Hi Tom, I will try to check for the spi nor core issues mentioned below. Thanks Venkatesh
> -----Original Message----- > From: Ilias Apalodimas <[email protected]> > Sent: Wednesday, October 16, 2024 11:43 AM > To: Tom Rini <[email protected]> > Cc: [email protected]; Vignesh R <[email protected]>; Takahiro Kuwano > <[email protected]>; Tudor Ambarus <[email protected]>; > Abbarapu, Venkatesh <[email protected]>; Pratyush Yadav > <[email protected]>; Ashok Reddy Soma <[email protected]>; Joakim > Tjernlund <[email protected]>; Raymond Mao > <[email protected]> > Subject: Re: New Defects reported by Coverity Scan for Das U-Boot > > HI Tom, > > We'll have a look on the mbedTLS reports later today > > Thanks > /Ilias > > On Wed, 16 Oct 2024 at 06:47, Tom Rini <[email protected]> wrote: > > > > Hey all, here's the latest report. > > > > ---------- Forwarded message --------- > > From: <[email protected]> > > Date: Tue, Oct 15, 2024 at 5:06 PM > > Subject: New Defects reported by Coverity Scan for Das U-Boot > > To: <[email protected]> > > > > > > Hi, > > > > Please find the latest report on new defect(s) introduced to Das > > U-Boot found with Coverity Scan. > > > > 22 new defect(s) introduced to Das U-Boot found with Coverity Scan. > > > > > > New defect(s) Reported-by: Coverity Scan Showing 20 of 22 defect(s) > > > > > > ** CID 510813: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510813: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read() > > 1646 goto read_err; > > 1647 } > > 1648 if (ret < 0) > > 1649 goto read_err; > > 1650 > > 1651 if (is_ofst_odd == true) { > > >>> CID 510813: Control flow issues (DEADCODE) > > >>> Execution cannot reach this statement: "memmove(buf, buf + 1, len > > >>> -...". > > 1652 memmove(buf, (buf + 1), (len - 1)); > > 1653 *retlen += (ret - 1); > > 1654 buf += ret - 1; > > 1655 is_ofst_odd = false; > > 1656 } else { > > 1657 *retlen += ret; > > > > ** CID 510812: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase() > > /drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase() > > /drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase() > > /drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510812: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase() > > 3567 /* > > 3568 * In parallel-memories the erase operation is > > 3569 * performed on both the flashes simultaneously > > 3570 * so, double the erasesize. > > 3571 */ > > 3572 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510812: (DEADCODE) > > >>> Execution cannot reach this statement: "mtd->erasesize = 8192U;". > > 3573 mtd->erasesize = 4096 * 2; > > 3574 else > > 3575 mtd->erasesize = 4096; > > 3576 } else if (info->flags & SECT_4K_PMC) { > > 3577 nor->erase_opcode = SPINOR_OP_BE_4K_PMC; > > 3578 /* > > /drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase() > > 3578 /* > > 3579 * In parallel-memories the erase operation is > > 3580 * performed on both the flashes simultaneously > > 3581 * so, double the erasesize. > > 3582 */ > > 3583 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510812: (DEADCODE) > > >>> Execution cannot reach this statement: "mtd->erasesize = 8192U;". > > 3584 mtd->erasesize = 4096 * 2; > > 3585 else > > 3586 mtd->erasesize = 4096; > > 3587 } else > > 3588 #endif > > 3589 { > > /drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase() > > 3604 /* > > 3605 * In parallel-memories the erase operation is > > 3606 * performed on both the flashes simultaneously > > 3607 * so, double the erasesize. > > 3608 */ > > 3609 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510812: (DEADCODE) > > >>> Execution cannot reach this statement: "mtd->erasesize = 8192U;". > > 3610 mtd->erasesize = 4096 * 2; > > 3611 else > > 3612 mtd->erasesize = 4096; > > 3613 } > > 3614 > > 3615 return 0; > > /drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase() > > 3591 /* > > 3592 * In parallel-memories the erase operation is > > 3593 * performed on both the flashes simultaneously > > 3594 * so, double the erasesize. > > 3595 */ > > 3596 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510812: (DEADCODE) > > >>> Execution cannot reach this statement: "mtd->erasesize = > > >>> info->sect...". > > 3597 mtd->erasesize = info->sector_size * 2; > > 3598 else > > 3599 mtd->erasesize = info->sector_size; > > 3600 } > > 3601 > > 3602 if ((JEDEC_MFR(info) == SNOR_MFR_SST) && info->flags & > > SECT_4K) { > > > > ** CID 510811: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase() > > /drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510811: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase() > > 1128 addr_known = false; > > 1129 ret = -EINTR; > > 1130 goto erase_err; > > 1131 } > > 1132 offset = addr; > > 1133 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510811: (DEADCODE) > > >>> Execution cannot reach this statement: "offset /= 2U;". > > 1134 offset /= 2; > > 1135 > > 1136 if (nor->flags & SNOR_F_HAS_STACKED) { > > 1137 if (offset >= (mtd->size / 2)) { > > 1138 offset = offset - (mtd->size / 2); > > 1139 nor->spi->flags |= SPI_XFER_U_PAGE; > > /drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase() > > 1131 } > > 1132 offset = addr; > > 1133 if (nor->flags & SNOR_F_HAS_PARALLEL) > > 1134 offset /= 2; > > 1135 > > 1136 if (nor->flags & SNOR_F_HAS_STACKED) { > > >>> CID 510811: (DEADCODE) > > >>> Execution cannot reach this statement: "if (offset >= mtd->size / > > >>> 2...". > > 1137 if (offset >= (mtd->size / 2)) { > > 1138 offset = offset - (mtd->size / 2); > > 1139 nor->spi->flags |= SPI_XFER_U_PAGE; > > 1140 } else { > > 1141 nor->spi->flags &= ~SPI_XFER_U_PAGE; > > 1142 } > > > > ** CID 510810: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510810: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id() > > 1550 { > > 1551 int tmp; > > 1552 u8 id[SPI_NOR_MAX_ID_LEN]; > > 1553 const struct flash_info *info; > > 1554 > > 1555 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510810: Control flow issues (DEADCODE) > > >>> Execution cannot reach this statement: "nor->spi->flags |= 0x100;". > > 1556 nor->spi->flags |= SPI_XFER_LOWER; > > 1557 > > 1558 tmp = nor->read_reg(nor, SPINOR_OP_RDID, id, > > SPI_NOR_MAX_ID_LEN); > > 1559 if (tmp < 0) { > > 1560 dev_dbg(nor->dev, "error %d reading JEDEC ID\n", > > tmp); > > 1561 return ERR_PTR(tmp); > > > > ** CID 510809: Resource leaks (RESOURCE_LEAK) > > /lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510809: Resource leaks (RESOURCE_LEAK) > > /lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo() > > 379 signed_info); > > 380 if (ret) > > 381 goto out_err_sinfo; > > 382 > > 383 no_authattrs: > > 384 *sinfo = signed_info; > > >>> CID 510809: Resource leaks (RESOURCE_LEAK) > > >>> Variable "mctx" going out of scope leaks the storage it points to. > > 385 return 0; > > 386 > > 387 out_err_sinfo: > > 388 pkcs7_free_sinfo_mbedtls_ctx(mctx); > > 389 out_no_mctx: > > 390 public_key_signature_free(s); > > > > ** CID 510808: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510808: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes() > > 718 static void spi_nor_set_4byte_opcodes(struct spi_nor *nor, > > 719 const struct flash_info *info) > > 720 { > > 721 bool shift = 0; > > 722 > > 723 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510808: Control flow issues (DEADCODE) > > >>> Execution cannot reach this statement: "shift = true;". > > 724 shift = 1; > > 725 > > 726 /* Do some manufacturer fixups first */ > > 727 switch (JEDEC_MFR(info)) { > > 728 case SNOR_MFR_SPANSION: > > 729 /* No small sector erase for 4-byte command set */ > > > > ** CID 510807: Control flow issues (DEADCODE) > > /lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in > > x509_inet_pton_ipv6() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510807: Control flow issues (DEADCODE) > > /lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in > > x509_inet_pton_ipv6() > > 2744 MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); > > 2745 nonzero_groups++; > > 2746 if (*p == '\0') { > > 2747 break; > > 2748 } else if (*p == '.') { > > 2749 /* Don't accept IPv4 too early or late */ > > >>> CID 510807: Control flow issues (DEADCODE) > > >>> Execution cannot reach the expression "zero_group_start == -1" > > >>> inside this > statement: "if ((nonzero_groups == 0 &&...". > > 2750 if ((nonzero_groups == 0 && zero_group_start == > > -1) || > > 2751 nonzero_groups >= 7) { > > 2752 break; > > 2753 } > > 2754 > > 2755 /* Walk back to prior ':', then parse as > > IPv4-mapped */ > > > > ** CID 510806: Control flow issues (DEADCODE) > > /lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510806: Control flow issues (DEADCODE) > > /lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse() > > 203 return -EINVAL; > > 204 } > > 205 > > 206 p += seq_len; > > 207 } > > 208 > > >>> CID 510806: Control flow issues (DEADCODE) > > >>> Execution cannot reach the expression "ret != -96" inside this > > >>> statement: "if > (ret && ret != -96) > > re...". > > 209 if (ret && ret != MBEDTLS_ERR_ASN1_OUT_OF_DATA) > > 210 return ret; > > 211 > > 212 msg->have_authattrs = true; > > 213 > > 214 /* > > > > ** CID 510805: Memory - illegal accesses (OVERRUN) > > /lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510805: Memory - illegal accesses (OVERRUN) > > /lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop() > > 672 (*prop)->num_bits = (rsa_key.n_sz - i) * 8; > > 673 (*prop)->modulus = malloc(rsa_key.n_sz - i); > > 674 if (!(*prop)->modulus) { > > 675 ret = -ENOMEM; > > 676 goto out; > > 677 } > > >>> CID 510805: Memory - illegal accesses (OVERRUN) > > >>> Overrunning dynamic array "rsa_key.n" at offset corresponding to > > >>> index > variable "i". > > 678 memcpy((void *)(*prop)->modulus, &rsa_key.n[i], > > rsa_key.n_sz - i); > > 679 > > 680 n = calloc(sizeof(uint32_t), 1 + ((*prop)->num_bits >> 5)); > > 681 rr = calloc(sizeof(uint32_t), 1 + (((*prop)->num_bits > > * 2) >> 5)); > > 682 rrtmp = calloc(sizeof(uint32_t), 2 + > > (((*prop)->num_bits * 2) >> 5)); > > 683 if (!n || !rr || !rrtmp) { > > > > ** CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id() > > 1550 { > > 1551 int tmp; > > 1552 u8 id[SPI_NOR_MAX_ID_LEN]; > > 1553 const struct flash_info *info; > > 1554 > > 1555 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510804: Integer handling issues > (CONSTANT_EXPRESSION_RESULT) > > >>> In "nor->spi->flags |= 256 /* 1 << 8 */", wider "256 /* 1 << 8 */" > > >>> has high- > order bits (0x100) that don't affect the narrower left-hand side. > > 1556 nor->spi->flags |= SPI_XFER_LOWER; > > 1557 > > 1558 tmp = nor->read_reg(nor, SPINOR_OP_RDID, id, > > SPI_NOR_MAX_ID_LEN); > > 1559 if (tmp < 0) { > > 1560 dev_dbg(nor->dev, "error %d reading JEDEC ID\n", > > tmp); > > 1561 return ERR_PTR(tmp); > > > > ** CID 510803: Code maintainability issues (UNUSED_VALUE) > > /drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510803: Code maintainability issues (UNUSED_VALUE) > > /drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase() > > 1132 offset = addr; > > 1133 if (nor->flags & SNOR_F_HAS_PARALLEL) > > 1134 offset /= 2; > > 1135 > > 1136 if (nor->flags & SNOR_F_HAS_STACKED) { > > 1137 if (offset >= (mtd->size / 2)) { > > >>> CID 510803: Code maintainability issues (UNUSED_VALUE) > > >>> Assigning value from "offset - mtd->size / 2ULL" to "offset" here, > > >>> but that > stored value is overwritten before it can be used. > > 1138 offset = offset - (mtd->size / 2); > > 1139 nor->spi->flags |= SPI_XFER_U_PAGE; > > 1140 } else { > > 1141 nor->spi->flags &= ~SPI_XFER_U_PAGE; > > 1142 } > > 1143 } > > > > ** CID 510802: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 504 in read_sr() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510802: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 504 in read_sr() > > 498 * discard the second byte. > > 499 */ > > 500 if (spi_nor_protocol_is_dtr(nor->reg_proto)) > > 501 op.data.nbytes = 2; > > 502 > > 503 if (nor->flags & SNOR_F_HAS_PARALLEL) { > > >>> CID 510802: Control flow issues (DEADCODE) > > >>> Execution cannot reach this statement: "op.data.nbytes = 2U;". > > 504 op.data.nbytes = 2; > > 505 ret = spi_nor_read_write_reg(nor, &op, &val[0]); > > 506 if (ret < 0) { > > 507 pr_debug("error %d reading SR\n", (int)ret); > > 508 return ret; > > 509 } > > > > ** CID 510801: Null pointer dereferences (FORWARD_NULL) > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510801: Null pointer dereferences (FORWARD_NULL) > > /lib/ecdsa/ecdsa-libcrypto.c: 365 in ecdsa_add_verify_data() > > 359 struct signer ctx; > > 360 int ret; > > 361 > > 362 fdt_key_name = info->keyname ? info->keyname : > > "default-key"; > > 363 ret = prepare_ctx(&ctx, info); > > 364 if (ret >= 0) { > > >>> CID 510801: Null pointer dereferences (FORWARD_NULL) > > >>> Passing "info" to "do_add", which dereferences null "info->keyname". > > 365 ret = do_add(&ctx, fdt, fdt_key_name, info); > > 366 if (ret < 0) > > 367 ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : > > -EIO; > > 368 } > > 369 > > 370 free_ctx(&ctx); > > 371 return ret; > > > > ** CID 510800: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read() > > /drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read() > > /drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read() > > /drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510800: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read() > > 1614 } else { > > 1615 nor->spi->flags &= ~SPI_XFER_U_PAGE; > > 1616 } > > 1617 } > > 1618 > > 1619 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510800: (DEADCODE) > > >>> Execution cannot reach this statement: "offset /= 2LL;". > > 1620 offset /= 2; > > 1621 > > 1622 if (nor->addr_width == 3) { > > 1623 #ifdef CONFIG_SPI_FLASH_BAR > > 1624 ret = write_bar(nor, offset); > > 1625 if (ret < 0) > > /drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read() > > 1584 u32 rem_bank_len = 0; > > 1585 u8 bank; > > 1586 bool is_ofst_odd = false; > > 1587 > > 1588 dev_dbg(nor->dev, "from 0x%08x, len %zd\n", (u32)from, len); > > 1589 > > >>> CID 510800: (DEADCODE) > > >>> Execution cannot reach the expression "offset & 1LL" inside this > > >>> statement: > "if (nor->flags & SNOR_F_HAS...". > > 1590 if ((nor->flags & SNOR_F_HAS_PARALLEL) && (offset & 1)) { > > 1591 /* We can hit this case when we use file system > > like ubifs */ > > 1592 from--; > > 1593 len++; > > 1594 is_ofst_odd = true; > > 1595 } > > /drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read() > > 1605 rem_bank_len = (SZ_16M * (bank > > + 1)) - from; > > 1606 } > > 1607 } > > 1608 offset = from; > > 1609 > > 1610 if (nor->flags & SNOR_F_HAS_STACKED) { > > >>> CID 510800: (DEADCODE) > > >>> Execution cannot reach this statement: "if (offset >= mtd->size / > > >>> 2...". > > 1611 if (offset >= (mtd->size / 2)) { > > 1612 offset = offset - (mtd->size / 2); > > 1613 nor->spi->flags |= SPI_XFER_U_PAGE; > > 1614 } else { > > 1615 nor->spi->flags &= ~SPI_XFER_U_PAGE; > > 1616 } > > /drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read() > > 1594 is_ofst_odd = true; > > 1595 } > > 1596 > > 1597 while (len) { > > 1598 if (nor->addr_width == 3) { > > 1599 if (nor->flags & SNOR_F_HAS_PARALLEL) { > > >>> CID 510800: (DEADCODE) > > >>> Execution cannot reach this statement: "bank = (u32)from / > > >>> 33554432U;". > > 1600 bank = (u32)from / (SZ_16M << 0x01); > > 1601 rem_bank_len = ((SZ_16M << 0x01) * > > 1602 (bank + 1)) - from; > > 1603 } else { > > 1604 bank = (u32)from / SZ_16M; > > 1605 rem_bank_len = (SZ_16M * (bank > > + 1)) - from; > > > > ** CID 510799: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write() > > /drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write() > > /drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510799: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write() > > 1965 return 0; > > 1966 > > 1967 /* > > 1968 * Cannot write to odd offset in parallel mode, > > 1969 * so write 2 bytes first > > 1970 */ > > >>> CID 510799: (DEADCODE) > > >>> Execution cannot reach the expression "to & 1LL" inside this > > >>> statement: "if > (nor->flags & SNOR_F_HAS...". > > 1971 if ((nor->flags & SNOR_F_HAS_PARALLEL) && (to & 1)) { > > 1972 u8 two[2] = {0xff, buf[0]}; > > 1973 size_t local_retlen; > > 1974 > > 1975 ret = spi_nor_write(mtd, to & ~1, 2, > > &local_retlen, two); > > 1976 if (ret < 0) > > /drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write() > > 2001 } > > 2002 offset = (to + i); > > 2003 if (nor->flags & SNOR_F_HAS_PARALLEL) > > 2004 offset /= 2; > > 2005 > > 2006 if (nor->flags & SNOR_F_HAS_STACKED) { > > >>> CID 510799: (DEADCODE) > > >>> Execution cannot reach this statement: "if (offset >= mtd->size / > > >>> 2...". > > 2007 if (offset >= (mtd->size / 2)) { > > 2008 offset = offset - (mtd->size / 2); > > 2009 nor->spi->flags |= SPI_XFER_U_PAGE; > > 2010 } else { > > 2011 nor->spi->flags &= ~SPI_XFER_U_PAGE; > > 2012 } > > /drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write() > > 1998 u64 aux = addr; > > 1999 > > 2000 page_offset = do_div(aux, nor->page_size); > > 2001 } > > 2002 offset = (to + i); > > 2003 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510799: (DEADCODE) > > >>> Execution cannot reach this statement: "offset /= 2U;". > > 2004 offset /= 2; > > 2005 > > 2006 if (nor->flags & SNOR_F_HAS_STACKED) { > > 2007 if (offset >= (mtd->size / 2)) { > > 2008 offset = offset - (mtd->size / 2); > > 2009 nor->spi->flags |= SPI_XFER_U_PAGE; > > > > ** CID 510798: Resource leaks (RESOURCE_LEAK) > > /lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510798: Resource leaks (RESOURCE_LEAK) > > /lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params() > > 214 } > > 215 > > 216 ret = hash_calculate(s->hash_algo, ®ion, 1, s->digest); > > 217 if (!ret) > > 218 *sig = s; > > 219 > > >>> CID 510798: Resource leaks (RESOURCE_LEAK) > > >>> Variable "s" going out of scope leaks the storage it points to. > > 220 return ret; > > 221 > > 222 error_sig: > > 223 public_key_signature_free(s); > > 224 return ret; > > 225 } > > > > ** CID 510797: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan() > > /drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510797: (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan() > > 4622 /* Send all the required SPI flash commands to > > initialize device */ > > 4623 ret = spi_nor_init(nor); > > 4624 if (ret) > > 4625 return ret; > > 4626 > > 4627 if (nor->flags & SNOR_F_HAS_STACKED) { > > >>> CID 510797: (DEADCODE) > > >>> Execution cannot reach this statement: "nor->spi->flags |= 0x10UL;". > > 4628 nor->spi->flags |= SPI_XFER_U_PAGE; > > 4629 ret = spi_nor_init(nor); > > 4630 if (ret) > > 4631 return ret; > > 4632 nor->spi->flags &= ~SPI_XFER_U_PAGE; > > 4633 } > > /drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan() > > 4592 nor->addr_width = info->addr_width; > > 4593 } else { > > 4594 nor->addr_width = 3; > > 4595 } > > 4596 > > 4597 if (nor->flags & (SNOR_F_HAS_PARALLEL | > SNOR_F_HAS_STACKED)) > > >>> CID 510797: (DEADCODE) > > >>> Execution cannot reach this statement: "shift = true;". > > 4598 shift = 1; > > 4599 if (nor->addr_width == 3 && (mtd->size >> shift) > SZ_16M) { > > 4600 #ifndef CONFIG_SPI_FLASH_BAR > > 4601 /* enable 4-byte addressing if the device > > exceeds 16MiB */ > > 4602 nor->addr_width = 4; > > 4603 if (JEDEC_MFR(info) == SNOR_MFR_SPANSION || > > > > ** CID 510796: Insecure data handling (TAINTED_SCALAR) > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510796: Insecure data handling (TAINTED_SCALAR) > > /lib/mbedtls/external/mbedtls/library/rsa.c: 1316 in rsa_prepare_blinding() > > 1310 } > > 1311 > > 1312 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, > > ctx->len - 1, f_rng, p_rng)); > > 1313 > > 1314 /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from > > inv_mod. */ > > 1315 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len > > - 1, f_rng, p_rng)); > > >>> CID 510796: Insecure data handling (TAINTED_SCALAR) > > >>> Passing tainted expression "*ctx->Vf.p" to "mbedtls_mpi_mul_mpi", > > >>> which > uses it as an offset. > > 1316 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, > &R)); > > 1317 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, > > &ctx->Vi, &ctx->N)); > > 1318 > > 1319 /* At this point, Vi is invertible mod N if and only > > if both Vf and R > > 1320 * are invertible mod N. If one of them isn't, we > > don't need to know > > 1321 * which one, we just loop and choose new values for > > both of them. > > > > ** CID 510795: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510795: Control flow issues (DEADCODE) > > /drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init() > > 4265 > > 4266 static int spi_nor_init(struct spi_nor *nor) > > 4267 { > > 4268 int err; > > 4269 > > 4270 if (nor->flags & SNOR_F_HAS_PARALLEL) > > >>> CID 510795: Control flow issues (DEADCODE) > > >>> Execution cannot reach this statement: "nor->spi->flags |= 3UL;". > > 4271 nor->spi->flags |= SPI_NOR_ENABLE_MULTI_CS; > > 4272 > > 4273 err = spi_nor_octal_dtr_enable(nor); > > 4274 if (err) { > > 4275 dev_dbg(nor->dev, "Octal DTR mode not supported\n"); > > 4276 return err; > > > > ** CID 510794: Control flow issues (NO_EFFECT) > > /lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string() > > > > > > > ___________________________________________________________________ > _____________________________________ > > *** CID 510794: Control flow issues (NO_EFFECT) > > /lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string() > > 72 do { > > 73 name_str = kzalloc(len, GFP_KERNEL); > > 74 if (!name_str) > > 75 return NULL; > > 76 > > 77 wb = mbedtls_x509_dn_gets(name_str, len, name); > > >>> CID 510794: Control flow issues (NO_EFFECT) > > >>> This less-than-zero comparison of an unsigned value is never true. > > >>> "wb < > 0UL". > > 78 if (wb < 0) { > > 79 pr_err("Get DN string failed, ret:-0x%04x\n", > > 80 (unsigned int)-wb); > > 81 kfree(name_str); > > 82 len = len * 2; /* Try with a bigger buffer */ > > 83 } > > > > ----- End forwarded message ----- > > > > -- > > Tom
