Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1395334: (BAD_SHIFT)
/src/lib/gpio.c: 150 in _gpio_base3_value()
/src/lib/gpio.c: 147 in _gpio_base3_value()
/src/lib/gpio.c: 150 in _gpio_base3_value()
/src/lib/gpio.c: 150 in _gpio_base3_value()
________________________________________________________________________________________________________
*** CID 1395334: (BAD_SHIFT)
/src/lib/gpio.c: 150 in _gpio_base3_value()
144 case 0: /* Ignore '0' digits. */
145 break;
146 case 1: /* Account for binaries 0 to 2^index -
1. */
147 binary_below += 1 << index;
148 break;
149 case 2: /* Account for binaries 0 to
2^(index+1) - 1. */
>>> CID 1395334: (BAD_SHIFT)
>>> In expression "1 << index + 1", left shifting by more than 31 bits has
>>> undefined behavior. The shift amount, "index + 1", is at least 32.
150 binary_below += 1 << (index + 1);
151 has_z = 1;
152 }
153 }
154 }
155
/src/lib/gpio.c: 147 in _gpio_base3_value()
141 */
142 if (binary_first && !has_z) {
143 switch (temp) {
144 case 0: /* Ignore '0' digits. */
145 break;
146 case 1: /* Account for binaries 0 to 2^index -
1. */
>>> CID 1395334: (BAD_SHIFT)
>>> In expression "1 << index", left shifting by more than 31 bits has
>>> undefined behavior. The shift amount, "index", is at least 32.
147 binary_below += 1 << index;
148 break;
149 case 2: /* Account for binaries 0 to
2^(index+1) - 1. */
150 binary_below += 1 << (index + 1);
151 has_z = 1;
152 }
/src/lib/gpio.c: 150 in _gpio_base3_value()
144 case 0: /* Ignore '0' digits. */
145 break;
146 case 1: /* Account for binaries 0 to 2^index -
1. */
147 binary_below += 1 << index;
148 break;
149 case 2: /* Account for binaries 0 to
2^(index+1) - 1. */
>>> CID 1395334: (BAD_SHIFT)
>>> In expression "1 << index + 1", left shifting by more than 31 bits has
>>> undefined behavior. The shift amount, "index + 1", is at least 33.
150 binary_below += 1 << (index + 1);
151 has_z = 1;
152 }
153 }
154 }
155
/src/lib/gpio.c: 150 in _gpio_base3_value()
144 case 0: /* Ignore '0' digits. */
145 break;
146 case 1: /* Account for binaries 0 to 2^index -
1. */
147 binary_below += 1 << index;
148 break;
149 case 2: /* Account for binaries 0 to
2^(index+1) - 1. */
>>> CID 1395334: (BAD_SHIFT)
>>> In expression "1 << index + 1", left shifting by more than 31 bits has
>>> undefined behavior. The shift amount, "index + 1", is as much as 32.
150 binary_below += 1 << (index + 1);
151 has_z = 1;
152 }
153 }
154 }
155
** CID 1395333: Memory - illegal accesses (OVERRUN)
/src/lib/gpio.c: 117 in _gpio_base3_value()
________________________________________________________________________________________________________
*** CID 1395333: Memory - illegal accesses (OVERRUN)
/src/lib/gpio.c: 117 in _gpio_base3_value()
111 * 1: pull up
112 * 2: floating
113 */
114 printk(BIOS_DEBUG, "Reading tristate GPIOs: ");
115 for (index = num_gpio - 1; index >= 0; --index) {
116 temp = gpio_get(gpio[index]);
>>> CID 1395333: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "value" of 32 bytes at byte offset 32 using index
>>> "index" (which evaluates to 32).
117 temp |= ((value[index] ^ temp) << 1);
118 printk(BIOS_DEBUG, "%c ", tristate_char[temp]);
119 result = (result * 3) + temp;
120
121 /*
122 * For binary_first we keep track of the normal ternary
result
** CID 1395332: Integer handling issues (BAD_SHIFT)
/src/lib/gpio.c: 158 in _gpio_base3_value()
________________________________________________________________________________________________________
*** CID 1395332: Integer handling issues (BAD_SHIFT)
/src/lib/gpio.c: 158 in _gpio_base3_value()
152 }
153 }
154 }
155
156 if (binary_first) {
157 if (has_z)
>>> CID 1395332: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << num_gpio", left shifting by more than 31 bits has
>>> undefined behavior. The shift amount, "num_gpio", is at least 33.
158 result = result + (1 << num_gpio) -
binary_below;
159 else /* binary_below is normal binary system value if
!has_z. */
160 result = binary_below;
161 }
162
163 printk(BIOS_DEBUG, "= %d (%s base3 number system)\n", result,
** CID 1395331: Uninitialized variables (UNINIT)
/src/soc/intel/cannonlake/cnl_memcfg_init.c: 116 in cannonlake_memcfg_init()
________________________________________________________________________________________________________
*** CID 1395331: Uninitialized variables (UNINIT)
/src/soc/intel/cannonlake/cnl_memcfg_init.c: 116 in cannonlake_memcfg_init()
110 if (spd->spd_smbus_address[i] != 0) {
111 mem_cfg->SpdAddressTable[i] =
spd->spd_smbus_address[i];
112 OnModuleSpd = 1;
113 }
114 }
115
>>> CID 1395331: Uninitialized variables (UNINIT)
>>> Using uninitialized value "OnModuleSpd".
116 if (!OnModuleSpd) {
117 if (spd->spd_by_index) {
118 meminit_cbfs_spd_index(mem_cfg, cnl_cfg,
119 spd->spd_spec.spd_index);
120 } else {
121 meminit_spd_data(mem_cfg, cnl_cfg,
** CID 1395330: Null pointer dereferences (FORWARD_NULL)
/util/romcc/romcc.c: 1988 in new_occurrence()
________________________________________________________________________________________________________
*** CID 1395330: Null pointer dereferences (FORWARD_NULL)
/util/romcc/romcc.c: 1988 in new_occurrence()
1982 col = get_col(state->file);
1983 }
1984 if (state->function) {
1985 function = state->function;
1986 }
1987 last = state->last_occurrence;
>>> CID 1395330: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "filename" to "strcmp", which dereferences it.
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
1988 if (last &&
1989 (last->col == col) &&
1990 (last->line == line) &&
1991 (last->function == function) &&
1992 ((last->filename == filename) ||
1993 (strcmp(last->filename, filename) == 0)))
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5Yc21LPqijtFjWx0vyiHv28pQrAVLUANNaesXiHIz-2BACbwrGJVekMsmSgJRKiVo16dXWNcx7NY3CT5zdxDoG864onQRWp4DADBgIciN-2Be-2BP3MsV2tAmRyunB0UegjF7-2BHiu-2Fddh9wRuArHNg4fzXRO2cbYaavedymdoWQ8LN4DCk91kHd6p9do4a-2BR09Okkm8U-3D
--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
