On 4/23/21 6:38 PM, scan-ad...@coverity.com wrote:
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found
with Coverity Scan.
3 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 331185: Insecure data handling (TAINTED_SCALAR)
/lib/lz4.c: 143 in LZ4_decompress_generic()
________________________________________________________________________________________________________
*** CID 331185: Insecure data handling (TAINTED_SCALAR)
/lib/lz4.c: 143 in LZ4_decompress_generic()
137 }
138 else
139 {
140 if ((!endOnInput) && (cpy != oend)) goto _output_error;
/* Error : block decoding must stop exactly there */
141 if ((endOnInput) && ((ip+length != iend) || (cpy >
oend))) goto _output_error; /* Error : input must be consumed */
142 }
CID 331185: Insecure data handling (TAINTED_SCALAR)
Passing tainted variable "length" to a tainted sink. [Note: The source
code implementation of the function has been overridden by a builtin model.]
143 memcpy(op, ip, length);
144 ip += length;
145 op += length;
146 break; /* Necessarily EOF, due to parsing restrictions
*/
147 }
148 LZ4_wildCopy(op, ip, cpy);
** CID 331184: Memory - corruptions (OVERRUN)
/cmd/stackprot_test.c: 14 in do_test_stackprot_fail()
________________________________________________________________________________________________________
*** CID 331184: Memory - corruptions (OVERRUN)
/cmd/stackprot_test.c: 14 in do_test_stackprot_fail()
8
9 static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int
argc,
10 char *const argv[])
11 {
Hello Tom,
please, mark this finding as intentional in Coverity.
12 char a[128];
13
CID 331184: Memory - corruptions (OVERRUN)
Overrunning array "a" of 128 bytes by passing it to a function which accesses it at
byte offset 511 using argument "512UL". [Note: The source code implementation of the
function has been overridden by a builtin model.]
14 memset(a, 0xa5, 512);
15 return 0;
16 }
17
18 U_BOOT_CMD(stackprot_test, 1, 1, do_test_stackprot_fail,
** CID 331183: Memory - corruptions (BUFFER_SIZE)
/cmd/stackprot_test.c: 14 in do_test_stackprot_fail()
________________________________________________________________________________________________________
*** CID 331183: Memory - corruptions (BUFFER_SIZE)
/cmd/stackprot_test.c: 14 in do_test_stackprot_fail()
same here
Best regards
Heinrich
8
9 static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int
argc,
10 char *const argv[])
11 {
12 char a[128];
13
CID 331183: Memory - corruptions (BUFFER_SIZE)
You might overrun the 128 byte destination string "a" by writing the maximum 512
bytes from "165".
14 memset(a, 0xa5, 512);
15 return 0;
16 }
17
18 U_BOOT_CMD(stackprot_test, 1, 1, do_test_stackprot_fail,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3DVLO3_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2X9PIw0aqIVMZlR6cmf9w8prU0ddkFkhQg-2B6p8UvlY-2FM51TBl-2FigNKw0KCrquAEkBb2jC3ZnWBwbVEZhLkDdq-2FMFkIpcluF4NvkPbaQ8l7PMYWmxLPqhtFLo01zbJ6O05zRrW9MzeWZiF82fugYqxJUGlLrQGmeTLuFDr2CDzEGJg-3D-3D
To manage Coverity Scan email notifications for "xypron.g...@gmx.de", click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx4Y-2F1WK-2FIlbEOzfoxXLI-2FdwA0wwGn90rGGrBgiHW-2ByLDLbUOEV7XOvtc9zJmj9LPyrT06WSaMnNrm6wfrUN-2BXuWoaHdqOoEyL7CQlGSiE-2BfE-3DtDQo_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2X9PIw0aqIVMZlR6cmf9w8pA8-2FW82eD6YTWlxlNXjrDSc-2B-2BfgU0QJMdYPvNOg-2Brk8a8VMShB-2FvhmE5GTrUF2ImOx4sRousy5Sh2qX6apgHec8wEC6ZWvhuro1Ua3CVllqnKzeW-2FmUepM3XfZqtYssGH0ujkCtgvKvxZfYpXxJdKdg-3D-3D