[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Wed Dec 13 00:29:59 CET 2017 

Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

4 new defect(s) introduced to coreboot found with Coverity Scan.
19 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1383613:  Integer handling issues  (BAD_SHIFT)
/src/mainboard/google/poppy/variants/nami/memory.c: 38 in variant_memory_params()


________________________________________________________________________________________________________
*** CID 1383613:  Integer handling issues  (BAD_SHIFT)
/src/mainboard/google/poppy/variants/nami/memory.c: 38 in variant_memory_params()
32     void variant_memory_params(struct memory_params *p)
33     {
34     	memset(p, 0, sizeof(*p));
35     	p->type = MEMORY_DDR4;
36     
37     	/* Rcomp resistor values are different for SDP and DDP. */
>>>     CID 1383613:  Integer handling issues  (BAD_SHIFT)
>>>     In expression "1 << variant_memory_sku() - 1", shifting by a negative amount has undefined behavior.  The shift amount, "variant_memory_sku() - 1", is -1.
38     	if (ddp_bitmap & MEM_ID(variant_memory_sku())) {
39     		p->rcomp_resistor = rcomp_resistor_ddp;
40     		p->rcomp_resistor_size = sizeof(rcomp_resistor_ddp);
41     	} else {
42     		p->rcomp_resistor = rcomp_resistor_sdp;
43     		p->rcomp_resistor_size = sizeof(rcomp_resistor_sdp);

** CID 1383612:  Incorrect expression  (UNUSED_VALUE)
/src/soc/amd/stoneyridge/bootblock/bootblock.c: 94 in load_smu_fw1()


________________________________________________________________________________________________________
*** CID 1383612:  Incorrect expression  (UNUSED_VALUE)
/src/soc/amd/stoneyridge/bootblock/bootblock.c: 94 in load_smu_fw1()
88      */
89     static void load_smu_fw1(void)
90     {
91     	u32 base, limit;
92     
93     	/* Open a posted hole from 0x80000000 : 0xfed00000-1 */
>>>     CID 1383612:  Incorrect expression  (UNUSED_VALUE)
>>>     Assigning value "2147483648U" to "base" here, but that stored value is overwritten before it can be used.
94     	base =  0x80000000;
95     	base = (0x80000000 >> 8) | MMIO_WE | MMIO_RE;
96     	limit = (ALIGN_DOWN(HPET_BASE_ADDRESS - 1, 64 * KiB) >> 8);
97     	pci_write_config32(SOC_ADDR_DEV, D18F1_MMIO_LIMIT0_LO, limit);
98     	pci_write_config32(SOC_ADDR_DEV, D18F1_MMIO_BASE0_LO, base);
99     

** CID 1383611:  Incorrect expression  (MIXED_ENUMS)
/3rdparty/vboot/firmware/lib/vboot_ui_menu.c: 710 in vb2_developer_menu()


________________________________________________________________________________________________________
*** CID 1383611:  Incorrect expression  (MIXED_ENUMS)
/3rdparty/vboot/firmware/lib/vboot_ui_menu.c: 710 in vb2_developer_menu()
704     			disable_dev_boot = 1;
705     			VB2_DEBUG("dev_disable_boot is set.\n");
706     
707     			/* If dev mode is disabled, only allow TONORM */
708     			current_menu = VB_MENU_TO_NORM;
709     			prev_menu = VB_MENU_TO_NORM;
>>>     CID 1383611:  Incorrect expression  (MIXED_ENUMS)
>>>     Mixing enum types "enum _VB_DEV_WARNING_MENU" and "enum _VB_TO_NORM_MENU" for "current_menu_idx".
710     			current_menu_idx = VB_TO_NORM_CONFIRM;
711     		}
712     	}
713     
714     	vb2_set_disabled_idx_mask(shared->flags);
715     	/* Show the dev mode warning screen */

** CID 1383610:  Null pointer dereferences  (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/vboot_audio.c: 272 in VbAudioLooping()


________________________________________________________________________________________________________
*** CID 1383610:  Null pointer dereferences  (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/vboot_audio.c: 272 in VbAudioLooping()
266     	uint64_t now;
267     	uint16_t freq = audio->current_frequency;
268     	uint16_t msec = 0;
269     	int looping = 1;
270     
271     	/* if no audio context, never timeout */
>>>     CID 1383610:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "audio" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
272     	if (!audio)
273     		return 1;
274     
275     	now = VbExGetTimer();
276     	while (audio->next_note < audio->note_count &&
277     	       now >= audio->play_until) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5YLDpTo5mjmo2oY7525oQQcmrQmaB4r7t7xImr2w4l6SRsRoH-2FY3425aq-2B0-2BUblMU4VInRRdn7SfS1JA0dwJxpBZo93fAAqKLVQKotojc2BxVHcqla6tqbQWQzANsWPy2uoxPvui4XAlLYVZ2ci5AjX8yOiR9haE2dFLrTbwJ0gcVaBfIvePCOYnNZL2sAqXbI-3D

To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqfkfgGF5ECMwHI0-2FVznrU953Dvw3Ddjop950pccFQ-2Br0qaXkQSgAjbZsF6g7Yem3Y-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5YLDpTo5mjmo2oY7525oQQc2tvVA74fQIMxvoyIc7HP9OqMsM4odifQKvamos3I1L052M4fcM1UDZJtrCmSEOqlnNH06edByoXRxBezRRiY4iag1Yl336758GAHIjYPU8ZjYiujGUmXXgHxBUd5HUcbZizsm-2FJ4Dz11DNhljqdGnZpWpevo7VTsDTvjsX9uPuc-3D

More information about the coreboot mailing list