Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
9 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)
** CID 1396055: Incorrect expression (SIZEOF_MISMATCH)
/src/drivers/generic/generic/generic.c: 67 in generic_autogen_name()
________________________________________________________________________________________________________
*** CID 1396055: Incorrect expression (SIZEOF_MISMATCH)
/src/drivers/generic/generic/generic.c: 67 in generic_autogen_name()
61 char *name = &config->autogen_name[0];
62 static unsigned int id;
63
64 if (name[0] != '\0')
65 return name;
66
>>> CID 1396055: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "name" of type "char *" and argument "4UL /* sizeof
>>> (name) */" to function "snprintf" is suspicious.
67 snprintf(name, sizeof(name), "G%03.3X", id++);
68 name[4] = '\0';
69 return name;
70 }
71
72 static const char *generic_dev_acpi_name(const struct device *dev)
** CID 1396054: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1396054: Null pointer dereferences (NULL_RETURNS)
/src/drivers/generic/generic/generic.c: 38 in generic_dev_fill_ssdt_generator()
32
33 if (!config->hid) {
34 printk(BIOS_ERR, "%s: ERROR: _HID required\n", dev_path(dev));
35 return;
36 }
37
>>> CID 1396054: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "acpi_device_scope(dev)"
>>> when calling "acpigen_write_scope".
38 acpigen_write_scope(acpi_device_scope(dev));
39 acpigen_write_device(acpi_device_name(dev));
40 acpigen_write_name_string("_HID", config->hid);
41 if (config->cid)
42 acpigen_write_name_string("_CID", config->cid);
43 acpigen_write_name_integer("_UID", config->uid);
** CID 1396053: Parse warnings (PARSE_ERROR)
/src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 652 in ()
________________________________________________________________________________________________________
*** CID 1396053: Parse warnings (PARSE_ERROR)
/src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 652 in ()
646 } __packed;
647
648 struct lp0_header header __attribute__((section(".header"))) =
649 {
650 .length_insecure = (uintptr_t)&blob_total_size,
651 .length_secure = (uintptr_t)&blob_total_size,
>>> CID 1396053: Parse warnings (PARSE_ERROR)
>>> identifier "blob_data" is undefined
652 .destination = (uintptr_t)&blob_data,
653 .entry_point = (uintptr_t)&lp0_resume,
654 .code_length = (uintptr_t)&blob_data_size
** CID 1396052: (RESOURCE_LEAK)
/util/intelvbttool/intelvbttool.c: 993 in fix_vbios_checksum()
/util/intelvbttool/intelvbttool.c: 998 in fix_vbios_checksum()
________________________________________________________________________________________________________
*** CID 1396052: (RESOURCE_LEAK)
/util/intelvbttool/intelvbttool.c: 993 in fix_vbios_checksum()
987 if (!fo) {
988 printerr("%s open failed\n", filename);
989 return 1;
990 }
991
992 if (fo->size < sizeof(optionrom_header_t))
>>> CID 1396052: (RESOURCE_LEAK)
>>> Variable "fo" going out of scope leaks the storage it points to.
993 return 1;
994
995 optionrom_header_t *oh = (optionrom_header_t *)fo->data;
996
997 if (oh->size * 512 > fo->size)
998 return 1;
/util/intelvbttool/intelvbttool.c: 998 in fix_vbios_checksum()
992 if (fo->size < sizeof(optionrom_header_t))
993 return 1;
994
995 optionrom_header_t *oh = (optionrom_header_t *)fo->data;
996
997 if (oh->size * 512 > fo->size)
>>> CID 1396052: (RESOURCE_LEAK)
>>> Variable "fo" going out of scope leaks the storage it points to.
998 return 1;
999
1000 /* fix checksum */
1001 oh->checksum = -(checksum_vbios(oh) - oh->checksum);
1002
1003 if (write_file(filename, fo)) {
** CID 1396051: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/util/intelvbttool/intelvbttool.c: 394 in read_file()
________________________________________________________________________________________________________
*** CID 1396051: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/util/intelvbttool/intelvbttool.c: 394 in read_file()
388 printerr("%s seek failed: %s\n", filename,
strerror(errno));
389 fclose(fd);
390 return NULL;
391 }
392
393 const off_t size = ftell(fd);
>>> CID 1396051: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "size > 18446744073709551615UL" is always false regardless of the
>>> values of its operands. This occurs as the logical second operand of "||".
394 if (size < 0 || size > SIZE_MAX) {
395 printerr("%s tell failed: %s\n", filename,
strerror(errno));
396 fclose(fd);
397 return NULL;
398 }
399
** CID 1396050: Resource leaks (RESOURCE_LEAK)
/util/intelvbttool/intelvbttool.c: 794 in parse_vbt()
________________________________________________________________________________________________________
*** CID 1396050: Resource leaks (RESOURCE_LEAK)
/util/intelvbttool/intelvbttool.c: 794 in parse_vbt()
788 if (!bdb_head->header_size || bdb_head->header_size > fo->size)
{
789 printerr("invalid BDB header size\n");
790 return;
791 }
792
793 /* Duplicate fo as caller is owner and remalloc frees the
object */
>>> CID 1396050: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "malloc_fo_sub(fo, 0UL)"
>>> leaks it.
794 *vbt = remalloc_fo(malloc_fo_sub(fo, 0), head->vbt_size);
795 }
796
797 /* Option ROM checksum */
798 static u8 checksum_vbios(const optionrom_header_t *oh)
799 {
** CID 1396049: Parse warnings (PARSE_ERROR)
/src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 653 in ()
________________________________________________________________________________________________________
*** CID 1396049: Parse warnings (PARSE_ERROR)
/src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 653 in ()
647
648 struct lp0_header header __attribute__((section(".header"))) =
649 {
650 .length_insecure = (uintptr_t)&blob_total_size,
651 .length_secure = (uintptr_t)&blob_total_size,
652 .destination = (uintptr_t)&blob_data,
>>> CID 1396049: Parse warnings (PARSE_ERROR)
>>> identifier "lp0_resume" is undefined
653 .entry_point = (uintptr_t)&lp0_resume,
654 .code_length = (uintptr_t)&blob_data_size
** CID 1396048: (PARSE_ERROR)
/src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 266 in ()
/src/soc/nvidia/tegra210/lp0/tegra_lp0_resume.c: 430 in ()
________________________________________________________________________________________________________
*** CID 1396048: (PARSE_ERROR)
/src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 266 in ()
260 static uint32_t *sysctr_cntfid0_ptr = (void *)(SYSCTR_CTLR_BASE + 0x20);
261
262
263
264 /* Utility functions. */
265
>>> CID 1396048: (PARSE_ERROR)
>>> expected a ";"
266 static __always_inline void __noreturn halt(void)
267 {
268 for (;;);
269 }
270
271 static inline uint32_t read32(const void *addr)
/src/soc/nvidia/tegra210/lp0/tegra_lp0_resume.c: 430 in ()
424 #define MAX77621_VOUT_VAL (0x80 | 0x27)
425 #define MAX77621_VOUT_DATA (MAX77621_VOUT_REG | (MAX77621_VOUT_VAL
<< 8))
426
427
428 /* Utility functions. */
429
>>> CID 1396048: (PARSE_ERROR)
>>> expected a ";"
430 static __always_inline void __noreturn halt(void)
431 {
432 for (;;);
433 }
434
435 static inline uint32_t read32(const void *addr)
** CID 1396047: (RESOURCE_LEAK)
/util/intelvbttool/intelvbttool.c: 1041 in patch_vbios()
/util/intelvbttool/intelvbttool.c: 1045 in patch_vbios()
________________________________________________________________________________________________________
*** CID 1396047: (RESOURCE_LEAK)
/util/intelvbttool/intelvbttool.c: 1041 in patch_vbios()
1035 parse_vbios(fo, &old_vbt);
1036
1037 if (old_vbt) {
1038 if (oh->vbt_offset + vbt_size(old_vbt) == fo->size) {
1039 /* Located at the end of file - reduce file
size */
1040 if (fo->size < vbt_size(old_vbt))
>>> CID 1396047: (RESOURCE_LEAK)
>>> Variable "old_vbt" going out of scope leaks the storage it points to.
1041 return 1;
1042 fo = remalloc_fo(fo, fo->size -
vbt_size(old_vbt));
1043 if (!fo) {
1044 printerr("Failed to allocate memory\n");
1045 return 1;
1046 }
/util/intelvbttool/intelvbttool.c: 1045 in patch_vbios()
1039 /* Located at the end of file - reduce file
size */
1040 if (fo->size < vbt_size(old_vbt))
1041 return 1;
1042 fo = remalloc_fo(fo, fo->size -
vbt_size(old_vbt));
1043 if (!fo) {
1044 printerr("Failed to allocate memory\n");
>>> CID 1396047: (RESOURCE_LEAK)
>>> Variable "old_vbt" going out of scope leaks the storage it points to.
1045 return 1;
1046 }
1047 oh->vbt_offset = 0;
1048 } else if (vbt_size(old_vbt) < vbt_size(fo_vbt)) {
1049 /* In the middle of the file - Remove old VBT */
1050 memset(fo->data + oh->vbt_offset, 0xff,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5bOy3AWPfQ3nD9AkRtyiSLXO7H14lQOr9-2BjeTrnJDrqEIpgFK2pq-2F9qmWpOUeIbXNCxaXNENW-2FtPU9KydOMHP-2F6u3xTdRldolq3WLF6DC83YarQxS24f4OoX-2FSuiI7d3Qr8Khg7h2oWVPX7KzNxFQrdqEuyCbffLbz5mTDuSWix5xciaVavZ8Rv0cYsWZBsCI8-3D
--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
