Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
106 new defect(s) introduced to coreboot found with Coverity Scan.
77 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 106 defect(s)
** CID 1402138: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402138: (OVERRUN)
/src/vendorcode/amd/cimx/sb900/Sata.c: 601 in sataInitAfterPciEnum()
595
596 sataBar5setting (pConfig, &ddBar5);
597
598 ReadPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,
&dbVar);
599 RWPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,
0xFF, 0x03); //memory and io access enable
600 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
>>> CID 1402138: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
601 getEfuseStatus (&dbEfuse);
602
603 if ( !cimSataPortMultCap ) {
604 ddAndMask |= BIT12;
605 }
606 if ( cimSataAggrLinkPmCap ) {
/src/vendorcode/amd/cimx/sb800/SATA.c: 407 in sataInitAfterPciEnum()
401
402 sataBar5setting (pConfig, &ddBar5);
403
404 ReadPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,
&dbVar);
405 RWPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04),
AccWidthUint8,0xFF, 0x03); //memory and io access enable
406 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
>>> CID 1402138: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
407 getEfuseStatus (&dbEfuse);
408
409 if ( !cimSataPortMultCap ) {
410 ddAndMask |= BIT12;
411 }
412 if ( cimSataAggrLinkPmCap ) {
** CID 1402137: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402137: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbPeLib.c: 345 in getEfuseByte()
339 UINT8
340 getEfuseByte (
341 IN UINT8 Index
342 )
343 {
344 UINT8 Data;
>>> CID 1402137: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&Index" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
345 WriteMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8,
&Index);
346 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8 + 1,
AccWidthUint8, &Data);
347 return Data;
348 }
349
350
** CID 1402136: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
428 in PcieMapTopologyOnWrapper()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
________________________________________________________________________________________________________
*** CID 1402136: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
408 Status = AGESA_ERROR;
409 AGESA_STATUS_UPDATE (Status, AgesaStatus);
410 } else {
411 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap;
412 }
413 }
>>> CID 1402136: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
414 EngineList = PcieLibGetNextDescriptor (EngineList);
415 }
416 IDS_HDT_CONSOLE (GNB_TRACE, "PcieMapTopologyOnWrapper Exit [%d]\n",
AgesaStatus);
417 return AgesaStatus;
418 }
419
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
428 in PcieMapTopologyOnWrapper()
422 Status = AGESA_ERROR;
423 AGESA_STATUS_UPDATE (Status, AgesaStatus);
424 } else {
425 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap;
426 }
427 }
>>> CID 1402136: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
428 EngineList = PcieLibGetNextDescriptor (EngineList);
429 }
430 return AgesaStatus;
431 }
432
433
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c:
414 in PcieMapTopologyOnWrapper()
408 Status = AGESA_ERROR;
409 AGESA_STATUS_UPDATE (Status, AgesaStatus);
410 } else {
411 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap;
412 }
413 }
>>> CID 1402136: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
414 EngineList = PcieLibGetNextDescriptor (EngineList);
415 }
416 IDS_HDT_CONSOLE (GNB_TRACE, "PcieMapTopologyOnWrapper Exit [%d]\n",
AgesaStatus);
417 return AgesaStatus;
418 }
419
** CID 1402135: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1402135: Insecure data handling (TAINTED_SCALAR)
/util/cbfstool/cbfstool.c: 1726 in main()
1720
1721 if (commands[i].function == cbfs_create) {
1722 if (param.fmap) {
1723 struct buffer flashmap;
1724 if (buffer_from_file(&flashmap,
param.fmap))
1725 return 1;
>>> CID 1402135: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "flashmap.data" to a tainted sink.
1726 param.image_file =
partitioned_file_create(
1727 image_name,
&flashmap);
1728 buffer_delete(&flashmap);
1729 } else if (param.size) {
1730 param.image_file =
partitioned_file_create_flat(
1731 image_name,
param.size);
** CID 1402134: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402134: (OVERRUN)
/src/vendorcode/amd/cimx/sb800/SBCMN.c: 982 in softwareToggleImcStrapping()
976 {
977 UINT8 dbValue;
978 UINT8 dbPortStatus;
979 UINT32 abValue;
980 UINT32 abValue1;
981
>>> CID 1402134: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
982 getChipSysMode (&dbPortStatus);
983
984 ReadPMIO (SB_PMIOA_REGBF, AccWidthUint8, &dbValue);
985 //if ( (dbValue & (BIT6 + BIT7)) != 0xC0 ) { // PwrGoodOut =1,
PwrGoodEnB=1
986 //The strapStatus register is not mapped into StrapOveride not in the
same bit position. The following is difference.
987
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 1248 in softwareToggleImcStrapping()
1242 {
1243 UINT8 dbValue;
1244 UINT8 dbPortStatus;
1245 UINT32 abValue;
1246 UINT32 abValue1;
1247
>>> CID 1402134: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing
>>> it to a function which accesses it at byte offset 1.
1248 getChipSysMode (&dbPortStatus);
1249
1250 ReadPMIO (SB_PMIOA_REGBF, AccWidthUint8, &dbValue);
1251 //if ( (dbValue & (BIT6 + BIT7)) != 0xC0 ) { // PwrGoodOut =1,
PwrGoodEnB=1
1252 //The strapStatus register is not mapped into StrapOveride not in
the same bit position. The following is difference.
1253
** CID 1402133: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
249 in PcieTopologyApplyLaneMux()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
249 in PcieTopologyApplyLaneMux()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
226 in PcieTopologyApplyLaneMux()
________________________________________________________________________________________________________
*** CID 1402133: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
249 in PcieTopologyApplyLaneMux()
243 if (TxLaneMuxSelectorArray [PhyLaneIndex] != CoreLaneIndex) {
244 TxLaneMuxSelectorArray [PcieTopologyLocateMuxIndex
(TxLaneMuxSelectorArray, CoreLaneIndex)] = TxLaneMuxSelectorArray
[PhyLaneIndex];
245 TxLaneMuxSelectorArray [PhyLaneIndex] = CoreLaneIndex;
246 }
247 }
248 }
>>> CID 1402133: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
249 EngineList = PcieLibGetNextDescriptor (EngineList);
250 }
251 RxMaxSelectorValue = 0;
252 TxMaxSelectorValue = 0;
253 for (Index = 0; Index < sizeof (LaneMuxSelectorTable); Index++) {
254 RxMaxSelectorValue |= (RxLaneMuxSelectorArray[Index] << (Index *
4));
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
249 in PcieTopologyApplyLaneMux()
243 if (TxLaneMuxSelectorArray [PhyLaneIndex] != CoreLaneIndex) {
244 TxLaneMuxSelectorArray [PcieTopologyLocateMuxIndex
(TxLaneMuxSelectorArray, CoreLaneIndex)] = TxLaneMuxSelectorArray
[PhyLaneIndex];
245 TxLaneMuxSelectorArray [PhyLaneIndex] = CoreLaneIndex;
246 }
247 }
248 }
>>> CID 1402133: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
249 EngineList = PcieLibGetNextDescriptor (EngineList);
250 }
251 RxMaxSelectorValue = 0;
252 TxMaxSelectorValue = 0;
253 for (Index = 0; Index < sizeof (LaneMuxSelectorTable); Index++) {
254 RxMaxSelectorValue |= (RxLaneMuxSelectorArray[Index] << (Index *
4));
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
226 in PcieTopologyApplyLaneMux()
220 if (TxLaneMuxSelectorArray [PhyLaneIndex] != CoreLaneIndex) {
221 TxLaneMuxSelectorArray [PcieTopologyLocateMuxIndex
(TxLaneMuxSelectorArray, CoreLaneIndex)] = TxLaneMuxSelectorArray
[PhyLaneIndex];
222 TxLaneMuxSelectorArray [PhyLaneIndex] = CoreLaneIndex;
223 }
224 }
225 }
>>> CID 1402133: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
226 EngineList = PcieLibGetNextDescriptor (EngineList);
227 }
228 RxMaxSelectorValue = 0;
229 TxMaxSelectorValue = 0;
230 for (Index = 0; Index < sizeof (LaneMuxSelectorTable); Index++) {
231 RxMaxSelectorValue |= (RxLaneMuxSelectorArray[Index] << (Index *
4));
** CID 1402132: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
164 in PcieConfigDisableAllEngines()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
167 in PcieConfigDisableAllEngines()
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
167 in PcieConfigDisableAllEngines()
________________________________________________________________________________________________________
*** CID 1402132: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
164 in PcieConfigDisableAllEngines()
158 PCIe_ENGINE_CONFIG *EngineList;
159 EngineList = PcieConfigGetChildEngine (Wrapper);
160 while (EngineList != NULL) {
161 if ((EngineList->EngineData.EngineType & EngineTypeMask) != 0) {
162 PcieConfigDisableEngine (EngineList);
163 }
>>> CID 1402132: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
164 EngineList = PcieLibGetNextDescriptor (EngineList);
165 }
166 }
167
168
169
/*----------------------------------------------------------------------------------------*/
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
167 in PcieConfigDisableAllEngines()
161 PCIe_ENGINE_CONFIG *EngineList;
162 EngineList = PcieConfigGetChildEngine (Wrapper);
163 while (EngineList != NULL) {
164 if ((EngineList->EngineData.EngineType & EngineTypeMask) != 0) {
165 PcieConfigDisableEngine (EngineList);
166 }
>>> CID 1402132: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
167 EngineList = PcieLibGetNextDescriptor (EngineList);
168 }
169 }
170
171
172
/*----------------------------------------------------------------------------------------*/
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
167 in PcieConfigDisableAllEngines()
161 PCIe_ENGINE_CONFIG *EngineList;
162 EngineList = PcieConfigGetChildEngine (Wrapper);
163 while (EngineList != NULL) {
164 if ((EngineList->EngineData.EngineType & EngineTypeMask) != 0) {
165 PcieConfigDisableEngine (EngineList);
166 }
>>> CID 1402132: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
167 EngineList = PcieLibGetNextDescriptor (EngineList);
168 }
169 }
170
171
172
/*----------------------------------------------------------------------------------------*/
** CID 1402131: Memory - corruptions (OVERRUN)
/src/soc/samsung/exynos5420/fimd.c: 358 in exynos_fimd_lcd_init()
________________________________________________________________________________________________________
*** CID 1402131: Memory - corruptions (OVERRUN)
/src/soc/samsung/exynos5420/fimd.c: 358 in exynos_fimd_lcd_init()
352 lwritel(cfg, &FIMD_CTRL->vidcon1 + offset);
353
354 /* set timing */
355 cfg = EXYNOS_VIDTCON0_VFPD(vid->vl_vfpd - 1);
356 cfg |= EXYNOS_VIDTCON0_VBPD(vid->vl_vbpd - 1);
357 cfg |= EXYNOS_VIDTCON0_VSPW(vid->vl_vspw - 1);
>>> CID 1402131: Memory - corruptions (OVERRUN)
>>> "&(struct exynos_fb *)0x14400000->vidtcon0 + offset" evaluates to an
>>> address that is at byte offset 131072 of an array of 624 bytes.
358 lwritel(cfg, &FIMD_CTRL->vidtcon0 + offset);
359
360 cfg = EXYNOS_VIDTCON1_HFPD(vid->vl_hfpd - 1);
361 cfg |= EXYNOS_VIDTCON1_HBPD(vid->vl_hbpd - 1);
362 cfg |= EXYNOS_VIDTCON1_HSPW(vid->vl_hspw - 1);
363
** CID 1402130: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieConfigTN.c: 489
in PcieConfigureDdi2EnginesLaneAllocationTN()
________________________________________________________________________________________________________
*** CID 1402130: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieConfigTN.c: 489
in PcieConfigureDdi2EnginesLaneAllocationTN()
483 }
484 LaneIndex = 0;
485 while (EnginesList != NULL) {
486 PcieConfigResetDescriptorFlags (EnginesList, DESCRIPTOR_ALLOCATED);
487 EnginesList->EngineData.StartLane = Ddi2LaneConfigurationTable
[ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
488 EnginesList->EngineData.EndLane = Ddi2LaneConfigurationTable
[ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
>>> CID 1402130: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EnginesList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
489 EnginesList = PcieLibGetNextDescriptor (EnginesList);
490 }
491 return AGESA_SUCCESS;
492 }
493
494
** CID 1402129: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402129: (OVERRUN)
/src/vendorcode/amd/cimx/sb800/SBPort.c: 186 in sbPowerOnInit()
180 writeAlink (0x34, readAlink (0x34) | BIT9);
181
182 dbEfuse = FUSE_ID_EFUSE_LOC;
183 getEfuseStatus (&dbEfuse);
184 if ( dbEfuse == M1_D1_FUSE_ID ) {
185 dbEfuse = MINOR_ID_EFUSE_LOC;
>>> CID 1402129: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
186 getEfuseStatus (&dbEfuse);
187 if ( dbEfuse == M1_MINOR_ID ) {
188 // Limit ALink speed to 2.5G if Hudson-M1
189 cimNbSbGen2 = 0;
190 }
191 }
/src/vendorcode/amd/cimx/sb900/SBPort.c: 236 in sbPowerOnInit()
230 getEfuseStatus (&dbEfuse);
231 if ( dbEfuse & BIT0 ) {
232 pConfig->NbSbGen2 = 0;
233 }
234
235 dbEfuse = FCH_Variant_EFUSE_LOCATION;
>>> CID 1402129: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
236 getEfuseStatus (&dbEfuse);
237 if ((dbEfuse == 0x07) || (dbEfuse == 0x08)) {
238 pConfig->NbSbGen2 = 0;
239 }
240
241 if (pConfig->NbSbGen2) {
/src/vendorcode/amd/cimx/sb900/SBPort.c: 284 in sbPowerOnInit()
278 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG2E, AccWidthUint8,
~(BIT1 + BIT2), 0); //clear BIT[2:1]
279 smbusBase = (UINT16) (pConfig->BuildParameters.Smbus0BaseAddress);
280 dbValue = 0x00;
281 WriteIO (smbusBase + 0x14, AccWidthUint8, &dbValue);
282
283 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
>>> CID 1402129: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
284 getEfuseStatus (&dbEfuse);
285
286 programSbAcpiMmioTbl ((AcpiRegWrite*) FIXUP_PTR
(&sbPmioPorInitTable[0]));
287
288 //RPR 3.4 Enabling ClkRun Function
289 RWPCI ((LPC_BUS_DEV_FUN << 16) + SB_LPC_REGBB, AccWidthUint8, ~ BIT2,
BIT2);
/src/vendorcode/amd/cimx/sb900/SBPort.c: 230 in sbPowerOnInit()
224 //abValue = readAlink (SB_AX_DATAC_REG34 | (UINT32) (AXINDC << 29));
225 //abValue |= BIT6 + BIT5;
226 //writeAlink (SB_AX_DATAC_REG34 | (UINT32) (AXINDC << 29), abValue);
227
228 // Configure UMI target link speed
229 dbEfuse = PCIE_FORCE_GEN1_EFUSE_LOCATION;
>>> CID 1402129: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
230 getEfuseStatus (&dbEfuse);
231 if ( dbEfuse & BIT0 ) {
232 pConfig->NbSbGen2 = 0;
233 }
234
235 dbEfuse = FCH_Variant_EFUSE_LOCATION;
/src/vendorcode/amd/cimx/sb800/SBPort.c: 228 in sbPowerOnInit()
222 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG6A, AccWidthUint16,
00, (pConfig->BuildParameters.SmiCmdPortAddr));
223 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG6C, AccWidthUint16,
00, (pConfig->BuildParameters.AcpiPmaCntBlkAddr));
224 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG6E, AccWidthUint16,
00, (pConfig->BuildParameters.SmiCmdPortAddr) + 8);
225 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG48, AccWidthUint32,
00, (pConfig->BuildParameters.WatchDogTimerBase));
226
227 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
>>> CID 1402129: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
228 getEfuseStatus (&dbEfuse);
229
230 programSbAcpiMmioTbl ((AcpiRegWrite*) FIXUP_PTR
(&sbPmioPorInitTable[0]));
231
232
233 SataPortNum = 0;
/src/vendorcode/amd/cimx/sb800/SBPort.c: 183 in sbPowerOnInit()
177 abValue = abValue | BIT0;
178 writeAlink (SB_ABCFG_REG9C | (UINT32) (ABCFG << 29), abValue);
179 writeAlink (0x30, 0x10); // AXINDC 0x10[9]=1, Enabling
Non-Posted memory write for K8 platform.
180 writeAlink (0x34, readAlink (0x34) | BIT9);
181
182 dbEfuse = FUSE_ID_EFUSE_LOC;
>>> CID 1402129: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
183 getEfuseStatus (&dbEfuse);
184 if ( dbEfuse == M1_D1_FUSE_ID ) {
185 dbEfuse = MINOR_ID_EFUSE_LOC;
186 getEfuseStatus (&dbEfuse);
187 if ( dbEfuse == M1_MINOR_ID ) {
188 // Limit ALink speed to 2.5G if Hudson-M1
** CID 1402128: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 1402128: API usage errors (PRINTF_ARGS)
/3rdparty/vboot/cgpt/cgpt_create.c: 18 in AllocAndClear()
12 static void AllocAndClear(uint8_t **buf, uint64_t size) {
13 if (*buf) {
14 memset(*buf, 0, size);
15 } else {
16 *buf = calloc(1, size);
17 if (!*buf) {
>>> CID 1402128: API usage errors (PRINTF_ARGS)
>>> Argument "size" to format specifier "%u" was expected to have type
>>> "unsigned int" but has type "unsigned long".
18 Error("Cannot allocate %u bytes.\n", size);
19 abort();
20 }
21 }
22 }
23
** CID 1402126: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
242 in PcieConfigGetConfigurationSignature()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
242 in PcieConfigGetConfigurationSignature()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
239 in PcieConfigGetConfigurationSignature()
________________________________________________________________________________________________________
*** CID 1402126: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
242 in PcieConfigGetConfigurationSignature()
236 ConfigurationSignature = 0;
237 EngineList = PcieConfigGetChildEngine (Wrapper);
238 while (EngineList != NULL) {
239 if (PcieConfigIsPcieEngine (EngineList) &&
EngineList->Type.Port.CoreId == CoreId) {
240 ConfigurationSignature = (ConfigurationSignature << 8) |
PcieConfigGetNumberOfCoreLane (EngineList);
241 }
>>> CID 1402126: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
242 EngineList = PcieLibGetNextDescriptor (EngineList);
243 }
244 return ConfigurationSignature;
245 }
246
247
/*----------------------------------------------------------------------------------------*/
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
242 in PcieConfigGetConfigurationSignature()
236 ConfigurationSignature = 0;
237 EngineList = PcieConfigGetChildEngine (Wrapper);
238 while (EngineList != NULL) {
239 if (PcieConfigIsPcieEngine (EngineList) &&
EngineList->Type.Port.CoreId == CoreId) {
240 ConfigurationSignature = (ConfigurationSignature << 8) |
PcieConfigGetNumberOfCoreLane (EngineList);
241 }
>>> CID 1402126: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
242 EngineList = PcieLibGetNextDescriptor (EngineList);
243 }
244 return ConfigurationSignature;
245 }
246
247
/*----------------------------------------------------------------------------------------*/
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c:
239 in PcieConfigGetConfigurationSignature()
233 ConfigurationSignature = 0;
234 EngineList = PcieConfigGetChildEngine (Wrapper);
235 while (EngineList != NULL) {
236 if (EngineList->Type.Port.CoreId == CoreId) {
237 ConfigurationSignature = (ConfigurationSignature << 8) |
PcieConfigGetNumberOfCoreLane (EngineList);
238 }
>>> CID 1402126: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
239 EngineList = PcieLibGetNextDescriptor (EngineList);
240 }
241 return ConfigurationSignature;
242 }
243
244
/*----------------------------------------------------------------------------------------*/
** CID 1402125: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
474 in PcieTopologySetLinkReversal()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
441 in PcieTopologySetLinkReversal()
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
474 in PcieTopologySetLinkReversal()
________________________________________________________________________________________________________
*** CID 1402125: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
474 in PcieTopologySetLinkReversal()
468 FALSE,
469 Pcie
470 );
471 }
472 }
473 }
>>> CID 1402125: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
474 EngineList = PcieLibGetNextDescriptor (EngineList);
475 }
476 IDS_HDT_CONSOLE (GNB_TRACE, "PcieTopologySetLinkReversal Exit\n");
477 }
478
479
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
441 in PcieTopologySetLinkReversal()
435 FALSE,
436 Pcie
437 );
438 }
439 }
440 }
>>> CID 1402125: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
441 EngineList = PcieLibGetNextDescriptor (EngineList);
442 }
443 IDS_HDT_CONSOLE (GNB_TRACE, "PcieTopologySetLinkReversal Exit\n");
444 }
445
446
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c:
474 in PcieTopologySetLinkReversal()
468 FALSE,
469 Pcie
470 );
471 }
472 }
473 }
>>> CID 1402125: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
474 EngineList = PcieLibGetNextDescriptor (EngineList);
475 }
476 IDS_HDT_CONSOLE (GNB_TRACE, "PcieTopologySetLinkReversal Exit\n");
477 }
478
479
** CID 1402124: Memory - corruptions (OVERRUN)
/src/soc/samsung/exynos5420/fimd.c: 364 in exynos_fimd_lcd_init()
________________________________________________________________________________________________________
*** CID 1402124: Memory - corruptions (OVERRUN)
/src/soc/samsung/exynos5420/fimd.c: 364 in exynos_fimd_lcd_init()
358 lwritel(cfg, &FIMD_CTRL->vidtcon0 + offset);
359
360 cfg = EXYNOS_VIDTCON1_HFPD(vid->vl_hfpd - 1);
361 cfg |= EXYNOS_VIDTCON1_HBPD(vid->vl_hbpd - 1);
362 cfg |= EXYNOS_VIDTCON1_HSPW(vid->vl_hspw - 1);
363
>>> CID 1402124: Memory - corruptions (OVERRUN)
>>> "&(struct exynos_fb *)0x14400000->vidtcon1 + offset" evaluates to an
>>> address that is at byte offset 131072 of an array of 620 bytes.
364 lwritel(cfg, &FIMD_CTRL->vidtcon1 + offset);
365
366 /* set lcd size */
367 cfg = EXYNOS_VIDTCON2_HOZVAL(vid->vl_col - 1) |
368 EXYNOS_VIDTCON2_LINEVAL(vid->vl_row - 1) |
369 EXYNOS_VIDTCON2_HOZVAL_E(vid->vl_col - 1) |
** CID 1402123: Memory - illegal accesses (OVERRUN)
/3rdparty/arm-trusted-firmware/lib/pmf/pmf_main.c: 100 in pmf_setup()
________________________________________________________________________________________________________
*** CID 1402123: Memory - illegal accesses (OVERRUN)
/3rdparty/arm-trusted-firmware/lib/pmf/pmf_main.c: 100 in pmf_setup()
94 /*
95 * Sort the successfully registered PMF services
96 * according to service ID
97 */
98 for (ii = 1; ii < pmf_num_services; ii++) {
99 for (jj = 0; jj < (pmf_num_services - ii); jj++) {
>>> CID 1402123: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 8 bytes at byte offset 40 by dereferencing pointer
>>> "pmf_svc_descs + (jj + 1)".
100 if ((pmf_svc_descs[jj].svc_config &
PMF_SVC_ID_MASK) >
101 (pmf_svc_descs[jj + 1].svc_config &
102 PMF_SVC_ID_MASK)) {
103 temp_val = pmf_svc_descs_indices[jj];
104 pmf_svc_descs_indices[jj] =
105
pmf_svc_descs_indices[jj+1];
** CID 1402122: Insecure data handling (TAINTED_SCALAR)
/util/cbfstool/cbfs_image.c: 1325 in cbfs_export_entry()
________________________________________________________________________________________________________
*** CID 1402122: Insecure data handling (TAINTED_SCALAR)
/util/cbfstool/cbfs_image.c: 1325 in cbfs_export_entry()
1319 LOG("Found file %.30s at 0x%x, type %.12s, compressed %d, size
%d\n",
1320 entry_name, cbfs_get_entry_addr(image, entry),
1321 get_cbfs_entry_type_name(ntohl(entry->type)),
compressed_size,
1322 decompressed_size);
1323
1324 buffer_init(&buffer, strdup("(cbfs_export_entry)"), NULL, 0);
>>> CID 1402122: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "buffer_len" to a tainted sink. [Note: The
>>> source code implementation of the function has been overridden by a builtin
>>> model.]
1325 buffer.data = malloc(buffer_len);
1326 buffer.size = buffer_len;
1327
1328 if (decompress(CBFS_SUBHEADER(entry), compressed_size,
1329 buffer.data, buffer.size, NULL)) {
1330 ERROR("decompression failed for %s\n", entry_name);
** CID 1402121: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402121: Memory - corruptions (OVERRUN)
/src/vendorcode/amd/cimx/sb800/SBPort.c: 285 in sbPowerOnInit()
279 WriteIO (SB_IOMAP_REG71, AccWidthUint8, &dbValue);
280
281 // Change the CG PLL multiplier to x1.1
282 if ( pConfig->UsbRxMode !=0 ) {
283 dbCg2WR = 0x00;
284 dbCg1Pll = 0x3A;
>>> CID 1402121: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "&dbCg2WR" of 1 bytes by passing it to
>>> a function which accesses it at byte offset 1.
285 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGC8,
AccWidthUint8, &dbCg2WR);
286 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8,
0, 0x3A);
287 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD9,
AccWidthUint8, &dbCg1Pll);
288 dbCg2WR &= BIT4;
289 if (( dbCg2WR == 0x00 ) && ( dbCg1Pll !=0x10 ))
290 {
** CID 1402120: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c:
232 in PcieSiliconHidePorts()
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c:
233 in PcieSiliconHidePorts()
________________________________________________________________________________________________________
*** CID 1402120: (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c:
232 in PcieSiliconHidePorts()
226 if (!PcieConfigCheckPortStatus (EngineList,
INIT_STATUS_PCIE_TRAINING_SUCCESS) &&
227 ((EngineList->Type.Port.PortData.LinkHotplug ==
HotplugDisabled) || (EngineList->Type.Port.PortData.LinkHotplug ==
HotplugInboard)) &&
228 !PcieConfigIsSbPcieEngine (EngineList)) {
229 D0F0x64_x0C.Value |= 1 <<
EngineList->Type.Port.NativeDevNumber;
230 }
231 }
>>> CID 1402120: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
232 EngineList = PcieLibGetNextDescriptor (EngineList);
233 }
234 WrapperList = PcieLibGetNextDescriptor (WrapperList);
235 }
236
237 GnbLibPciIndirectRMW (
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c:
233 in PcieSiliconHidePorts()
227 while (EngineList != NULL) {
228 if (PcieConfigIsPcieEngine (EngineList)) {
229 if (PcieConfigIsActivePcieEngine (EngineList) &&
!PcieConfigIsSbPcieEngine (EngineList)) {
230 D0F0x64_x0C.Value &= ~(1 <<
EngineList->Type.Port.Address.Address.Device);
231 }
232 }
>>> CID 1402120: (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
233 EngineList = PcieLibGetNextDescriptor (EngineList);
234 }
235 WrapperList = PcieLibGetNextDescriptor (WrapperList);
236 }
237
238 GnbLibPciIndirectRMW (
** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in
PcieTopologySelectMasterPllKB()
________________________________________________________________________________________________________
*** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in
PcieTopologySelectMasterPllKB()
410 MasterLane = (EngineMasterLane < MasterLane) ? EngineMasterLane
: MasterLane;
411 if (PcieConfigIsSbPcieEngine (EngineList)) {
412 break;
413 }
414 }
415 }
>>> CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Using "EngineList" as an array. This might corrupt or misinterpret
>>> adjacent memory locations.
416 EngineList = PcieLibGetNextDescriptor (EngineList);
417 }
418
419 if (MasterLane == 0xffff) {
420 if (MasterHotplugLane != 0xffff) {
421 MasterLane = MasterHotplugLane;
** CID 1402118: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1402118: (OVERRUN)
/src/vendorcode/amd/cimx/sb900/SbCmn.c: 1219 in validateImcFirmware()
1213 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0);
1214 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1);
1215 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2);
1216 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) &&
(ImcBinSig2 == 0x435F) ) {
1217 dbIMCChecksume = 0;
1218 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++
) {
>>> CID 1402118: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
1219 ReadMEM (CurAddr, AccWidthUint8, &dbIMC);
1220 dbIMCChecksume = dbIMCChecksume + dbIMC;
1221 }
1222 }
1223 }
1224 if ( dbIMCChecksume ) {
/src/vendorcode/amd/cimx/sb800/SBCMN.c: 953 in validateImcFirmware()
947 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0);
948 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1);
949 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2);
950 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) &&
(ImcBinSig2 == 0x435F) ) {
951 dbIMCChecksume = 0;
952 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++ )
{
>>> CID 1402118: (OVERRUN)
>>> Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a
>>> function which accesses it at byte offset 1.
953 ReadMEM (CurAddr, AccWidthUint8, &dbIMC);
954 dbIMCChecksume = dbIMCChecksume + dbIMC;
955 }
956 }
957 }
958 if ( dbIMCChecksume ) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvaU4HClancRgJSp1vcdHRWU-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZU4mMflXKUFCo0Gs0nr17CA61URq1AhVAsfkXeloRgcTePkdmgyTSnsSfTSOCmSzXsgjNCUXoDISsgNOlYyKQZRHxd3umArO260xodfnWYjoHvoLWS-2BtM-2BuaOHTJOS-2FLaAkVaoCe4bdNQn1EA9uYZvHIQs5irAjOO7EGBhXdeUoHai8jtSrCWPM6qcxjaKJ9o-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
