On 4/23/21 6:38 PM, scan-ad...@coverity.com wrote:
Hi,Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan. 3 new defect(s) introduced to Das U-Boot found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 331185: Insecure data handling (TAINTED_SCALAR) /lib/lz4.c: 143 in LZ4_decompress_generic() ________________________________________________________________________________________________________ *** CID 331185: Insecure data handling (TAINTED_SCALAR) /lib/lz4.c: 143 in LZ4_decompress_generic() 137 } 138 else 139 { 140 if ((!endOnInput) && (cpy != oend)) goto _output_error; /* Error : block decoding must stop exactly there */ 141 if ((endOnInput) && ((ip+length != iend) || (cpy > oend))) goto _output_error; /* Error : input must be consumed */ 142 }CID 331185: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]143 memcpy(op, ip, length); 144 ip += length; 145 op += length; 146 break; /* Necessarily EOF, due to parsing restrictions */ 147 } 148 LZ4_wildCopy(op, ip, cpy); ** CID 331184: Memory - corruptions (OVERRUN) /cmd/stackprot_test.c: 14 in do_test_stackprot_fail() ________________________________________________________________________________________________________ *** CID 331184: Memory - corruptions (OVERRUN) /cmd/stackprot_test.c: 14 in do_test_stackprot_fail() 8 9 static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int argc, 10 char *const argv[]) 11 {
Hello Tom, please, mark this finding as intentional in Coverity.
12 char a[128]; 13CID 331184: Memory - corruptions (OVERRUN) Overrunning array "a" of 128 bytes by passing it to a function which accesses it at byte offset 511 using argument "512UL". [Note: The source code implementation of the function has been overridden by a builtin model.]14 memset(a, 0xa5, 512); 15 return 0; 16 } 17 18 U_BOOT_CMD(stackprot_test, 1, 1, do_test_stackprot_fail, ** CID 331183: Memory - corruptions (BUFFER_SIZE) /cmd/stackprot_test.c: 14 in do_test_stackprot_fail() ________________________________________________________________________________________________________ *** CID 331183: Memory - corruptions (BUFFER_SIZE) /cmd/stackprot_test.c: 14 in do_test_stackprot_fail()
same here Best regards Heinrich
8 9 static int do_test_stackprot_fail(struct cmd_tbl *cmdtp, int flag, int argc, 10 char *const argv[]) 11 { 12 char a[128]; 13CID 331183: Memory - corruptions (BUFFER_SIZE) You might overrun the 128 byte destination string "a" by writing the maximum 512 bytes from "165".14 memset(a, 0xa5, 512); 15 return 0; 16 } 17 18 U_BOOT_CMD(stackprot_test, 1, 1, do_test_stackprot_fail, ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3DVLO3_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2X9PIw0aqIVMZlR6cmf9w8prU0ddkFkhQg-2B6p8UvlY-2FM51TBl-2FigNKw0KCrquAEkBb2jC3ZnWBwbVEZhLkDdq-2FMFkIpcluF4NvkPbaQ8l7PMYWmxLPqhtFLo01zbJ6O05zRrW9MzeWZiF82fugYqxJUGlLrQGmeTLuFDr2CDzEGJg-3D-3D To manage Coverity Scan email notifications for "xypron.g...@gmx.de", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx4Y-2F1WK-2FIlbEOzfoxXLI-2FdwA0wwGn90rGGrBgiHW-2ByLDLbUOEV7XOvtc9zJmj9LPyrT06WSaMnNrm6wfrUN-2BXuWoaHdqOoEyL7CQlGSiE-2BfE-3DtDQo_N64QlSHam5hYYsLU0uvEm3xiMtcSlv2JwRoKVmjv-2F2X9PIw0aqIVMZlR6cmf9w8pA8-2FW82eD6YTWlxlNXjrDSc-2B-2BfgU0QJMdYPvNOg-2Brk8a8VMShB-2FvhmE5GTrUF2ImOx4sRousy5Sh2qX6apgHec8wEC6ZWvhuro1Ua3CVllqnKzeW-2FmUepM3XfZqtYssGH0ujkCtgvKvxZfYpXxJdKdg-3D-3D
