: 34 in mvmap2315_calc_checksum() ________________________________________________________________________________________________________ *** CID 1362808: (CONSTANT_EXPRESSION_RESULT) /src/soc/marvell/mvmap2315/mcu.c: 34 in mvmap2315_calc_checksum() 28 const u8 *bytes = data; 29 int i; 30 31 for (i = csum = 0; i < size; i++) 32 csum += bytes[i]; 33 >>> CID 1362808: (CONSTANT_EXPRESSION_RESULT) >>> The expression "~csum && 255" is suspicious because it performs a >>> Boolean operation on a constant other than 0 or 1. 34 return (~csum) && 0xFF; 35 } 36 37 void mcu_irq(void) 38 { 39 printk(BIOS_DEBUG, "waiting for MCU msg...\n"); /src/soc/marvell/mvmap2315/mcu.c: 34 in mvmap2315_calc_checksum() 28 const u8 *bytes = data; 29 int i; 30 31 for (i = csum = 0; i < size; i++) 32 csum += bytes[i]; 33 >>> CID 1362808: (CONSTANT_EXPRESSION_RESULT) >>> "~csum" is always 1/true regardless of the values of its operand. This >>> occurs as the logical first operand of "&&". 34 return (~csum) && 0xFF; 35 } 36 37 void mcu_irq(void) 38 { 39 printk(BIOS_DEBUG, "waiting for MCU msg...\n"); ** CID 1362592: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 1362592: Null pointer dereferences (NULL_RETURNS) /src/drivers/generic/max98357a/max98357a.c: 41 in max98357a_fill_ssdt() 35 struct acpi_dp *dp; 36 37 if (!dev->enabled || !config) 38 return; 39 40 /* Device */ >>> CID 1362592: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be null "acpi_device_scope(dev)" >>> when calling "acpigen_write_scope". 41 acpigen_write_scope(acpi_device_scope(dev)); 42 acpigen_write_device(acpi_device_name(dev)); 43 acpigen_write_name_string("_HID", MAX98357A_ACPI_HID); 44 acpigen_write_name_integer("_UID", 0); 45 acpigen_write_name_string("_DDN", dev->chip_ops->name); 46 acpigen_write_STA(ACPI_STATUS_DEVICE_ALL_ON); ** CID 1357458: Insecure data handling (TAINTED_SCALAR) /payloads/libpayload/libcbfs/cbfs_core.c: 258 in cbfs_get_contents() ________________________________________________________________________________________________________ *** CID 1357458: Insecure data handling (TAINTED_SCALAR) /payloads/libpayload/libcbfs/cbfs_core.c: 258 in cbfs_get_contents() 252 253 void *data = m->map(m, handle->media_offset + handle->content_offset, 254 on_media_size); 255 if (data == CBFS_MEDIA_INVALID_MAP_ADDRESS) 256 return NULL; 257 >>> CID 1357458: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "*size" to a tainted sink. [Note: The source >>> code implementation of the function has been overridden by a builtin model.] 258 ret = malloc(*size); 259 if (ret != NULL && !cbfs_decompress(algo, data, ret, *size)) { 260 free(ret); 261 ret = NULL; 262 } 263 ** CID 1357457: Resource leaks (RESOURCE_LEAK) /src/arch/x86/acpi_device.c: 742 in acpi_dp_add_integer_array() ________________________________________________________________________________________________________ *** CID 1357457: Resource leaks (RESOURCE_LEAK) /src/arch/x86/acpi_device.c: 742 in acpi_dp_add_integer_array() 736 return NULL; 737 738 for (i = 0; i < len; i++) 739 if (!acpi_dp_add_integer(dp_array, NULL, array[i])) 740 break; 741 >>> CID 1357457: Resource leaks (RESOURCE_LEAK) >>> Ignoring storage allocated by "acpi_dp_add_array(dp, dp_array)" leaks >>> it. 742 acpi_dp_add_array(dp, dp_array); 743 744 return dp_array; 745 } 746 747 struct acpi_dp *acpi_dp_add_gpio(struct acpi_dp *dp, const char *name, ** CID 1357456: Resource leaks (RESOURCE_LEAK) /src/arch/x86/acpi_device.c: 768 in acpi_dp_add_gpio() ________________________________________________________________________________________________________ *** CID 1357456: Resource leaks (RESOURCE_LEAK) /src/arch/x86/acpi_device.c: 768 in acpi_dp_add_gpio() 762 /* Pin in the GPIO resource, typically zero */ 763 acpi_dp_add_integer(gpio, NULL, pin); 764 765 /* Set if pin is active low */ 766 acpi_dp_add_integer(gpio, NULL, active_low); 767 >>> CID 1357456: Resource leaks (RESOURCE_LEAK) >>> Ignoring storage allocated by "acpi_dp_add_array(dp, gpio)" leaks it. 768 acpi_dp_add_array(dp, gpio); 769 770 return gpio; ** CID 1357454: Memory - illegal accesses (OVERRUN) /src/vendorcode/amd/agesa/f12/Proc/Mem/NB/LN/mnln.c: 255 in MemConstructNBBlockLN() ________________________________________________________________________________________________________ *** CID 1357454: Memory - illegal accesses (OVERRUN) /src/vendorcode/amd/agesa/f12/Proc/Mem/NB/LN/mnln.c: 255 in MemConstructNBBlockLN() 249 NBPtr->BeforeDqsTraining = MemNBeforeDQSTrainingLN; 250 NBPtr->AfterDqsTraining = MemNAfterDQSTrainingLN; 251 NBPtr->OtherTiming = MemNOtherTimingLN; 252 NBPtr->GetSocketRelativeChannel = MemNGetSocketRelativeChannelNb; 253 NBPtr->TechBlockSwitch = MemNTechBlockSwitchLN; 254 NBPtr->SetEccSymbolSize = (VOID (*) (MEM_NB_BLOCK *)) memDefRet; >>> CID 1357454: Memory - illegal accesses (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 255 NBPtr->TrainingFlow = (VOID (*) (MEM_NB_BLOCK *))(memNTrainFlowControl[DDR3_TRAIN_FLOW]); 256 NBPtr->MinDataEyeWidth = MemNMinDataEyeWidthNb; 257 NBPtr->ChangeNbFrequencyWrap = MemNChangeNbFrequencyWrapLN; 258 NBPtr->AllocateC6Storage = MemNAllocateC6StorageClientNb; 259 260 MemNInitNBDataNb (NBPtr); ** CID 1357453: Memory - illegal accesses (OVERRUN) /src/vendorcode/amd/agesa/f14/Proc/Mem/NB/ON/mnon.c: 254 in MemConstructNBBlockON() ________________________________________________________________________________________________________ *** CID 1357453: Memory - illegal accesses (OVERRUN) /src/vendorcode/amd/agesa/f14/Proc/Mem/NB/ON/mnon.c: 254 in MemConstructNBBlockON() 248 NBPtr->BeforeDqsTraining = MemNBeforeDQSTrainingON; 249 NBPtr->AfterDqsTraining = MemNAfterDQSTrainingON; 250 NBPtr->OtherTiming = MemNOtherTimingON; 251 NBPtr->GetSocketRelativeChannel = MemNGetSocketRelativeChannelNb; 252 NBPtr->TechBlockSwitch = MemNTechBlockSwitchON; 253 NBPtr->SetEccSymbolSize = (VOID (*) (MEM_NB_BLOCK *)) memDefRet; >>> CID 1357453: Memory - illegal accesses (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 254 NBPtr->TrainingFlow = (VOID (*) (MEM_NB_BLOCK *)) memNTrainFlowControl[DDR3_TRAIN_FLOW]; 255 NBPtr->MinDataEyeWidth = MemNMinDataEyeWidthNb; 256 NBPtr->PollBitField = MemNPollBitFieldNb; 257 NBPtr->BrdcstCheck = MemNBrdcstCheckON; 258 NBPtr->BrdcstSet = MemNSetBitFieldNb; 259 NBPtr->GetTrainDly = MemNGetTrainDlyNb; ** CID 1357452: (OVERRUN) /src/vendorcode/amd/agesa/f12/Proc/Mem/NB/mn.c: 497 in MemNTrainingFlowUnb() /src/vendorcode/amd/agesa/f14/Proc/Mem/NB/mn.c: 499 in MemNTrainingFlowUnb() /src/vendorcode/amd/agesa/f15/Proc/Mem/NB/mn.c: 502 in MemNTrainingFlowUnb() /src/vendorcode/amd/agesa/f16kb/Proc/Mem/NB/mn.c: 579 in MemNTrainingFlowUnb() /src/vendorcode/amd/agesa/f15tn/Proc/Mem/NB/mn.c: 495 in MemNTrainingFlowUnb() ________________________________________________________________________________________________________ *** CID 1357452: (OVERRUN) /src/vendorcode/amd/agesa/f12/Proc/Mem/NB/mn.c: 497 in MemNTrainingFlowUnb() 491 */ 492 BOOLEAN 493 MemNTrainingFlowUnb ( 494 IN OUT MEM_NB_BLOCK *NBPtr 495 ) 496 { >>> CID 1357452: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 497 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 498 return TRUE; 499 } 500 /*---------------------------------------------------------------------------- 501 * LOCAL FUNCTIONS 502 * /src/vendorcode/amd/agesa/f14/Proc/Mem/NB/mn.c: 499 in MemNTrainingFlowUnb() 493 */ 494 BOOLEAN 495 MemNTrainingFlowUnb ( 496 IN OUT MEM_NB_BLOCK *NBPtr 497 ) 498 { >>> CID 1357452: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 499 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 500 return TRUE; 501 } 502 /*---------------------------------------------------------------------------- 503 * LOCAL FUNCTIONS 504 * /src/vendorcode/amd/agesa/f15/Proc/Mem/NB/mn.c: 502 in MemNTrainingFlowUnb() 496 */ 497 BOOLEAN 498 MemNTrainingFlowUnb ( 499 IN OUT MEM_NB_BLOCK *NBPtr 500 ) 501 { >>> CID 1357452: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 502 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 503 return TRUE; 504 } 505 /*---------------------------------------------------------------------------- 506 * LOCAL FUNCTIONS 507 * /src/vendorcode/amd/agesa/f16kb/Proc/Mem/NB/mn.c: 579 in MemNTrainingFlowUnb() 573 */ 574 BOOLEAN 575 MemNTrainingFlowUnb ( 576 IN OUT MEM_NB_BLOCK *NBPtr 577 ) 578 { >>> CID 1357452: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 579 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 580 return TRUE; 581 } 582 583 /* -----------------------------------------------------------------------------*/ 584 /** /src/vendorcode/amd/agesa/f15tn/Proc/Mem/NB/mn.c: 495 in MemNTrainingFlowUnb() 489 */ 490 VOID 491 MemNTrainingFlowUnb ( 492 IN OUT MEM_NB_BLOCK *NBPtr 493 ) 494 { >>> CID 1357452: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 495 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 496 return; 497 } 498 /*---------------------------------------------------------------------------- 499 * LOCAL FUNCTIONS 500 * 501 *---------------------------------------------------------------------------- ** CID 1357451: (OVERRUN) /src/vendorcode/amd/agesa/f12/Proc/Mem/NB/mn.c: 304 in MemNTrainingFlowNb() /src/vendorcode/amd/agesa/f14/Proc/Mem/NB/mn.c: 306 in MemNTrainingFlowNb() /src/vendorcode/amd/agesa/f15/Proc/Mem/NB/mn.c: 309 in MemNTrainingFlowNb() /src/vendorcode/amd/agesa/f15tn/Proc/Mem/NB/mn.c: 302 in MemNTrainingFlowNb() ________________________________________________________________________________________________________ *** CID 1357451: (OVERRUN) /src/vendorcode/amd/agesa/f12/Proc/Mem/NB/mn.c: 304 in MemNTrainingFlowNb() 298 BOOLEAN 299 MemNTrainingFlowNb ( 300 IN OUT MEM_NB_BLOCK *NBPtr 301 ) 302 { 303 if (MemNGetBitFieldNb (NBPtr, BFDdr3Mode)!= 0) { >>> CID 1357451: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 304 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 305 } else { 306 memNTrainFlowControl[DDR2_TRAIN_FLOW] (NBPtr); 307 } 308 return TRUE; 309 } /src/vendorcode/amd/agesa/f14/Proc/Mem/NB/mn.c: 306 in MemNTrainingFlowNb() 300 BOOLEAN 301 MemNTrainingFlowNb ( 302 IN OUT MEM_NB_BLOCK *NBPtr 303 ) 304 { 305 if (MemNGetBitFieldNb (NBPtr, BFDdr3Mode)!= 0) { >>> CID 1357451: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 306 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 307 } else { 308 memNTrainFlowControl[DDR2_TRAIN_FLOW] (NBPtr); 309 } 310 return TRUE; 311 } /src/vendorcode/amd/agesa/f15/Proc/Mem/NB/mn.c: 309 in MemNTrainingFlowNb() 303 BOOLEAN 304 MemNTrainingFlowNb ( 305 IN OUT MEM_NB_BLOCK *NBPtr 306 ) 307 { 308 if (MemNGetBitFieldNb (NBPtr, BFDdr3Mode)!= 0) { >>> CID 1357451: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 309 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 310 } else { 311 memNTrainFlowControl[DDR2_TRAIN_FLOW] (NBPtr); 312 } 313 return TRUE; 314 } /src/vendorcode/amd/agesa/f15tn/Proc/Mem/NB/mn.c: 302 in MemNTrainingFlowNb() 296 BOOLEAN 297 MemNTrainingFlowNb ( 298 IN OUT MEM_NB_BLOCK *NBPtr 299 ) 300 { 301 if (MemNGetBitFieldNb (NBPtr, BFDdr3Mode)!= 0) { >>> CID 1357451: (OVERRUN) >>> Overrunning array "memNTrainFlowControl" of 1 4-byte elements at >>> element index 1 (byte offset 4) using index "1". 302 memNTrainFlowControl[DDR3_TRAIN_FLOW] (NBPtr); 303 } else { 304 memNTrainFlowControl[DDR2_TRAIN_FLOW] (NBPtr); 305 } 306 return TRUE; 307 } ** CID 1357446: Control flow issues (DEADCODE) /src/northbridge/intel/x4x/raminit.c: 374 in sdram_detect_ram_speed() ________________________________________________________________________________________________________ *** CID 1357446: Control flow issues (DEADCODE) /src/northbridge/intel/x4x/raminit.c: 374 in sdram_detect_ram_speed() 368 } else { // DDR3 369 // Limit frequency for MCH 370 maxfreq = (s->max_ddr2_mhz == 800) ? MEM_CLOCK_800MHz : MEM_CLOCK_667MHz; 371 maxfreq >>= 3; 372 freq = MEM_CLOCK_1333MHz; 373 if (maxfreq) { >>> CID 1357446: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "freq = maxfreq + 2;". 374 freq = maxfreq + 2; 375 } 376 if (freq > MEM_CLOCK_1333MHz) { 377 freq = MEM_CLOCK_1333MHz; 378 } 379 ** CID 1355168: (CONSTANT_EXPRESSION_RESULT) /src/soc/rockchip/rk3399/clock.c: 595 in rkclk_configure_spi() /src/soc/rockchip/rk3399/clock.c: 610 in rkclk_configure_spi() /src/soc/rockchip/rk3399/clock.c: 614 in rkclk_configure_spi() ________________________________________________________________________________________________________ *** CID 1355168: (CONSTANT_EXPRESSION_RESULT) /src/soc/rockchip/rk3399/clock.c: 595 in rkclk_configure_spi() 589 case 0: 590 write32(&cru_ptr->clksel_con[59], 591 SPI_CLK_REG_VALUE(0, src_clk_div)); 592 break; 593 case 1: 594 write32(&cru_ptr->clksel_con[59], >>> CID 1355168: (CONSTANT_EXPRESSION_RESULT) >>> "((65280 /* (CLK_SPI_PLL_SEL_MASK << CLK_SPI1_PLL_SEL_SHIFT) | >>> (CLK_SPI_PLL_DIV_CON_MASK << CLK_SPI1_PLL_DIV_CON_SHIFT) */) | ((32768 /* >>> CLK_SPI_PLL_SEL_GPLL << CLK_SPI1_PLL_SEL_SHIFT */) | (src_clk_div - 1 << >>> CLK_SPI1_PLL_DIV_CON_SHIFT))) << 16" is 0xffffffffff000000 regardless of >>> the values of its operands. This occurs as the bitwise first operand of "|". 595 SPI_CLK_REG_VALUE(1, src_clk_div)); 596 break; 597 case 2: 598 write32(&cru_ptr->clksel_con[60], 599 SPI_CLK_REG_VALUE(2, src_clk_div)); 600 break; /src/soc/rockchip/rk3399/clock.c: 610 in rkclk_configure_spi() 604 SPI3_DIV_CON_MASK << SPI3_DIV_CON_SHIFT, 605 SPI3_PLL_SEL_PPLL << SPI3_PLL_SEL_SHIFT | 606 (src_clk_div - 1) << SPI3_DIV_CON_SHIFT)); 607 break; 608 case 4: 609 write32(&cru_ptr->clksel_con[60], >>> CID 1355168: (CONSTANT_EXPRESSION_RESULT) >>> "((65280 /* (CLK_SPI_PLL_SEL_MASK << CLK_SPI4_PLL_SEL_SHIFT) | >>> (CLK_SPI_PLL_DIV_CON_MASK << CLK_SPI4_PLL_DIV_CON_SHIFT) */) | ((32768 /* >>> CLK_SPI_PLL_SEL_GPLL << CLK_SPI4_PLL_SEL_SHIFT */) | (src_clk_div - 1 << >>> CLK_SPI4_PLL_DIV_CON_SHIFT))) << 16" is 0xffffffffff000000 regardless of >>> the values of its operands. This occurs as the bitwise first operand of "|". 610 SPI_CLK_REG_VALUE(4, src_clk_div)); 611 break; 612 case 5: 613 write32(&cru_ptr->clksel_con[58], 614 SPI_CLK_REG_VALUE(5, src_clk_div)); 615 break; /src/soc/rockchip/rk3399/clock.c: 614 in rkclk_configure_spi() 608 case 4: 609 write32(&cru_ptr->clksel_con[60], 610 SPI_CLK_REG_VALUE(4, src_clk_div)); 611 break; 612 case 5: 613 write32(&cru_ptr->clksel_con[58], >>> CID 1355168: (CONSTANT_EXPRESSION_RESULT) >>> "((65280 /* (CLK_SPI_PLL_SEL_MASK << CLK_SPI5_PLL_SEL_SHIFT) | >>> (CLK_SPI_PLL_DIV_CON_MASK << CLK_SPI5_PLL_DIV_CON_SHIFT) */) | ((32768 /* >>> CLK_SPI_PLL_SEL_GPLL << CLK_SPI5_PLL_SEL_SHIFT */) | (src_clk_div - 1 << >>> CLK_SPI5_PLL_DIV_CON_SHIFT))) << 16" is 0xffffffffff000000 regardless of >>> the values of its operands. This occurs as the bitwise first operand of "|". 614 SPI_CLK_REG_VALUE(5, src_clk_div)); 615 break; 616 default: 617 printk(BIOS_ERR, "do not support this spi bus\n"); 618 } 619 } ** CID 1355167: (CONSTANT_EXPRESSION_RESULT) /src/soc/rockchip/rk3399/clock.c: 667 in rkclk_configure_i2c() /src/soc/rockchip/rk3399/clock.c: 671 in rkclk_configure_i2c() /src/soc/rockchip/rk3399/clock.c: 675 in rkclk_configure_i2c() ________________________________________________________________________________________________________ *** CID 1355167: (CONSTANT_EXPRESSION_RESULT) /src/soc/rockchip/rk3399/clock.c: 667 in rkclk_configure_i2c() 661 case 4: 662 write32(&pmucru_ptr->pmucru_clksel[3], 663 PMU_I2C_CLK_REG_VALUE(4, src_clk_div)); 664 break; 665 case 5: 666 write32(&cru_ptr->clksel_con[61], >>> CID 1355167: (CONSTANT_EXPRESSION_RESULT) >>> "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C5_DIV_CON_SHIFT) | >>> (CLK_I2C_PLL_SEL_MASK << CLK_I2C5_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << >>> CLK_I2C5_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << >>> CLK_I2C5_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the >>> values of its operands. This occurs as the bitwise first operand of "|". 667 I2C_CLK_REG_VALUE(5, src_clk_div)); 668 break; 669 case 6: 670 write32(&cru_ptr->clksel_con[62], 671 I2C_CLK_REG_VALUE(6, src_clk_div)); 672 break; /src/soc/rockchip/rk3399/clock.c: 671 in rkclk_configure_i2c() 665 case 5: 666 write32(&cru_ptr->clksel_con[61], 667 I2C_CLK_REG_VALUE(5, src_clk_div)); 668 break; 669 case 6: 670 write32(&cru_ptr->clksel_con[62], >>> CID 1355167: (CONSTANT_EXPRESSION_RESULT) >>> "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C6_DIV_CON_SHIFT) | >>> (CLK_I2C_PLL_SEL_MASK << CLK_I2C6_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << >>> CLK_I2C6_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << >>> CLK_I2C6_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the >>> values of its operands. This occurs as the bitwise first operand of "|". 671 I2C_CLK_REG_VALUE(6, src_clk_div)); 672 break; 673 case 7: 674 write32(&cru_ptr->clksel_con[63], 675 I2C_CLK_REG_VALUE(7, src_clk_div)); 676 break; /src/soc/rockchip/rk3399/clock.c: 675 in rkclk_configure_i2c() 669 case 6: 670 write32(&cru_ptr->clksel_con[62], 671 I2C_CLK_REG_VALUE(6, src_clk_div)); 672 break; 673 case 7: 674 write32(&cru_ptr->clksel_con[63], >>> CID 1355167: (CONSTANT_EXPRESSION_RESULT) >>> "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C7_DIV_CON_SHIFT) | >>> (CLK_I2C_PLL_SEL_MASK << CLK_I2C7_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << >>> CLK_I2C7_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << >>> CLK_I2C7_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the >>> values of its operands. This occurs as the bitwise first operand of "|". 675 I2C_CLK_REG_VALUE(7, src_clk_div)); 676 break; 677 case 8: 678 write32(&pmucru_ptr->pmucru_clksel[2], 679 PMU_I2C_CLK_REG_VALUE(8, src_clk_div)); 680 break; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZPEYdsCycHu9yQ2Jh-2BSBeVWcWXScp-2BtaPiN3TWq4VmNXIPqlYTTKzdL6pG0W9pyQecoBr3ajSlgjambHuX5VI8HH-2FnI8nQ2SXyNo4whsJpi62yBqBm3IBoJpUf1SDTy-2FKT6Mz-2F44ywi-2BSO7wOyXNUX57hBnN65iwzJ9Oou4FB1Ljn5Mwagm4w3D9ieGwKTHVM-3D To manage Coverity Scan email notifications for "coreboot@coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqyeem8IVKvTxSaOFkteZFcnohwvb2rnYNjswGryEWCURnUk6WHU42sbOmtOjD-2Bx5c-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZPEYdsCycHu9yQ2Jh-2BSBeVHKKI1LWXocH4jF3HoC6wjyQKxGqIAzBaOTVKhMInUiLp1wu8p4Xhfye3wuOhHD0wAFGo9kGOYlhxS-2FGERKqKMjVNnPPEfjRRuJCo4F63iYkefGhEcLWO38NVMz0rGBp43xBSwYE3Wna-2FVfeS2i1YLHXTqW9ESnCoj2WRkcgwau0-3D -- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot