[scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]

Mon, 01 Feb 2021 11:51:38 -0800 

----- Forwarded message from scan-ad...@coverity.com -----

Date: Mon, 01 Feb 2021 16:18:03 +0000 (UTC)
From: scan-ad...@coverity.com
To: tom.r...@gmail.com
Subject: New Defects reported by Coverity Scan for Das U-Boot

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot found 
with Coverity Scan.

1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent 
build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 317953:    (OVERRUN)
/drivers/misc/cros_ec_sandbox.c: 536 in process_cmd()
/drivers/misc/cros_ec_sandbox.c: 548 in process_cmd()


________________________________________________________________________________________________________
*** CID 317953:    (OVERRUN)
/drivers/misc/cros_ec_sandbox.c: 536 in process_cmd()
530                     const struct ec_params_vstore_write *req = req_data;
531                     struct vstore_slot *slot;
532     
533                     if (req->slot >= EC_VSTORE_SLOT_MAX)
534                             return -EINVAL;
535                     slot = &ec->slot[req->slot];
>>>     CID 317953:    (OVERRUN)
>>>     Overrunning array of 260 bytes at byte offset 2015 by dereferencing 
>>> pointer "slot".
536                     slot->locked = true;
537                     memcpy(slot->data, req->data, EC_VSTORE_SLOT_SIZE);
538                     len = 0;
539                     break;
540             }
541             case EC_CMD_VSTORE_READ: {
/drivers/misc/cros_ec_sandbox.c: 548 in process_cmd()
542                     const struct ec_params_vstore_read *req = req_data;
543                     struct ec_response_vstore_read *resp = resp_data;
544                     struct vstore_slot *slot;
545     
546                     if (req->slot >= EC_VSTORE_SLOT_MAX)
547                             return -EINVAL;
>>>     CID 317953:    (OVERRUN)
>>>     "&ec->slot[req->slot]" evaluates to an address that is at byte offset 
>>> 2015 of an array of 260 bytes.
548                     slot = &ec->slot[req->slot];
549                     memcpy(resp->data, slot->data, EC_VSTORE_SLOT_SIZE);
550                     len = sizeof(*resp);
551                     break;
552             }
553             default:


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3Djsgx_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTvw0i-2BZeaG2NwneHBLdclGj0dZxktyUtICgF-2Bw8qb-2FneqjEmvbgwhNvmXz70TzQRWpHGC1GPOtnJwuV-2FckrA-2BZiBdaNnl8UUpJ7kZhxZQ8SEHToTVO0UrgPu4MRukOIBHhlfE0M0ylVZGm578kgQu1oUY7oQY10WypcgJYSRFzSXsa60oObHMkzy4DPrA9sxlM-3D

  To manage Coverity Scan email notifications for "tom.r...@gmail.com", click 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFw4elYDyedRVZOC-2ButxjBZdouVmTGuWB6Aj6G7lm7t25-2Biv1B-2B9082pHzCCex2kqMs-3D-7XA_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTvw0i-2BZeaG2NwneHBLdclGj20f9M5rwX45j1npE5NazJWu81Awx8InXRPGu6jHKeg-2FiGihplqmlvrD2TJCzaX2RMUSTw1UsD73k4c-2BNmtoo4gnEa-2F9ofAHPE-2FZkYpp20hp5GosFa8Ui3NxsPSg45ev6lLxbCss-2FNUAnPCCwc-2BAHBiJS-2FlnTcurE6JsyCKtYop8-3D


----- End forwarded message -----

-- 
Tom

Attachment: signature.asc
Description: PGP signature

Reply via email to