[coreboot] New Defects reported by Coverity Scan for coreboot

[scan-admin]

Hi,

Please find the latest report on new defect(s) introduced to coreboot found 
with Coverity Scan.

3 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent 
build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1376473:  Code maintainability issues  (UNUSED_VALUE)
/src/soc/intel/quark/spi.c: 169 in xfer()


________________________________________________________________________________________________________
*** CID 1376473:  Code maintainability issues  (UNUSED_VALUE)
/src/soc/intel/quark/spi.c: 169 in xfer()
163                     }
164     
165                     /* Use chip select 0 */
166                     ctrlr->address = (data[0] << 16)
167                                    | (data[1] << 8)
168                                    |  data[2];
>>>     CID 1376473:  Code maintainability issues  (UNUSED_VALUE)
>>>     Assigning value from "ctrlr->address" to "status" here, but that stored 
>>> value is overwritten before it can be used.
169                     status = ctrlr->address;
170                     data += 3;
171                     bytesout -= 3;
172             }
173     
174             /* Build the control value */

** CID 1376472:  Integer handling issues  (SIGN_EXTENSION)
/src/commonlib/storage/mmc.c: 436 in mmc_update_capacity()


________________________________________________________________________________________________________
*** CID 1376472:  Integer handling issues  (SIGN_EXTENSION)
/src/commonlib/storage/mmc.c: 436 in mmc_update_capacity()
430             /* Determine the user partition size
431              *
432              * According to the JEDEC Standard, the value of
433              * ext_csd's capacity is valid if the value is
434              * more than 2GB
435              */
>>>     CID 1376472:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "ext_csd[215]" with type "unsigned 
>>> char" (8 bits, unsigned) is promoted in "(ext_csd[212] << 0) | 
>>> (ext_csd[213] << 8) | (ext_csd[214] << 16) | (ext_csd[215] << 24)" to type 
>>> "int" (32 bits, signed), then sign-extended to type "unsigned long long" 
>>> (64 bits, unsigned).  If "(ext_csd[212] << 0) | (ext_csd[213] << 8) | 
>>> (ext_csd[214] << 16) | (ext_csd[215] << 24)" is greater than 0x7FFFFFFF, 
>>> the upper bits of the result will all be 1.
436             capacity = (ext_csd[EXT_CSD_SEC_CNT + 0] << 0 |
437                         ext_csd[EXT_CSD_SEC_CNT + 1] << 8 |
438                         ext_csd[EXT_CSD_SEC_CNT + 2] << 16 |
439                         ext_csd[EXT_CSD_SEC_CNT + 3] << 24);
440             capacity *= 512;
441             if ((capacity >> 20) > 2 * 1024)

** CID 1325831:  Insecure data handling  (TAINTED_SCALAR)
/src/lib/tlcl.c: 242 in tlcl_read()


________________________________________________________________________________________________________
*** CID 1325831:  Insecure data handling  (TAINTED_SCALAR)
/src/lib/tlcl.c: 242 in tlcl_read()
236     
237             result = tlcl_send_receive(cmd.buffer, response, 
sizeof(response));
238             if (result == TPM_SUCCESS && length > 0) {
239                     uint8_t *nv_read_cursor = response + 
kTpmResponseHeaderLength;
240                     from_tpm_uint32(nv_read_cursor, &result_length);
241                     nv_read_cursor += sizeof(uint32_t);
>>>     CID 1325831:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "result_length" to a tainted sink. [Note: The 
>>> source code implementation of the function has been overridden by a builtin 
>>> model.]
242                     memcpy(data, nv_read_cursor, result_length);
243             }
244     
245             return result;
246     }
247     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5agab1yH1fWih8lOzGDXMJ-2BzvFGoUuWpdw3H-2BV-2B-2FeekKYHK0IF7MnBY64iISlh-2FZYn-2BnS-2BYtBrVKnZMM7CODsB6Clj5b9f5etfO0OgVBRCj0DJ7W9mfdhxKsqDCwa2VO28Ii-2FFLhrSbJ6JJIXQ3bVFhihXrmZrNOb58wm9UYnQGI8jVpEkC4xHbF2BSZ2PLSkQ-3D

To manage Coverity Scan email notifications for "coreboot@coreboot.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqyeem8IVKvTxSaOFkteZFcnohwvb2rnYNjswGryEWCURnUk6WHU42sbOmtOjD-2Bx5c-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5agab1yH1fWih8lOzGDXMJ-2BscuWVNvWufYOUYr2O9TPYlePBvIjgNhGZ3neDd0RYQIkISA1liNh89mR75xvLe1NRX9dVW4bOwLfuS9dPM6wEWeTJTv5GXSzLBFwzJwg2S659RqtNUl4QFtWvXM-2B8WAR8SzAVhpQBVK78EN4qTN-2B31pWK042CHmoZdU67sDKTIw-3D


-- 
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot