Here's the latest Coverity scan report. I think the test/dm/clk_ccf.c report is just a "works as intended" but I'm not sure off-hand about the fdtdec.c test. Might be the case the previous test in the file also has this problem, and since it's just test code, might also be fine enough.
---------- Forwarded message --------- From: <[email protected]> Date: Mon, Dec 8, 2025 at 1:23 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: <[email protected]> Hi, Please find the latest report on new defect(s) introduced to *Das U-Boot* found with Coverity Scan. - *New Defects Found:* 2 - 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. - *Defects Shown:* Showing 2 of 2 defect(s) Defect Details ** CID 639831: (TAINTED_SCALAR) _____________________________________________________________________________________________ *** CID 639831: (TAINTED_SCALAR) /test/dm/fdtdec.c: 153 in dm_test_fdt_chosen_smbios() 147 148 blob_sz = fdt_totalsize(gd->fdt_blob) + 4096; 149 blob = memalign(8, blob_sz); 150 ut_assertnonnull(blob); 151 152 /* Make a writable copy of the fdt blob */ >>> CID 639831: (TAINTED_SCALAR) >>> Passing tainted expression "gd->fdt_blob->totalsize" to >>> "fdt_open_into", which uses it as an offset. 153 ut_assertok(fdt_open_into(gd->fdt_blob, blob, blob_sz)); 154 155 /* Mock SMBIOS table */ 156 entry = map_sysmem(gd->arch.smbios_start, sizeof(struct smbios3_entry)); 157 memcpy(entry->anchor, "_SM3_", 5); 158 entry->length = sizeof(struct smbios3_entry); /test/dm/fdtdec.c: 153 in dm_test_fdt_chosen_smbios() 147 148 blob_sz = fdt_totalsize(gd->fdt_blob) + 4096; 149 blob = memalign(8, blob_sz); 150 ut_assertnonnull(blob); 151 152 /* Make a writable copy of the fdt blob */ >>> CID 639831: (TAINTED_SCALAR) >>> Passing tainted expression "gd->fdt_blob->size_dt_strings" to >>> "fdt_open_into", which uses it as an offset. 153 ut_assertok(fdt_open_into(gd->fdt_blob, blob, blob_sz)); 154 155 /* Mock SMBIOS table */ 156 entry = map_sysmem(gd->arch.smbios_start, sizeof(struct smbios3_entry)); 157 memcpy(entry->anchor, "_SM3_", 5); 158 entry->length = sizeof(struct smbios3_entry); /test/dm/fdtdec.c: 153 in dm_test_fdt_chosen_smbios() 147 148 blob_sz = fdt_totalsize(gd->fdt_blob) + 4096; 149 blob = memalign(8, blob_sz); 150 ut_assertnonnull(blob); 151 152 /* Make a writable copy of the fdt blob */ >>> CID 639831: (TAINTED_SCALAR) >>> Passing tainted expression "gd->fdt_blob->size_dt_struct" to >>> "fdt_open_into", which uses it as an offset. 153 ut_assertok(fdt_open_into(gd->fdt_blob, blob, blob_sz)); 154 155 /* Mock SMBIOS table */ 156 entry = map_sysmem(gd->arch.smbios_start, sizeof(struct smbios3_entry)); 157 memcpy(entry->anchor, "_SM3_", 5); 158 entry->length = sizeof(struct smbios3_entry); ** CID 639830: Integer handling issues (INTEGER_OVERFLOW) /test/dm/clk_ccf.c: 68 in dm_test_clk_ccf() _____________________________________________________________________________________________ *** CID 639830: Integer handling issues (INTEGER_OVERFLOW) /test/dm/clk_ccf.c: 68 in dm_test_clk_ccf() 62 ut_asserteq(CLK_SET_RATE_NO_REPARENT, clk->flags); 63 64 rate = clk_get_parent_rate(clk); 65 ut_asserteq(rate, 60000000); 66 67 rate = clk_set_rate(clk, 60000000); >>> CID 639830: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "_val1", where "rate" is known to be equal to -38, overflows >>> the type of "_val1", which is type "unsigned int". 68 ut_asserteq(rate, -ENOSYS); 69 70 rate = clk_get_rate(clk); 71 ut_asserteq(rate, 60000000); 72 73 ret = clk_get_by_id(CLK_ID(dev, SANDBOX_CLK_PLL3_80M), &pclk); View Defects in Coverity Scan <https://scan.coverity.com/projects/das-u-boot?tab=overview> Best regards, The Coverity Scan Admin Team ----- End forwarded message ----- -- Tom
signature.asc
Description: PGP signature
