Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
123 new defect(s) introduced to coreboot found with Coverity Scan.
71 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 123 defect(s)
** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in
PcieTopologySelectMasterPllKB()
________________________________________________________________________________________________________
*** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in
PcieTopologySelectMasterPllKB()
410 MasterLane = (EngineMasterLane < MasterLane) ? EngineMasterLane
: MasterLane;
411 if (PcieConfigIsSbPcieEngine (EngineList)) {
412 break;
413 }
414 }
415 }
>>> CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
416 EngineList = PcieLibGetNextDescriptor (EngineList);
417 }
418
419 if (MasterLane == 0xffff) {
420 if (MasterHotplugLane != 0xffff) {
421 MasterLane = MasterHotplugLane;
** CID 1402118: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402118: (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 1219 in validateImcFirmware()
1213 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0);
1214 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1);
1215 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2);
1216 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) &&
(ImcBinSig2 == 0x435F) ) {
1217 dbIMCChecksume = 0;
1218 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++
) {
>>> CID 1402118: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
1219 ReadMEM (CurAddr, AccWidthUint8, &dbIMC);
1220 dbIMCChecksume = dbIMCChecksume + dbIMC;
1221 }
1222 }
1223 }
1224 if ( dbIMCChecksume ) {
/src/vendorcode/amd/cimx/sb800/SBCMN.c: 953 in validateImcFirmware()
947 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0);
948 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1);
949 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2);
950 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) &&
(ImcBinSig2 == 0x435F) ) {
951 dbIMCChecksume = 0;
952 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++ )
{
>>> CID 1402118: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
953 ReadMEM (CurAddr, AccWidthUint8, &dbIMC);
954 dbIMCChecksume = dbIMCChecksume + dbIMC;
955 }
956 }
957 }
958 if ( dbIMCChecksume ) {
** CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/PCIe/Family/LN/F12PcieWrapperServices.c:
434 in PcieLnConfigureDdiEnginesLaneAllocation()
________________________________________________________________________________________________________
*** CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/PCIe/Family/LN/F12PcieWrapperServices.c:
434 in PcieLnConfigureDdiEnginesLaneAllocation()
428 }
429 LaneIndex = 0;
430 while (EnginesList != NULL) {
431 PcieConfigResetDescriptorFlags (EnginesList, DESCRIPTOR_ALLOCATED);
432 EnginesList->EngineData.StartLane = DdiLaneConfigurationTable
[ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
433 EnginesList->EngineData.EndLane = DdiLaneConfigurationTable
[ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
>>> CID 1402117: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EnginesList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
434 EnginesList = PcieLibGetNextDescriptor (EnginesList);
435 }
436 return AGESA_SUCCESS;
437 }
438
439
/*----------------------------------------------------------------------------------------*/
** CID 1402116: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
169 in PcieMapTopologyOnComplex()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
169 in PcieMapTopologyOnComplex()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
182 in PcieMapTopologyOnComplex()
________________________________________________________________________________________________________
*** CID 1402116: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
169 in PcieMapTopologyOnComplex()
163 PcieConfigDisableAllEngines (PciePortEngine | PcieDdiEngine,
Wrapper);
164 IDS_HDT_CONSOLE (PCIE_MISC, " ERROR! Fail to map topology on
%s Wrapper\n",
165 PcieFmDebugGetWrapperNameString (Wrapper)
166 );
167 ASSERT (FALSE);
168 }
>>> CID 1402116: (ARRAY_VS_SINGLETON)
>>> Using "Wrapper" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
169 Wrapper = PcieLibGetNextDescriptor (Wrapper);
170 }
171 Status = PcieMapPortsPciAddresses (Silicon, Pcie);
172 AGESA_STATUS_UPDATE (Status, AgesaStatus);
173 Silicon = PcieLibGetNextDescriptor (Silicon);
174 }
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
169 in PcieMapTopologyOnComplex()
163 PcieConfigDisableAllEngines (PciePortEngine | PcieDdiEngine,
Wrapper);
164 IDS_HDT_CONSOLE (PCIE_MISC, " ERROR! Fail to map topology on
%s Wrapper\n",
165 PcieFmDebugGetWrapperNameString (Wrapper)
166 );
167 ASSERT (FALSE);
168 }
>>> CID 1402116: (ARRAY_VS_SINGLETON)
>>> Using "Wrapper" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
169 Wrapper = PcieLibGetNextDescriptor (Wrapper);
170 }
171 Status = PcieMapPortsPciAddresses (Silicon, Pcie);
172 AGESA_STATUS_UPDATE (Status, AgesaStatus);
173 Silicon = PcieLibGetNextDescriptor (Silicon);
174 }
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
182 in PcieMapTopologyOnComplex()
176 PcieConfigDisableAllEngines (PciePortEngine | PcieDdiEngine,
Wrapper);
177 IDS_HDT_CONSOLE (PCIE_MISC, " ERROR! Fail to map topology on
%s Wrapper\n",
178 PcieFmDebugGetWrapperNameString (Wrapper)
179 );
180 ASSERT (FALSE);
181 }
>>> CID 1402116: (ARRAY_VS_SINGLETON)
>>> Using "Wrapper" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
182 Wrapper = PcieLibGetNextDescriptor (Wrapper);
183 }
184 Status = PcieMapPortsPciAddresses (Silicon, Pcie);
185 AGESA_STATUS_UPDATE (Status, AgesaStatus);
186 Silicon = PcieLibGetNextDescriptor (Silicon);
187 }
** CID 1402115: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402115: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb800/SBPort.c: 249 in sbPowerOnInit()
243 // Set SPI MMio bit offset 00h[19] to 1 and offset 00h[26:24] to
111, offset 0ch[21:16] to 1, Set LPC cfg BBh[6] to 0 ( by default it is 0).
244 // if Ec is enable
245 // Maximum spi speed that can be supported by SB is 22M (SPI Mmio
offset 0ch[13:12] to 10) if the rom can run at the speed.
246 // else
247 // Maximum spi speed that can be supported by SB is 33M (SPI Mmio
offset 0ch[13:12] to 01 in normal mode or offset 0ch[15:14] in fast mode) if
the rom can run at
248 // the speed.
>>> CID 1402115: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&dbSysConfig" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
249 getChipSysMode (&dbSysConfig);
250 if (pConfig->BuildParameters.SpiSpeed < 0x02) {
251 pConfig->BuildParameters.SpiSpeed = 0x01;
252 if (dbSysConfig & ChipSysEcEnable)
pConfig->BuildParameters.SpiSpeed = 0x02;
253 }
254
** CID 1402114: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GnbMidInitTN.c: 134
in GnbIommuMidInitCheckGfxPciePorts()
________________________________________________________________________________________________________
*** CID 1402114: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GnbMidInitTN.c: 134
in GnbIommuMidInitCheckGfxPciePorts()
128 // GFX PCIe ports beeing used
129 GfxPciePortUsed = TRUE;
130 IDS_HDT_CONSOLE (GNB_TRACE, "GFX PCIe ports beeing used\n");
131 break;
132 }
133 }
>>> CID 1402114: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
134 EngineList = PcieLibGetNextDescriptor (EngineList);
135 }
136 }
137
138 if (!GfxPciePortUsed) {
139 //D0F2xF4_x57.Field.L1ImuPcieGfxDis needs to be set
** CID 1402113: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402113: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 1442 in ValidateFchVariant()
1436 default:
1437 break;
1438 }
1439
1440 // add Efuse checking for Xhci enable/disable
1441 XhciEfuse = XHCI_EFUSE_LOCATION;
>>> CID 1402113: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&XhciEfuse" of 1 bytes by passing it
>>> to a function which accesses it at byte offset 1.
1442 getEfuseStatus (&XhciEfuse);
1443 if ((XhciEfuse & (BIT0 + BIT1)) == (BIT0 + BIT1)) {
1444 pConfig->XhciSwitch = 0;
1445 }
1446
1447 // add Efuse checking for PCIE Gen2 enable
** CID 1402112: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieEarlyInitKB.c:
362 in PcieTopologyApplyLaneMuxKB()
________________________________________________________________________________________________________
*** CID 1402112: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieEarlyInitKB.c:
362 in PcieTopologyApplyLaneMuxKB()
356 }
357
358 CoreLaneBitmap &= (~ (1 << CurrentCoreLane));
359 PifLaneBitmap &= (~ (1 << CurrentPifLane));
360 }
361 }
>>> CID 1402112: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
362 EngineList = PcieLibGetNextDescriptor (EngineList);
363 }
364 for (Index = 0; Index < 2; ++Index) {
365 PcieRegisterWrite (
366 Wrapper,
367 WRAP_SPACE (Wrapper->WrapId, D0F0xE4_WRAP_8021_ADDRESS + Index),
** CID 1402111: Resource leaks (RESOURCE_LEAK)
/3rdparty/vboot/firmware/bdb/host.c: 413 in bdb_create()
________________________________________________________________________________________________________
*** CID 1402111: Resource leaks (RESOURCE_LEAK)
/3rdparty/vboot/firmware/bdb/host.c: 413 in bdb_create()
407
408 /* Copy hashes */
409 memcpy(bnext, p->hash, hashes_size);
410 bnext += hashes_size;
411
412 /* Create data signature using private datakey */
>>> CID 1402111: Resource leaks (RESOURCE_LEAK)
>>> Overwriting "sig" in "sig = bdb_create_sig(data, data->signed_size,
>>> p->private_datakey, p->datakey->sig_alg, p->data_sig_description)" leaks
>>> the storage that "sig" points to.
413 sig = bdb_create_sig(data, data->signed_size,
p->private_datakey,
414 p->datakey->sig_alg,
p->data_sig_description);
415 memcpy(bnext, sig, sig->struct_size);
416
417 /* Return the BDB */
418 return h;
** CID 1402110: API usage errors (PRINTF_ARGS)
/src/device/device_util.c: 233 in dev_path()
________________________________________________________________________________________________________
*** CID 1402110: API usage errors (PRINTF_ARGS)
/src/device/device_util.c: 233 in dev_path()
227 case DEVICE_PATH_USB:
228 snprintf(buffer, sizeof(buffer), "USB%u port
%u",
229 dev->path.usb.port_type,
dev->path.usb.port_id);
230 break;
231 case DEVICE_PATH_MMIO:
232 snprintf(buffer, sizeof(buffer), "MMIO: %08x",
>>> CID 1402110: API usage errors (PRINTF_ARGS)
>>> Argument "dev->path.mmio.addr" to format specifier "%08x" was expected
>>> to have type "unsigned int" but has type "unsigned long". [Note: The source
>>> code implementation of the function has been overridden by a builtin model.]
233 dev->path.mmio.addr);
234 break;
235 default:
236 printk(BIOS_ERR, "Unknown device path type:
%d\n",
237 dev->path.type);
238 break;
** CID 1402109: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieConfigKB.c: 230
in PcieConfigureDdiEnginesLaneAllocation()
________________________________________________________________________________________________________
*** CID 1402109: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieConfigKB.c: 230
in PcieConfigureDdiEnginesLaneAllocation()
224 while (EnginesList != NULL) {
225 if (PcieLibIsDdiEngine (EnginesList)) {
226 PcieConfigResetDescriptorFlags (EnginesList,
DESCRIPTOR_ALLOCATED);
227 EnginesList->EngineData.StartLane =
DdiLaneConfig->ConfigTable[LaneIndex++] + Wrapper->StartPhyLane;
228 EnginesList->EngineData.EndLane =
DdiLaneConfig->ConfigTable[LaneIndex++] + Wrapper->StartPhyLane;
229 }
>>> CID 1402109: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EnginesList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
230 EnginesList = PcieLibGetNextDescriptor (EnginesList);
231 }
232 return AGESA_SUCCESS;
233 }
234
235
/*----------------------------------------------------------------------------------------*/
** CID 1402107: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 1402107: API usage errors (PRINTF_ARGS)
/3rdparty/vboot/cgpt/cgpt_create.c: 83 in GptCreate()
77 size_t min_entries_size = MIN_NUMBER_OF_ENTRIES * h->size_of_entry;
78 size_t required_min_size = required_headers_size +
min_entries_size;
79 size_t half_size =
80 (drive->gpt.gpt_drive_sectors / 2) * drive->gpt.sector_bytes;
81 if (half_size < required_min_size) {
82 Error("Not enough space to store GPT structures. Required %d
bytes.\n",
>>> CID 1402107: API usage errors (PRINTF_ARGS)
>>> Argument "required_min_size * 2UL" to format specifier "%d" was
>>> expected to have type "int" but has type "unsigned long".
83 required_min_size * 2);
84 return -1;
85 }
86 size_t max_entries =
87 (half_size - required_headers_size) / h->size_of_entry;
88 if (h->number_of_entries > max_entries) {
** CID 1402106: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402106: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbPeLib.c: 346 in getEfuseByte()
340 getEfuseByte (
341 IN UINT8 Index
342 )
343 {
344 UINT8 Data;
345 WriteMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8,
&Index);
>>> CID 1402106: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&Data" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
346 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8 + 1,
AccWidthUint8, &Data);
347 return Data;
348 }
349
350
351 /**
** CID 1402105: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402105: (OVERRUN)
/src/vendorcode/amd/cimx/sb800/SBCMN.c: 543 in commonInitEarlyPost()
537 // Misc_Reg[12:10]=9975be
538 // Misc_Reg0B=91
539 // Misc_Reg09=21
540 // Misc_Misc_Reg_08[0]=1 -> enable spread
541 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x43, AccWidthUint8, ~BIT1,
BIT1);
542 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x19, AccWidthUint8, 0, 0x83);
>>> CID 1402105: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
543 getChipSysMode (&dbPortStatus);
544 if ( ((dbPortStatus & ChipSysIntClkGen) != ChipSysIntClkGen) ) {
545 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x1A, AccWidthUint8, ~(BIT5 +
BIT6 + BIT7), 0x80);
546 }
547
548 if ( cimSpreadSpectrumType == 0 ) {
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 674 in commonInitEarlyPost()
668 } else {
669 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD3, AccWidthUint8,
0xBF, 0x00);
670 }
671
672 // RPR PLL 100Mhz Reference Clock Buffer setting for internal clock
generator mode (BIT5)
673 // RPR OSC Clock setting for internal clock generator mode (BIT6)
>>> CID 1402105: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
674 getChipSysMode (&dbPortStatus);
675 if ( ((dbPortStatus & ChipSysIntClkGen) == ChipSysIntClkGen) ) {
676 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG04 + 1,
AccWidthUint8, ~(BIT5 + BIT6), BIT5 + BIT6);
677 }
678
679 // Set ASF SMBUS master function enabled here (temporary)
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 600 in commonInitEarlyPost()
594 // Misc_Reg[12:10]=9975be
595 // Misc_Reg0B=91
596 // Misc_Reg09=21
597 // Misc_Misc_Reg_08[0]=1 -> enable spread
598 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x43, AccWidthUint8, ~BIT1,
BIT1);
599 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x19, AccWidthUint8, 0, 0x83);
>>> CID 1402105: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
600 getChipSysMode (&dbPortStatus);
601 if ( ((dbPortStatus & ChipSysIntClkGen) != ChipSysIntClkGen) ) {
602 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x1A, AccWidthUint8, ~(BIT5
+ BIT6 + BIT7), 0x80);
603 }
604 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x12, AccWidthUint8, 0, 0x99);
605 RWMEM (ACPI_MMIO_BASE + MISC_BASE + 0x11, AccWidthUint8, 0, 0x75);
/src/vendorcode/amd/cimx/sb800/SBCMN.c: 574 in commonInitEarlyPost()
568 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG08, AccWidthUint8,
0xFE, 0x01);
569 } else {
570 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG08, AccWidthUint8,
0xFE, 0x00);
571 }
572
573 // RPR PLL 100Mhz Reference Clock Buffer setting for internal clock
generator mode
>>> CID 1402105: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
574 getChipSysMode (&dbPortStatus);
575 if ( ((dbPortStatus & ChipSysIntClkGen) == ChipSysIntClkGen) ) {
576 RWMEM (ACPI_MMIO_BASE + MISC_BASE + SB_MISC_REG04 + 1,
AccWidthUint8, ~BIT5, BIT5);
577 }
578
579 // Set ASF SMBUS master function enabled here (temporary)
** CID 1402104: Memory - illegal accesses (BUFFER_SIZE)
/src/mainboard/getac/p470/acpi_tables.c: 73 in acpi_create_ecdt()
________________________________________________________________________________________________________
*** CID 1402104: Memory - illegal accesses (BUFFER_SIZE)
/src/mainboard/getac/p470/acpi_tables.c: 73 in acpi_create_ecdt()
67 ecdt->ec_data.addrh = 0;
68
69 ecdt->uid = 1; // Must match _UID of the EC0 node.
70
71 ecdt->gpe_bit = 23; // SCI interrupt within GPEx_STS
72
>>> CID 1402104: Memory - illegal accesses (BUFFER_SIZE)
>>> Calling "strncpy" with a source string whose length (18 chars) is
>>> greater than or equal to the size argument (18) will fail to null-terminate
>>> "ecdt->ec_id".
73 strncpy((char *)ecdt->ec_id, ec_id, strlen(ec_id));
74
75 header->checksum =
76 acpi_checksum((void *) ecdt, ecdt_len);
77
78 return header->length;
** CID 1402103: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402103: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 1449 in ValidateFchVariant()
1443 if ((XhciEfuse & (BIT0 + BIT1)) == (BIT0 + BIT1)) {
1444 pConfig->XhciSwitch = 0;
1445 }
1446
1447 // add Efuse checking for PCIE Gen2 enable
1448 PcieEfuse = PCIE_FORCE_GEN1_EFUSE_LOCATION;
>>> CID 1402103: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&PcieEfuse" of 1 bytes by passing it
>>> to a function which accesses it at byte offset 1.
1449 getEfuseStatus (&PcieEfuse);
1450 if ( PcieEfuse & BIT0 ) {
1451 pConfig->NbSbGen2 = 0;
1452 pConfig->GppGen2 = 0;
1453 }
1454
** CID 1402102: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1402102: Null pointer dereferences (FORWARD_NULL)
/3rdparty/vboot/futility/cmd_bdb.c: 687 in do_bdb()
681 print_help(argc, argv);
682 return 1;
683 }
684
685 switch (mode) {
686 case OPT_MODE_ADD:
>>> CID 1402102: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "data_filename" to "do_add", which dereferences it.
687 return do_add(bdb_filename, data_filename,
688 offset, partition, type, load_address);
689 case OPT_MODE_CREATE:
690 return do_create(bdb_filename, bdbkey_pri_filename,
691 bdbkey_pub_filename, bdbkey_version,
692 datakey_pri_filename,
datakey_pub_filename,
** CID 1402101: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402101: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb900/AmdSbLib.c: 310 in SbGpioControl()
304 VOID
305 SbGpioControl (
306 IN SB_GPIO_CONTROL_ENTRY *SbGpio
307 )
308 {
309 UINT8 GpioCurrent;
>>> CID 1402101: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&GpioCurrent" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
310 ReadMEM (ACPI_MMIO_BASE + GPIO_BASE + SbGpio->GpioPin, AccWidthUint8,
&GpioCurrent );
311 if ((GpioCurrent & BIT5) == 0) {
312 RWMEM (ACPI_MMIO_BASE + GPIO_BASE + SbGpio->GpioPin, AccWidthUint8,
~ BIT6, (SbGpio->GpioControl << 6) );
313 }
314 GpioCurrent &= BIT7;
315 SbGpio->GpioControl = GpioCurrent >> 7;
** CID 1402100: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV5/PcieWrapperServicesV5.c:
120 in PcieTopologyIsGen3SupportedV5()
________________________________________________________________________________________________________
*** CID 1402100: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV5/PcieWrapperServicesV5.c:
120 in PcieTopologyIsGen3SupportedV5()
114 if ((LaneBitmap & NibbleBitmap) != 0) {
115 if (++LaneNibbleArray [Nibble] > 1) {
116 return FALSE;
117 }
118 }
119 }
>>> CID 1402100: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "Engine" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
120 Engine = PcieLibGetNextDescriptor (Engine);
121 }
122 return TRUE;
123 }
124
125
/*----------------------------------------------------------------------------------------*/
** CID 1402099: Parse warnings (PARSE_ERROR)
/payloads/libpayload/include/arm64/arch/types.h: 48 in ()
________________________________________________________________________________________________________
*** CID 1402099: Parse warnings (PARSE_ERROR)
/payloads/libpayload/include/arm64/arch/types.h: 48 in ()
42
43 typedef unsigned int uint32_t;
44 typedef unsigned int u32;
45 typedef signed int int32_t;
46 typedef signed int s32;
47
>>> CID 1402099: Parse warnings (PARSE_ERROR)
>>> invalid redeclaration of type name "uint64_t" (declared at line 1417 of
>>> "/home/coreboot/slave-root/workspace/coreboot-coverity/cov-int/emit/63b4cc02a380/config/7c949609d3e4431ed76dcb649e695d10/gcc-config-0/coverity-compiler-compat.h")
48 typedef unsigned long long uint64_t;
49 typedef unsigned long long u64;
50 typedef signed long long int64_t;
51 typedef signed long long s64;
52
53 typedef long time_t;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvaU4HClancRgJSp1vcdHRWU-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5b7pgcEGIiE8L55iqJLOFPJSHeSLUtIXc6zjQpNxYOLYjLd-2F3vmVpCLCCYCP-2BIS5xFua8Lph8bj4kgdC-2BmE-2FDfAxrxnJLKXXTP2k7RUlEtw6hryIXFuG10JyNSDWl7msgDY63b1BM14PztTycX0b2Lqt1Raip4sfpLakfZSCLWZoiuYswnNEQh-2BP-2BUpkG3bdYs-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
