[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Wed Dec 13 00:29:59 CET 2017
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
19 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1383613: Integer handling issues (BAD_SHIFT)
/src/mainboard/google/poppy/variants/nami/memory.c: 38 in variant_memory_params()
________________________________________________________________________________________________________
*** CID 1383613: Integer handling issues (BAD_SHIFT)
/src/mainboard/google/poppy/variants/nami/memory.c: 38 in variant_memory_params()
32 void variant_memory_params(struct memory_params *p)
33 {
34 memset(p, 0, sizeof(*p));
35 p->type = MEMORY_DDR4;
36
37 /* Rcomp resistor values are different for SDP and DDP. */
>>> CID 1383613: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << variant_memory_sku() - 1", shifting by a negative amount has undefined behavior. The shift amount, "variant_memory_sku() - 1", is -1.
38 if (ddp_bitmap & MEM_ID(variant_memory_sku())) {
39 p->rcomp_resistor = rcomp_resistor_ddp;
40 p->rcomp_resistor_size = sizeof(rcomp_resistor_ddp);
41 } else {
42 p->rcomp_resistor = rcomp_resistor_sdp;
43 p->rcomp_resistor_size = sizeof(rcomp_resistor_sdp);
** CID 1383612: Incorrect expression (UNUSED_VALUE)
/src/soc/amd/stoneyridge/bootblock/bootblock.c: 94 in load_smu_fw1()
________________________________________________________________________________________________________
*** CID 1383612: Incorrect expression (UNUSED_VALUE)
/src/soc/amd/stoneyridge/bootblock/bootblock.c: 94 in load_smu_fw1()
88 */
89 static void load_smu_fw1(void)
90 {
91 u32 base, limit;
92
93 /* Open a posted hole from 0x80000000 : 0xfed00000-1 */
>>> CID 1383612: Incorrect expression (UNUSED_VALUE)
>>> Assigning value "2147483648U" to "base" here, but that stored value is overwritten before it can be used.
94 base = 0x80000000;
95 base = (0x80000000 >> 8) | MMIO_WE | MMIO_RE;
96 limit = (ALIGN_DOWN(HPET_BASE_ADDRESS - 1, 64 * KiB) >> 8);
97 pci_write_config32(SOC_ADDR_DEV, D18F1_MMIO_LIMIT0_LO, limit);
98 pci_write_config32(SOC_ADDR_DEV, D18F1_MMIO_BASE0_LO, base);
99
** CID 1383611: Incorrect expression (MIXED_ENUMS)
/3rdparty/vboot/firmware/lib/vboot_ui_menu.c: 710 in vb2_developer_menu()
________________________________________________________________________________________________________
*** CID 1383611: Incorrect expression (MIXED_ENUMS)
/3rdparty/vboot/firmware/lib/vboot_ui_menu.c: 710 in vb2_developer_menu()
704 disable_dev_boot = 1;
705 VB2_DEBUG("dev_disable_boot is set.\n");
706
707 /* If dev mode is disabled, only allow TONORM */
708 current_menu = VB_MENU_TO_NORM;
709 prev_menu = VB_MENU_TO_NORM;
>>> CID 1383611: Incorrect expression (MIXED_ENUMS)
>>> Mixing enum types "enum _VB_DEV_WARNING_MENU" and "enum _VB_TO_NORM_MENU" for "current_menu_idx".
710 current_menu_idx = VB_TO_NORM_CONFIRM;
711 }
712 }
713
714 vb2_set_disabled_idx_mask(shared->flags);
715 /* Show the dev mode warning screen */
** CID 1383610: Null pointer dereferences (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/vboot_audio.c: 272 in VbAudioLooping()
________________________________________________________________________________________________________
*** CID 1383610: Null pointer dereferences (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/vboot_audio.c: 272 in VbAudioLooping()
266 uint64_t now;
267 uint16_t freq = audio->current_frequency;
268 uint16_t msec = 0;
269 int looping = 1;
270
271 /* if no audio context, never timeout */
>>> CID 1383610: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "audio" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
272 if (!audio)
273 return 1;
274
275 now = VbExGetTimer();
276 while (audio->next_note < audio->note_count &&
277 now >= audio->play_until) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5YLDpTo5mjmo2oY7525oQQcmrQmaB4r7t7xImr2w4l6SRsRoH-2FY3425aq-2B0-2BUblMU4VInRRdn7SfS1JA0dwJxpBZo93fAAqKLVQKotojc2BxVHcqla6tqbQWQzANsWPy2uoxPvui4XAlLYVZ2ci5AjX8yOiR9haE2dFLrTbwJ0gcVaBfIvePCOYnNZL2sAqXbI-3D
To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqfkfgGF5ECMwHI0-2FVznrU953Dvw3Ddjop950pccFQ-2Br0qaXkQSgAjbZsF6g7Yem3Y-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5YLDpTo5mjmo2oY7525oQQc2tvVA74fQIMxvoyIc7HP9OqMsM4odifQKvamos3I1L052M4fcM1UDZJtrCmSEOqlnNH06edByoXRxBezRRiY4iag1Yl336758GAHIjYPU8ZjYiujGUmXXgHxBUd5HUcbZizsm-2FJ4Dz11DNhljqdGnZpWpevo7VTsDTvjsX9uPuc-3D
More information about the coreboot
mailing list