+U-Boot Mailing List
On Wed, 3 Mar 2021 at 03:44, Heinrich Schuchardt <[email protected]> wrote: > > On 02.03.21 14:30, [email protected] wrote: > > Hi, > > > > Please find the latest report on new defect(s) introduced to Das U-Boot > > found with Coverity Scan. > > > > 2 new defect(s) introduced to Das U-Boot found with Coverity Scan. > > 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the > > recent build analyzed by Coverity Scan. > > > > New defect(s) Reported-by: Coverity Scan > > Showing 2 of 2 defect(s) > > > > > > ** CID 325866: Error handling issues (CHECKED_RETURN) > > /drivers/core/ofnode.c: 77 in ofnode_read_s32_default() > > > > > > ________________________________________________________________________________________________________ > > *** CID 325866: Error handling issues (CHECKED_RETURN) > > /drivers/core/ofnode.c: 77 in ofnode_read_s32_default() > > 71 return def; > > 72 } > > 73 > > 74 int ofnode_read_s32_default(ofnode node, const char *propname, s32 > > def) > > 75 { > > 76 assert(ofnode_valid(node)); > >>>> CID 325866: Error handling issues (CHECKED_RETURN) > >>>> Calling "ofnode_read_u32" without checking return value (as is done > >>>> elsewhere 14 out of 17 times). > > This is a false positive. If the node is not found, def remains > unchanged which matches the function description. > > > 77 ofnode_read_u32(node, propname, (u32 *)&def); > > 78 > > 79 return def; > > 80 } > > 81 > > 82 int ofnode_read_u64(ofnode node, const char *propname, u64 *outp) > > > > ** CID 325865: Memory - illegal accesses (BUFFER_SIZE_WARNING) > > /drivers/fastboot/fb_mmc.c: 64 in raw_part_get_info_by_name() > > > > > > ________________________________________________________________________________________________________ > > *** CID 325865: Memory - illegal accesses (BUFFER_SIZE_WARNING) > > /drivers/fastboot/fb_mmc.c: 64 in raw_part_get_info_by_name() > > 58 } > > 59 } > > 60 > > 61 info->start = simple_strtoul(argv[0], NULL, 0); > > 62 info->size = simple_strtoul(argv[1], NULL, 0); > > 63 info->blksz = dev_desc->blksz; > >>>> CID 325865: Memory - illegal accesses (BUFFER_SIZE_WARNING) > >>>> Calling "strncpy" with a maximum size argument of 32 bytes on > >>>> destination array "info->name" of size 32 bytes might leave the > >>>> destination string unterminated. > > Here we have a real issue. > > info->name is assumed to be null-terminated in different library calls, > e.g. when calling part_get_info_by_name(). > > Inside cmd/cpt.c we find the following conflicting lines: > > cmd/gpt.c:209: > newpart->gpt_part_info.name[PART_NAME_LEN - 1] = '\0'; > > cmd/gpt.c:842: > if ((strlen(name1) > PART_NAME_LEN) || (strlen(name2) > PART_NAME_LEN)) { > printf("Names longer than %d characters are truncated.\n", > > So in line 209 we assume that PART_NAME_LEN includes the terminating NUL > while in line 842 we assume that it does not. > > What needs to be done is: > > * document the structure field disk_partition.name so that it is > clear if this field is null-terminated or not > * document the meaning of PART_NAME_LEN > * check all usages of the field and PART_NAME_LEN > > Best regards > > Heinrich > > > > 64 strncpy((char *)info->name, name, PART_NAME_LEN); > > 65 > > 66 if (raw_part_desc) { > > 67 if (strcmp(strsep(&raw_part_desc, " "), "mmcpart") == > > 0) { > > 68 ulong mmcpart = simple_strtoul(raw_part_desc, > > NULL, 0); > > 69 int ret = blk_dselect_hwpart(dev_desc, > > mmcpart); > > > > > > ________________________________________________________________________________________________________ > > To view the defects in Coverity Scan visit, > > https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3DbjkX_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2W9scyTee7fb3OFpRv9kImrRqsKxlWoCO8zAeiIiAhqzSbrl4dXq9dXyAqi-2Fc0Jnwl-2FtH-2F6CeLIdaJ1B6nYgbrPrfQp-2FcoNWNRxS33O5yOY4dM-2FGF7XqrRr5G9AcX6O5K68VD-2FUnecqWgoMQ1p8zvxz5uSqy-2BRTvJPOAZAR5wWVKAbb5ohWYJh4aaJ24cyyKlc-3D > > > > To manage Coverity Scan email notifications for "[email protected]", > > click > > https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx4Y-2F1WK-2FIlbEOzfoxXLI-2FdwA0wwGn90rGGrBgiHW-2ByLDLbUOEV7XOvtc9zJmj9LPyrT06WSaMnNrm6wfrUN-2BXuWoaHdqOoEyL7CQlGSiE-2BfE-3DDif__N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2W9scyTee7fb3OFpRv9kImr5eGADaWc9Gt2gE-2B5omGfwd2OEqtcwui0xgv2IURP-2BE-2BQ7i8p1lcSxhNpWKzf-2FstT1hBUmr8A-2Bondt-2Fcoj1lkWT-2BUp3IZnpnAzSzRNjIb0r85mSanNDe7kFVu6nNNGP4Gqpy1eEdxEVV3XbHRIfaxr0nF6YselCjEp-2BLdL5Rzfmg-3D > > >
