Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1490371: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 23 in soc_read_resources()
________________________________________________________________________________________________________
*** CID 1490371: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 23 in soc_read_resources()
17 static void soc_read_resources(struct device *dev)
18 {
19 u32 lcdbase = fb_base_mb();
20 unsigned long fb_size = FB_SIZE_MB;
21
22 ram_from_to(dev, 0, (uintptr_t)_dram, (sdram_max_addressable_mb() -
fb_size) * MiB);
>>> CID 1490371: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "lcdbase * 1048576U" with type
>>> "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic,
>>> and then used in a context that expects an expression of type "uint64_t"
>>> (64 bits, unsigned).
23 mmio_range(dev, 1, lcdbase * MiB, fb_size * MiB);
24
25 ram_from_to(dev, 2, sdram_max_addressable_mb() * MiB,
26 (uintptr_t)_dram + sdram_size_mb() * (uint64_t)MiB);
27 }
28
** CID 1490370: (OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 69 in
cpu_pci_domain_read_resources()
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 101 in
cpu_pci_domain_read_resources()
________________________________________________________________________________________________________
*** CID 1490370: (OVERFLOW_BEFORE_WIDEN)
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 69 in
cpu_pci_domain_read_resources()
63 case 1: /* RAM */
64 printk(BIOS_DEBUG, "QEMU: e820/ram: 0x%08llx +
0x%08llx\n",
65 list[i].address, list[i].length);
66 if (list[i].address == 0) {
67 tomk = list[i].length / 1024;
68 ram_from_to(dev, idx++, 0, 0xa0000);
>>> CID 1490370: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "tomk * 1024UL" with type "unsigned
>>> long" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
69 ram_from_to(dev, idx++, 0xc0000, tomk *
KiB);
70 } else {
71 ram_range(dev, idx++, list[i].address,
list[i].length);
72 }
73 break;
74 case 2: /* reserved */
/src/mainboard/emulation/qemu-i440fx/northbridge.c: 101 in
cpu_pci_domain_read_resources()
95 uint64_t high = qemu_get_high_memory_size();
96 printk(BIOS_DEBUG, "QEMU: cmos: %lu MiB RAM below 4G.\n", tomk
/ 1024);
97 printk(BIOS_DEBUG, "QEMU: cmos: %llu MiB RAM above 4G.\n", high
/ 1024);
98
99 /* Report the memory regions. */
100 ram_from_to(dev, idx++, 0, 0xa0000);
>>> CID 1490370: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "tomk * 1024UL" with type "unsigned
>>> long" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then
>>> used in a context that expects an expression of type "uint64_t" (64 bits,
>>> unsigned).
101 ram_from_to(dev, idx++, 0xc0000, tomk * KiB);
102
103 if (high)
104 upper_ram_end(dev, idx++, 4ull * GiB + high *
KiB);
105 }
106
** CID 1490369: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 22 in soc_read_resources()
________________________________________________________________________________________________________
*** CID 1490369: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 22 in soc_read_resources()
16 */
17 static void soc_read_resources(struct device *dev)
18 {
19 u32 lcdbase = fb_base_mb();
20 unsigned long fb_size = FB_SIZE_MB;
21
>>> CID 1490369: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(sdram_max_addressable_mb() -
>>> fb_size) * 1048576UL" with type "unsigned long" (32 bits, unsigned) is
>>> evaluated using 32-bit arithmetic, and then used in a context that expects
>>> an expression of type "uint64_t" (64 bits, unsigned).
22 ram_from_to(dev, 0, (uintptr_t)_dram, (sdram_max_addressable_mb() -
fb_size) * MiB);
23 mmio_range(dev, 1, lcdbase * MiB, fb_size * MiB);
24
25 ram_from_to(dev, 2, sdram_max_addressable_mb() * MiB,
26 (uintptr_t)_dram + sdram_size_mb() * (uint64_t)MiB);
27 }
** CID 1490368: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 25 in soc_read_resources()
________________________________________________________________________________________________________
*** CID 1490368: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/src/soc/nvidia/tegra124/soc.c: 25 in soc_read_resources()
19 u32 lcdbase = fb_base_mb();
20 unsigned long fb_size = FB_SIZE_MB;
21
22 ram_from_to(dev, 0, (uintptr_t)_dram, (sdram_max_addressable_mb() -
fb_size) * MiB);
23 mmio_range(dev, 1, lcdbase * MiB, fb_size * MiB);
24
>>> CID 1490368: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "sdram_max_addressable_mb() *
>>> 1048576UL" with type "unsigned long" (32 bits, unsigned) is evaluated using
>>> 32-bit arithmetic, and then used in a context that expects an expression of
>>> type "uint64_t" (64 bits, unsigned).
25 ram_from_to(dev, 2, sdram_max_addressable_mb() * MiB,
26 (uintptr_t)_dram + sdram_size_mb() * (uint64_t)MiB);
27 }
28
29 static void soc_init(struct device *dev)
30 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D1PVg_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3AXpC-2BmEJPCVrhBpaC7wr-2F1ASknb8yU7lWkMpZv3K6DNAZJeExvAk-2FJ-2BQskUB44ATbuZM5kCATFkuzuc-2BobMROzLnldg8MR53RwXdU2BQgCItuLL3b7knXUU6uf-2FNagm-2Bh7-2BpSP-2Bk-2FnYpRzsNQuG-2FLzKhwKMgC6y25sMAxD7KQp-2Ff-2B2HOoPFaayNPKbI2SkaM-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
