Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
15 new defect(s) introduced to coreboot found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)
** CID 1518916: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518916: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params()
158
159 /* Configure PSE peripherals */
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
>>> CID 1518916: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseHsuartEnable" of 4 bytes by passing it
>>> to a function which accesses it at byte offset 15 using argument "16UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
** CID 1518915: (TAINTED_SCALAR)
/src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init()
/src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init()
/src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init()
________________________________________________________________________________________________________
*** CID 1518915: (TAINTED_SCALAR)
/src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init()
149 (hdr->fw_version & 0xFF <<
150 FW_REV_VERSION_SHFT);
151 write32(®s->se_s_fw_revision, reg_value);
152
153 assert(hdr->fw_size_in_items <= SIZE_GENI_FW_RAM);
154
>>> CID 1518915: (TAINTED_SCALAR)
>>> Passing tainted expression "hdr->fw_size_in_items * 4UL" to "memcpy",
>>> which uses it as an offset. [Note: The source code implementation of the
>>> function has been overridden by a builtin model.]
155 memcpy((®s->se_geni_cfg_ramn), fw_val_arr,
156 hdr->fw_size_in_items * sizeof(uint32_t));
157
158 /* HPG section 3.1.7.12 */
159 write32(®s->geni_force_default_reg, 0x1);
160 setbits_le32(®s->geni_cgc_ctrl,
GENI_CGC_CTRL_PROG_RAM_SCLK_OFF_BMSK
/src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init()
77 write32(®s->geni_cgc_ctrl, DEFAULT_CGC_EN);
78
79 /* HPG section 3.1.7.4 */
80 write32(®s->geni_init_cfg_revision, hdr->cfg_version);
81 write32(®s->geni_s_init_cfg_revision, hdr->cfg_version);
82
>>> CID 1518915: (TAINTED_SCALAR)
>>> Using tainted variable "hdr->cfg_size_in_items - 1" as an index to
>>> pointer "cfg_idx_arr".
83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <=
84 MAX_OFFSET_CFG_REG);
85
86 for (i = 0; i < hdr->cfg_size_in_items; i++)
87 write32(®s->geni_cfg_reg0 + cfg_idx_arr[i],
88 cfg_val_arr[i]);
/src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init()
80 write32(®s->geni_init_cfg_revision, hdr->cfg_version);
81 write32(®s->geni_s_init_cfg_revision, hdr->cfg_version);
82
83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <=
84 MAX_OFFSET_CFG_REG);
85
>>> CID 1518915: (TAINTED_SCALAR)
>>> Using tainted variable "hdr->cfg_size_in_items" as a loop boundary.
86 for (i = 0; i < hdr->cfg_size_in_items; i++)
87 write32(®s->geni_cfg_reg0 + cfg_idx_arr[i],
88 cfg_val_arr[i]);
89
90 /* HPG section 3.1.7.9 */
91 /* non-UART configuration, UART driver can configure as desired for UART
** CID 1518914: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518914: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params()
154 pse_fw_base = (uintptr_t)&psefwbuf;
155 params->SiipRegionBase = pse_fw_base;
156 params->SiipRegionSize = psefwsize;
157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n",
pse_fw_base, psefwsize);
158
159 /* Configure PSE peripherals */
>>> CID 1518914: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseDmaEnable" of 3 bytes by passing it to
>>> a function which accesses it at byte offset 11 using argument "12UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
** CID 1518913: (TAINTED_SCALAR)
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
________________________________________________________________________________________________________
*** CID 1518913: (TAINTED_SCALAR)
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
219 ext_tbl = ucode_get_ext_sig_table(ucode_updates);
220
221 if (ext_tbl != NULL) {
222 int i;
223 struct ext_sig_entry *entry = (struct
ext_sig_entry *)(ext_tbl + 1);
224
>>> CID 1518913: (TAINTED_SCALAR)
>>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++,
entry++) {
226 if ((sig == entry->sig) && (pf &
entry->pf)) {
227 return ucode_updates;
228 }
229 }
230 }
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
219 ext_tbl = ucode_get_ext_sig_table(ucode_updates);
220
221 if (ext_tbl != NULL) {
222 int i;
223 struct ext_sig_entry *entry = (struct
ext_sig_entry *)(ext_tbl + 1);
224
>>> CID 1518913: (TAINTED_SCALAR)
>>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++,
entry++) {
226 if ((sig == entry->sig) && (pf &
entry->pf)) {
227 return ucode_updates;
228 }
229 }
230 }
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
219 ext_tbl = ucode_get_ext_sig_table(ucode_updates);
220
221 if (ext_tbl != NULL) {
222 int i;
223 struct ext_sig_entry *entry = (struct
ext_sig_entry *)(ext_tbl + 1);
224
>>> CID 1518913: (TAINTED_SCALAR)
>>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++,
entry++) {
226 if ((sig == entry->sig) && (pf &
entry->pf)) {
227 return ucode_updates;
228 }
229 }
230 }
/src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
219 ext_tbl = ucode_get_ext_sig_table(ucode_updates);
220
221 if (ext_tbl != NULL) {
222 int i;
223 struct ext_sig_entry *entry = (struct
ext_sig_entry *)(ext_tbl + 1);
224
>>> CID 1518913: (TAINTED_SCALAR)
>>> Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++,
entry++) {
226 if ((sig == entry->sig) && (pf &
entry->pf)) {
227 return ucode_updates;
228 }
229 }
230 }
** CID 1518912: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518912: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params()
159 /* Configure PSE peripherals */
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
>>> CID 1518912: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseQepEnable" of 4 bytes by passing it to
>>> a function which accesses it at byte offset 15 using argument "16UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
** CID 1518911: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518911: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params()
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
>>> CID 1518911: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseCanEnable" of 2 bytes by passing it to
>>> a function which accesses it at byte offset 7 using argument "8UL". [Note:
>>> The source code implementation of the function has been overridden by a
>>> builtin model.]
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
177 params->PchPsePwmEnable = config->PsePwmOwn;
178 params->PchPsePwmSbInterruptEnable =
config->PsePwmSbIntEn;
179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable,
config->PsePwmPinEn);
180 params->PchPseAdcEnable = config->PseAdcOwn;
** CID 1518910: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518910: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params()
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
>>> CID 1518910: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseSpiCs1Enable" of 4 bytes by passing it
>>> to a function which accesses it at byte offset 15 using argument "16UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
177 params->PchPsePwmEnable = config->PsePwmOwn;
178 params->PchPsePwmSbInterruptEnable =
config->PsePwmSbIntEn;
179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable,
config->PsePwmPinEn);
** CID 1518909: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518909: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params()
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
>>> CID 1518909: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseI2sEnable" of 2 bytes by passing it to
>>> a function which accesses it at byte offset 7 using argument "8UL". [Note:
>>> The source code implementation of the function has been overridden by a
>>> builtin model.]
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
** CID 1518908: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518908: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params()
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
>>> CID 1518908: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseI2cEnable" of 8 bytes by passing it to
>>> a function which accesses it at byte offset 31 using argument "32UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
** CID 1518907: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1518907: Null pointer dereferences (FORWARD_NULL)
/src/acpi/acpi.c: 1499 in write_acpi_tables()
1493 current = acpi_align_current(current);
1494
1495 /* clear all table memory */
1496 memset((void *)start, 0, current - start);
1497
1498 acpi_write_rsdp(rsdp, rsdt, xsdt, oem_id);
>>> CID 1518907: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "rsdt" to "acpi_write_rsdt", which dereferences it.
1499 acpi_write_rsdt(rsdt, oem_id, oem_table_id);
1500 acpi_write_xsdt(xsdt, oem_id, oem_table_id);
1501
1502 if (ENV_X86) {
1503 printk(BIOS_DEBUG, "ACPI: * FACS\n");
1504 current = ALIGN_UP(current, 64);
** CID 1518906: (BUFFER_SIZE)
/src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params()
/src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518906: (BUFFER_SIZE)
/src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params()
158
159 /* Configure PSE peripherals */
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 4 byte destination string
>>> "params->PchPseHsuartEnable" by writing the maximum 16 bytes from
>>> "config->PseHsuartOwn".
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
/src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params()
154 pse_fw_base = (uintptr_t)&psefwbuf;
155 params->SiipRegionBase = pse_fw_base;
156 params->SiipRegionSize = psefwsize;
157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n",
pse_fw_base, psefwsize);
158
159 /* Configure PSE peripherals */
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 3 byte destination string
>>> "params->PchPseDmaEnable" by writing the maximum 12 bytes from
>>> "config->PseDmaOwn".
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
/src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params()
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 8 byte destination string
>>> "params->PchPseI2cEnable" by writing the maximum 32 bytes from
>>> "config->PseI2cOwn".
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
/src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params()
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 4 byte destination string
>>> "params->PchPseSpiEnable" by writing the maximum 16 bytes from
>>> "config->PseSpiOwn".
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
/src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params()
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 4 byte destination string
>>> "params->PchPseSpiCs0Enable" by writing the maximum 16 bytes from
>>> "config->PseSpiCs0Own".
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
177 params->PchPsePwmEnable = config->PsePwmOwn;
178 params->PchPsePwmSbInterruptEnable =
config->PsePwmSbIntEn;
/src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params()
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 2 byte destination string
>>> "params->PchPseI2sEnable" by writing the maximum 8 bytes from
>>> "config->PseI2sOwn".
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
/src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params()
159 /* Configure PSE peripherals */
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 4 byte destination string
>>> "params->PchPseQepEnable" by writing the maximum 16 bytes from
>>> "config->PseQepOwn".
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
/src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params()
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 2 byte destination string
>>> "params->PchPseCanEnable" by writing the maximum 8 bytes from
>>> "config->PseCanOwn".
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
177 params->PchPsePwmEnable = config->PsePwmOwn;
178 params->PchPsePwmSbInterruptEnable =
config->PsePwmSbIntEn;
179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable,
config->PsePwmPinEn);
180 params->PchPseAdcEnable = config->PseAdcOwn;
/src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params()
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 4 byte destination string
>>> "params->PchPseSpiCs1Enable" by writing the maximum 16 bytes from
>>> "config->PseSpiCs1Own".
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
177 params->PchPsePwmEnable = config->PsePwmOwn;
178 params->PchPsePwmSbInterruptEnable =
config->PsePwmSbIntEn;
179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable,
config->PsePwmPinEn);
/src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params()
156 params->SiipRegionSize = psefwsize;
157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n",
pse_fw_base, psefwsize);
158
159 /* Configure PSE peripherals */
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
>>> CID 1518906: (BUFFER_SIZE)
>>> You might overrun the 6 byte destination string
>>> "params->PchPseUartEnable" by writing the maximum 24 bytes from
>>> "config->PseUartOwn".
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
** CID 1518905: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518905: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params()
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
>>> CID 1518905: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseSpiEnable" of 4 bytes by passing it to
>>> a function which accesses it at byte offset 15 using argument "16UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
** CID 1518904: Integer handling issues (BAD_SHIFT)
/src/security/intel/txt/common.c: 277 in intel_txt_prepare_bios_acm()
________________________________________________________________________________________________________
*** CID 1518904: Integer handling issues (BAD_SHIFT)
/src/security/intel/txt/common.c: 277 in intel_txt_prepare_bios_acm()
271 }
272
273 /*
274 * The ACM should be aligned to it's size, but that's not
possible, as
275 * some ACMs are not power of two. Use the next power of two
for verification.
276 */
>>> CID 1518904: Integer handling issues (BAD_SHIFT)
>>> In expression "1UL << log2_ceil(*acm_len)", shifting by a negative
>>> amount has undefined behavior. The shift amount, "log2_ceil(*acm_len)", is
>>> -1.
277 if (!IS_ALIGNED((uintptr_t)acm_data, (1UL <<
log2_ceil(*acm_len)))) {
278 printk(BIOS_ERR, "TEE-TXT: BIOS ACM isn't aligned to
its size.\n");
279 cbfs_unmap(acm_data);
280 return NULL;
281 }
282
** CID 1518903: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518903: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params()
156 params->SiipRegionSize = psefwsize;
157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n",
pse_fw_base, psefwsize);
158
159 /* Configure PSE peripherals */
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable,
config->PseDmaOwn);
161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable,
config->PseDmaSbIntEn);
>>> CID 1518903: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseUartEnable" of 6 bytes by passing it
>>> to a function which accesses it at byte offset 23 using argument "24UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
162 FSP_ARRAY_LOAD(params->PchPseUartEnable,
config->PseUartOwn);
163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable,
config->PseUartSbIntEn);
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable,
config->PseHsuartOwn);
165 FSP_ARRAY_LOAD(params->PchPseQepEnable,
config->PseQepOwn);
166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable,
config->PseQepSbIntEn);
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
** CID 1518902: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params()
________________________________________________________________________________________________________
*** CID 1518902: Memory - corruptions (OVERRUN)
/src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params()
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable,
config->PseI2cOwn);
168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable,
config->PseI2cSbIntEn);
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable,
config->PseI2sOwn);
170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable,
config->PseI2sSbIntEn);
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable,
config->PseSpiOwn);
172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable,
config->PseSpiSbIntEn);
>>> CID 1518902: Memory - corruptions (OVERRUN)
>>> Overrunning array "params->PchPseSpiCs0Enable" of 4 bytes by passing it
>>> to a function which accesses it at byte offset 15 using argument "16UL".
>>> [Note: The source code implementation of the function has been overridden
>>> by a builtin model.]
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable,
config->PseSpiCs0Own);
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable,
config->PseSpiCs1Own);
175 FSP_ARRAY_LOAD(params->PchPseCanEnable,
config->PseCanOwn);
176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable,
config->PseCanSbIntEn);
177 params->PchPsePwmEnable = config->PsePwmOwn;
178 params->PchPsePwmSbInterruptEnable =
config->PsePwmSbIntEn;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3D1s_H_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn3kZYjZpu1qiRSBsmSX8dR6HiakAqDSDoyOj8emQn-2FIz-2Bj-2F1zk46UmppUpW-2F49mmyREcZE48-2F6X9wgON5pT2aewTZZ1wN9eHBty3SfB0tiI-2FsP-2FwO9qFcsrazHBM4AQSf3z5xi8C0z1rtAROPfVprtdxuazqTBF3T5vSICf9C-2BARQ-3D-3D
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
