Hi, Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 1395334: (BAD_SHIFT) /src/lib/gpio.c: 150 in _gpio_base3_value() /src/lib/gpio.c: 147 in _gpio_base3_value() /src/lib/gpio.c: 150 in _gpio_base3_value() /src/lib/gpio.c: 150 in _gpio_base3_value() ________________________________________________________________________________________________________ *** CID 1395334: (BAD_SHIFT) /src/lib/gpio.c: 150 in _gpio_base3_value() 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */ >>> CID 1395334: (BAD_SHIFT) >>> In expression "1 << index + 1", left shifting by more than 31 bits has >>> undefined behavior. The shift amount, "index + 1", is at least 32. 150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } 153 } 154 } 155 /src/lib/gpio.c: 147 in _gpio_base3_value() 141 */ 142 if (binary_first && !has_z) { 143 switch (temp) { 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ >>> CID 1395334: (BAD_SHIFT) >>> In expression "1 << index", left shifting by more than 31 bits has >>> undefined behavior. The shift amount, "index", is at least 32. 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */ 150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } /src/lib/gpio.c: 150 in _gpio_base3_value() 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */ >>> CID 1395334: (BAD_SHIFT) >>> In expression "1 << index + 1", left shifting by more than 31 bits has >>> undefined behavior. The shift amount, "index + 1", is at least 33. 150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } 153 } 154 } 155 /src/lib/gpio.c: 150 in _gpio_base3_value() 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */ >>> CID 1395334: (BAD_SHIFT) >>> In expression "1 << index + 1", left shifting by more than 31 bits has >>> undefined behavior. The shift amount, "index + 1", is as much as 32. 150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } 153 } 154 } 155 ** CID 1395333: Memory - illegal accesses (OVERRUN) /src/lib/gpio.c: 117 in _gpio_base3_value() ________________________________________________________________________________________________________ *** CID 1395333: Memory - illegal accesses (OVERRUN) /src/lib/gpio.c: 117 in _gpio_base3_value() 111 * 1: pull up 112 * 2: floating 113 */ 114 printk(BIOS_DEBUG, "Reading tristate GPIOs: "); 115 for (index = num_gpio - 1; index >= 0; --index) { 116 temp = gpio_get(gpio[index]); >>> CID 1395333: Memory - illegal accesses (OVERRUN) >>> Overrunning array "value" of 32 bytes at byte offset 32 using index >>> "index" (which evaluates to 32). 117 temp |= ((value[index] ^ temp) << 1); 118 printk(BIOS_DEBUG, "%c ", tristate_char[temp]); 119 result = (result * 3) + temp; 120 121 /* 122 * For binary_first we keep track of the normal ternary result ** CID 1395332: Integer handling issues (BAD_SHIFT) /src/lib/gpio.c: 158 in _gpio_base3_value() ________________________________________________________________________________________________________ *** CID 1395332: Integer handling issues (BAD_SHIFT) /src/lib/gpio.c: 158 in _gpio_base3_value() 152 } 153 } 154 } 155 156 if (binary_first) { 157 if (has_z) >>> CID 1395332: Integer handling issues (BAD_SHIFT) >>> In expression "1 << num_gpio", left shifting by more than 31 bits has >>> undefined behavior. The shift amount, "num_gpio", is at least 33. 158 result = result + (1 << num_gpio) - binary_below; 159 else /* binary_below is normal binary system value if !has_z. */ 160 result = binary_below; 161 } 162 163 printk(BIOS_DEBUG, "= %d (%s base3 number system)\n", result, ** CID 1395331: Uninitialized variables (UNINIT) /src/soc/intel/cannonlake/cnl_memcfg_init.c: 116 in cannonlake_memcfg_init() ________________________________________________________________________________________________________ *** CID 1395331: Uninitialized variables (UNINIT) /src/soc/intel/cannonlake/cnl_memcfg_init.c: 116 in cannonlake_memcfg_init() 110 if (spd->spd_smbus_address[i] != 0) { 111 mem_cfg->SpdAddressTable[i] = spd->spd_smbus_address[i]; 112 OnModuleSpd = 1; 113 } 114 } 115 >>> CID 1395331: Uninitialized variables (UNINIT) >>> Using uninitialized value "OnModuleSpd". 116 if (!OnModuleSpd) { 117 if (spd->spd_by_index) { 118 meminit_cbfs_spd_index(mem_cfg, cnl_cfg, 119 spd->spd_spec.spd_index); 120 } else { 121 meminit_spd_data(mem_cfg, cnl_cfg, ** CID 1395330: Null pointer dereferences (FORWARD_NULL) /util/romcc/romcc.c: 1988 in new_occurrence() ________________________________________________________________________________________________________ *** CID 1395330: Null pointer dereferences (FORWARD_NULL) /util/romcc/romcc.c: 1988 in new_occurrence() 1982 col = get_col(state->file); 1983 } 1984 if (state->function) { 1985 function = state->function; 1986 } 1987 last = state->last_occurrence; >>> CID 1395330: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "filename" to "strcmp", which dereferences it. >>> [Note: The source code implementation of the function has been overridden >>> by a builtin model.] 1988 if (last && 1989 (last->col == col) && 1990 (last->line == line) && 1991 (last->function == function) && 1992 ((last->filename == filename) || 1993 (strcmp(last->filename, filename) == 0))) ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5Yc21LPqijtFjWx0vyiHv28pQrAVLUANNaesXiHIz-2BACbwrGJVekMsmSgJRKiVo16dXWNcx7NY3CT5zdxDoG864onQRWp4DADBgIciN-2Be-2BP3MsV2tAmRyunB0UegjF7-2BHiu-2Fddh9wRuArHNg4fzXRO2cbYaavedymdoWQ8LN4DCk91kHd6p9do4a-2BR09Okkm8U-3D -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot