Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
77 new defect(s) introduced to coreboot found with Coverity Scan. 14 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 77 defect(s)
** CID 1347357: (NEGATIVE_RETURNS) /util/intelvbttool/intelvbttool.c: 530 in main() /util/intelvbttool/intelvbttool.c: 530 in main()
________________________________________________________________________________________________________ *** CID 1347357: (NEGATIVE_RETURNS) /util/intelvbttool/intelvbttool.c: 530 in main() 524 } 525 if (ptr == MAP_FAILED) { 526 fprintf(stderr, "mmap failed: %s\n", strerror(errno)); 527 return 1; 528 } 529 parse_vbios(ptr);
CID 1347357: (NEGATIVE_RETURNS) "fd" is passed to a parameter that cannot be negative.
530 close(fd); 531 return 0; /util/intelvbttool/intelvbttool.c: 530 in main() 524 } 525 if (ptr == MAP_FAILED) { 526 fprintf(stderr, "mmap failed: %s\n", strerror(errno)); 527 return 1; 528 } 529 parse_vbios(ptr);
CID 1347357: (NEGATIVE_RETURNS) "fd" is passed to a parameter that cannot be negative.
530 close(fd); 531 return 0;
** CID 1347356: (NO_EFFECT) /src/northbridge/intel/pineview/raminit.c: 348 in msbpos() /src/northbridge/intel/x4x/raminit_ddr2.c: 48 in msbpos() /src/northbridge/intel/x4x/raminit.c: 259 in msbpos()
________________________________________________________________________________________________________ *** CID 1347356: (NO_EFFECT) /src/northbridge/intel/pineview/raminit.c: 348 in msbpos() 342 return i; 343 } 344 345 static u8 msbpos(u8 val) //Reverse 346 { 347 u8 i;
CID 1347356: (NO_EFFECT) This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "i >= 0".
348 for (i = 7; (i >= 0) && ((val & (1 << i)) == 0); i--); 349 return i; 350 } 351 352 static void sdram_detect_smallest_params(struct sysinfo *s) 353 { /src/northbridge/intel/x4x/raminit_ddr2.c: 48 in msbpos() 42 return mhz[speed]; 43 } 44 45 static u8 msbpos(u8 val) //Reverse 46 { 47 u8 i;
CID 1347356: (NO_EFFECT) This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "i >= 0".
48 for (i = 7; i >= 0; i--) { 49 if ((val & (1 << i)) == 0) 50 break; 51 } 52 return i; 53 } /src/northbridge/intel/x4x/raminit.c: 259 in msbpos() 253 return i; 254 } 255 256 static u8 msbpos(u8 val) //Reverse 257 { 258 u8 i;
CID 1347356: (NO_EFFECT) This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "i >= 0".
259 for (i = 7; (i >= 0) && ((val & (1 << i)) == 0); i--); 260 return i; 261 } 262 263 static void mchinfo_ddr2(struct sysinfo *s) 264 {
** CID 1347355: Control flow issues (NO_EFFECT) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 2649 in fam15EnableTrainingMode()
________________________________________________________________________________________________________ *** CID 1347355: Control flow issues (NO_EFFECT) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 2649 in fam15EnableTrainingMode() 2643 * Implement LRDIMM support 2644 * See Fam15h BKDG Rev. 3.14 section 2.10.5.5 2645 */ 2646 twrrd = 0xb; 2647 } else { 2648 max_cdd_we_delta = (((int16_t)cdd_twrrd + 1 - ((int16_t)write_early * 2)) + 1) / 2;
CID 1347355: Control flow issues (NO_EFFECT) This less-than-zero comparison of an unsigned value is never true. "max_cdd_we_delta < 0".
2649 if (max_cdd_we_delta < 0) 2650 max_cdd_we_delta = 0; 2651 if (((uint16_t)max_cdd_we_delta) > write_odt_delay) 2652 dword = max_cdd_we_delta; 2653 else 2654 dword = write_odt_delay;
** CID 1347354: Memory - corruptions (OVERRUN) /src/northbridge/amd/amdmct/mct_ddr3/mctsrc.c: 1214 in dqsTrainRcvrEn_SW_Fam15()
________________________________________________________________________________________________________ *** CID 1347354: Memory - corruptions (OVERRUN) /src/northbridge/amd/amdmct/mct_ddr3/mctsrc.c: 1214 in dqsTrainRcvrEn_SW_Fam15() 1208 1209 _DisableDramECC = mct_DisableDimmEccEn_D(pMCTstat, pDCTstat); 1210 1211 Errors = 0; 1212 dev = pDCTstat->dev_dct; 1213
CID 1347354: Memory - corruptions (OVERRUN) Checking "Channel < 2" implies that "Channel" is 2 on the false branch.
1214 for (Channel = 0; Channel < 2; Channel++) { 1215 print_debug_dqs("\tTrainRcvEn51: Node ", pDCTstat->Node_ID, 1); 1216 print_debug_dqs("\tTrainRcvEn51: Channel ", Channel, 1); 1217 pDCTstat->Channel = Channel; 1218 1219 mem_clk = Get_NB32_DCT(dev, Channel, 0x94) & 0x1f;
** CID 1347353: Memory - illegal accesses (OVERRUN) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 302 in fam10h_mhz_to_memclk_config()
________________________________________________________________________________________________________ *** CID 1347353: Memory - illegal accesses (OVERRUN) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 302 in fam10h_mhz_to_memclk_config() 296 297 /* Compute the index value for the given frequency */ 298 for (iter = 0; iter <= 0x6; iter++) { 299 if (fam10h_freq_tab[iter] == freq) 300 break; 301 }
CID 1347353: Memory - illegal accesses (OVERRUN) Overrunning array "fam10h_freq_tab" of 7 2-byte elements at element index 7 (byte offset 14) using index "iter" (which evaluates to 7).
302 if (fam10h_freq_tab[iter] == freq) 303 freq = iter; 304 if (freq == 0) 305 freq = 0x3; 306 307 return freq;
** CID 1347352: Memory - illegal accesses (OVERRUN) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 284 in fam15h_mhz_to_memclk_config()
________________________________________________________________________________________________________ *** CID 1347352: Memory - illegal accesses (OVERRUN) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 284 in fam15h_mhz_to_memclk_config() 278 279 /* Compute the index value for the given frequency */ 280 for (iter = 0; iter <= 0x16; iter++) { 281 if (fam15h_freq_tab[iter] == freq) 282 break; 283 }
CID 1347352: Memory - illegal accesses (OVERRUN) Overrunning array "fam15h_freq_tab" of 23 2-byte elements at element index 23 (byte offset 46) using index "iter" (which evaluates to 23).
284 if (fam15h_freq_tab[iter] == freq) 285 freq = iter; 286 if (freq == 0) 287 freq = 0x4; 288 289 return freq;
** CID 1347351: Memory - illegal accesses (OVERRUN) /src/northbridge/intel/x4x/ram_calc.c: 47 in decode_igd_gtt_size()
________________________________________________________________________________________________________ *** CID 1347351: Memory - illegal accesses (OVERRUN) /src/northbridge/intel/x4x/ram_calc.c: 47 in decode_igd_gtt_size() 41 { 42 static const u8 ggc2gtt[] = { 0, 1, 0, 2, 0, 0, 0, 0, 0, 2, 3, 4}; 43 44 if (gsm > ARRAY_SIZE(ggc2gtt)) 45 die("Bad GTT Graphics Memory Size (GGMS) setting.\n"); 46
CID 1347351: Memory - illegal accesses (OVERRUN) Overrunning array "ggc2gtt" of 12 bytes at byte offset 12 using index "gsm" (which evaluates to 12).
47 return ggc2gtt[gsm] << 10; 48 } 49 50 u8 decode_pciebar(u32 *const base, u32 *const len) 51 { 52 *base = 0;
** CID 1347350: Memory - illegal accesses (OVERRUN) /src/northbridge/intel/x4x/ram_calc.c: 36 in decode_igd_memory_size()
________________________________________________________________________________________________________ *** CID 1347350: Memory - illegal accesses (OVERRUN) /src/northbridge/intel/x4x/ram_calc.c: 36 in decode_igd_memory_size() 30 static const u16 ggc2uma[] = { 0, 0, 0, 0, 0, 31 32, 48, 64, 128, 256, 96, 160, 224, 352 }; 32 33 if (gms > ARRAY_SIZE(ggc2uma)) 34 die("Bad Graphics Mode Select (GMS) setting.\n"); 35
CID 1347350: Memory - illegal accesses (OVERRUN) Overrunning array "ggc2uma" of 14 2-byte elements at element index 14 (byte offset 28) using index "gms" (which evaluates to 14).
36 return ggc2uma[gms] << 10; 37 } 38 39 /** Decodes used GTT Graphics Memory Size (GGMS) to kilobytes. */ 40 u32 decode_igd_gtt_size(const u32 gsm) 41 {
** CID 1347349: (PARSE_ERROR) /util/inteltool/.test.c: 3 in () /util/viatool/.test.c: 3 in ()
________________________________________________________________________________________________________ *** CID 1347349: (PARSE_ERROR) /util/inteltool/.test.c: 3 in () 1 /* Avoid a failing test due to libpci header symbol shadowing breakage */ 2 #define index shadow_workaround_index
CID 1347349: (PARSE_ERROR) cannot open source file "pci/pci.h"
3 #include <pci/pci.h> 4 struct pci_access *pacc; 5 int main(int argc, char **argv) 6 { 7 (void) argc; 8 (void) argv; 9 pacc = pci_alloc(); 10 return 0; /util/viatool/.test.c: 3 in () 1 /* Avoid a failing test due to libpci header symbol shadowing breakage */ 2 #define index shadow_workaround_index
CID 1347349: (PARSE_ERROR) cannot open source file "pci/pci.h"
3 #include <pci/pci.h> 4 struct pci_access *pacc; 5 int main(int argc, char **argv) 6 { 7 (void) argc; 8 (void) argv; 9 pacc = pci_alloc(); 10 return 0;
** CID 1347348: Parse warnings (PARSE_ERROR) /util/inteltool/inteltool.h: 27 in ()
________________________________________________________________________________________________________ *** CID 1347348: Parse warnings (PARSE_ERROR) /util/inteltool/inteltool.h: 27 in () 21 #endif 22 #if (defined(__MACH__) && defined(__APPLE__)) 23 /* DirectHW is available here: http://www.coreboot.org/DirectHW */ 24 #define __DARWIN__ 25 #include <DirectHW/DirectHW.h> 26 #endif
CID 1347348: Parse warnings (PARSE_ERROR) During compilation of file '/home/coreboot/coreboot/util/inteltool/cpu.c'
27 #include <pci/pci.h> 28 29 /* This #include is needed for freebsd_{rd,wr}msr. */ 30 #if defined(__FreeBSD__) 31 #include <machine/cpufunc.h> 32 #endif
** CID 1347347: Parse warnings (PARSE_ERROR) /util/superiotool/superiotool.h: 37 in ()
________________________________________________________________________________________________________ *** CID 1347347: Parse warnings (PARSE_ERROR) /util/superiotool/superiotool.h: 37 in () 31 #if (defined(__MACH__) && defined(__APPLE__)) 32 /* DirectHW is available here: http://www.coreboot.org/DirectHW */ 33 #include <DirectHW/DirectHW.h> 34 #endif 35 36 #ifdef PCI_SUPPORT
CID 1347347: Parse warnings (PARSE_ERROR) During compilation of file '/home/coreboot/coreboot/util/superiotool/ali.c'
37 #include <pci/pci.h> 38 #endif 39 40 #if defined(__FreeBSD__) 41 #include <sys/types.h> 42 #include <machine/cpufunc.h>
** CID 1347346: Parse warnings (PARSE_ERROR) /util/viatool/viatool.h: 31 in ()
________________________________________________________________________________________________________ *** CID 1347346: Parse warnings (PARSE_ERROR) /util/viatool/viatool.h: 31 in () 25 #endif 26 #if (defined(__MACH__) && defined(__APPLE__)) 27 /* DirectHW is available here: http://www.coreboot.org/DirectHW */ 28 #define __DARWIN__ 29 #include <DirectHW/DirectHW.h> 30 #endif
CID 1347346: Parse warnings (PARSE_ERROR) During compilation of file '/home/coreboot/coreboot/util/viatool/cpu.c'
31 #include <pci/pci.h> 32 33 /* This #include is needed for freebsd_{rd,wr}msr. */ 34 #if defined(__FreeBSD__) 35 #include <machine/cpufunc.h> 36 #endif
** CID 1347345: Resource leaks (RESOURCE_LEAK) /payloads/libpayload/libcbfs/cbfs.c: 115 in cbfs_load_stage()
________________________________________________________________________________________________________ *** CID 1347345: Resource leaks (RESOURCE_LEAK) /payloads/libpayload/libcbfs/cbfs.c: 115 in cbfs_load_stage() 109 final_size = cbfs_decompress(stage->compression, 110 ((unsigned char *) stage) + 111 sizeof(struct cbfs_stage), 112 (void *) (uintptr_t) stage->load, 113 stage->len); 114 if (!final_size)
CID 1347345: Resource leaks (RESOURCE_LEAK) Variable "stage" going out of scope leaks the storage it points to.
115 return (void *) -1; 116 117 memset((void *)((uintptr_t)stage->load + final_size), 0, 118 stage->memlen - final_size); 119 120 DEBUG("stage loaded.\n");
** CID 1347344: (RESOURCE_LEAK) /src/northbridge/amd/amdmct/mct_ddr3/s3utils.c: 1117 in save_mct_information_to_nvram() /src/northbridge/amd/amdmct/mct_ddr3/s3utils.c: 1123 in save_mct_information_to_nvram()
________________________________________________________________________________________________________ *** CID 1347344: (RESOURCE_LEAK) /src/northbridge/amd/amdmct/mct_ddr3/s3utils.c: 1117 in save_mct_information_to_nvram() 1111 if (restored) { 1112 /* Allow training bypass if DIMM configuration is unchanged on next boot */ 1113 nvram = 1; 1114 set_option("allow_spd_nvram_cache_restore", &nvram); 1115 1116 printk(BIOS_DEBUG, "Hardware configuration unchanged since last boot; skipping write\n");
CID 1347344: (RESOURCE_LEAK) Variable "persistent_data" going out of scope leaks the storage it points to.
1117 return 0; 1118 } 1119 1120 /* Obtain CBFS file offset */ 1121 s3nv_offset = get_s3nv_file_offset(); 1122 if (s3nv_offset == -1) /src/northbridge/amd/amdmct/mct_ddr3/s3utils.c: 1123 in save_mct_information_to_nvram() 1117 return 0; 1118 } 1119 1120 /* Obtain CBFS file offset */ 1121 s3nv_offset = get_s3nv_file_offset(); 1122 if (s3nv_offset == -1)
CID 1347344: (RESOURCE_LEAK) Variable "persistent_data" going out of scope leaks the storage it points to.
1123 return -1; 1124 1125 /* Align flash pointer to nearest boundary */ 1126 s3nv_offset &= ~(CONFIG_S3_DATA_SIZE-1); 1127 s3nv_offset += CONFIG_S3_DATA_SIZE; 1128
** CID 1347343: Integer handling issues (SIGN_EXTENSION) /src/northbridge/amd/amdfam10/northbridge.c: 809 in amdfam10_domain_read_resources()
________________________________________________________________________________________________________ *** CID 1347343: Integer handling issues (SIGN_EXTENSION) /src/northbridge/amd/amdfam10/northbridge.c: 809 in amdfam10_domain_read_resources() 803 } 804 } 805 } 806 807 /* Calculate CC6 storage area size */ 808 if (interleaved)
CID 1347343: Integer handling issues (SIGN_EXTENSION) Suspicious implicit sign extension: "num_nodes" with type "unsigned char" (8 bits, unsigned) is promoted in "16777216 * num_nodes" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "16777216 * num_nodes" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
809 qword = (0x1000000 * num_nodes); 810 else 811 qword = 0x1000000; 812 813 /* FIXME 814 * The BKDG appears to be incorrect as to the location of the CC6 save region
** CID 1347342: Integer handling issues (SIGN_EXTENSION) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 1760 in set_up_cc6_storage_fam15()
________________________________________________________________________________________________________ *** CID 1347342: Integer handling issues (SIGN_EXTENSION) /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c: 1760 in set_up_cc6_storage_fam15() 1754 __func__, max_node, max_range_limit, 1755 (((uint64_t)(Get_NB32(pDCTstat->dev_map, 0x124) 1756 & 0x1fffff)) << 27) | 0x7ffffff); 1757 1758 if (interleaved) 1759 /* Move upper limit down by 16M * the number of nodes */
CID 1347342: Integer handling issues (SIGN_EXTENSION) Suspicious implicit sign extension: "num_nodes" with type "unsigned char" (8 bits, unsigned) is promoted in "16777216 * num_nodes" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "16777216 * num_nodes" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1760 max_range_limit -= (0x1000000 * num_nodes); 1761 else 1762 /* Move upper limit down by 16M */ 1763 max_range_limit -= 0x1000000; 1764 1765 printk(BIOS_INFO, "%s:\tnew max_range_limit: %16llx\n",
** CID 1347341: Incorrect expression (SIZEOF_MISMATCH) /src/southbridge/intel/fsp_i89xx/romstage.c: 215 in romstage_main_continue()
________________________________________________________________________________________________________ *** CID 1347341: Incorrect expression (SIZEOF_MISMATCH) /src/southbridge/intel/fsp_i89xx/romstage.c: 215 in romstage_main_continue() 209 210 if(cbmem_was_initted) { 211 reset_system(); 212 } 213 214 /* Save the HOB pointer in CBMEM to be used in ramstage. */
CID 1347341: Incorrect expression (SIZEOF_MISMATCH) Passing argument "4ULL /* sizeof (HobListPtr) */" to function "cbmem_add" which returns a value of type "VOID *" is suspicious.
215 cbmem_hob_ptr = cbmem_add (CBMEM_ID_HOB_POINTER, sizeof(HobListPtr)); 216 *(uint32_t*)cbmem_hob_ptr = (uint32_t)HobListPtr; 217 post_code(0x4f); 218 219 timestamp_add_now(TS_END_ROMSTAGE); 220
** CID 1347340: Memory - illegal accesses (STRING_NULL) /util/cbmem/cbmem.c: 398 in arch_tick_frequency()
________________________________________________________________________________________________________ *** CID 1347340: Memory - illegal accesses (STRING_NULL) /util/cbmem/cbmem.c: 398 in arch_tick_frequency() 392 } 393 fclose(cpuf); 394 rv = strtoull(freqs, &endp, 10); 395 396 if (*endp == '\0' || *endp == '\n') 397 return rv;
CID 1347340: Memory - illegal accesses (STRING_NULL) Passing unterminated string "freqs" to "fprintf".
398 fprintf(stderr, "Wrong formatted value ^%s^ read from %s\n", 399 freqs, freq_file); 400 exit(1); 401 } 402 #elif defined(__OpenBSD__) && (defined(__i386__) || defined(__x86_64__)) 403 static unsigned long arch_tick_frequency(void)
** CID 1347339: Uninitialized variables (UNINIT) /src/northbridge/amd/amdfam10/northbridge.c: 1701 in detect_and_enable_probe_filter()
________________________________________________________________________________________________________ *** CID 1347339: Uninitialized variables (UNINIT) /src/northbridge/amd/amdfam10/northbridge.c: 1701 in detect_and_enable_probe_filter() 1695 if ((model >= 0x8) || fam15h) 1696 /* Revision D or later */ 1697 rev_gte_d = 1; 1698 1699 if (rev_gte_d) 1700 /* Check for dual node capability */
CID 1347339: Uninitialized variables (UNINIT) Using uninitialized value "f3xe8".
1701 if (f3xe8 & 0x20000000) 1702 dual_node = 1; 1703 1704 if (rev_gte_d && (sysconf.nodes > 1)) { 1705 /* Enable the probe filter */ 1706 uint8_t i;
** CID 1347338: Uninitialized variables (UNINIT) /src/northbridge/amd/amdmct/wrappers/mcti_d.c: 368 in mctGet_MaxLoadFreq()
________________________________________________________________________________________________________ *** CID 1347338: Uninitialized variables (UNINIT) /src/northbridge/amd/amdmct/wrappers/mcti_d.c: 368 in mctGet_MaxLoadFreq() 362 highest_rank_count[i] = pDCTstat->DimmRanks[dimm]; 363 } 364 } 365 #endif 366 367 /* Set limits if needed */
CID 1347338: Uninitialized variables (UNINIT) Using uninitialized value "highest_rank_count[0]".
368 pDCTstat->PresetmaxFreq = mct_MaxLoadFreq(max(ch1_count, ch2_count), max(highest_rank_count[0], highest_rank_count[1]), (ch1_registered || ch2_registered), (ch1_voltage | ch2_voltage), pDCTstat->PresetmaxFreq); 369 } 370 371 #ifdef UNUSED_CODE 372 static void mctAdjustAutoCycTmg(void) 373 {
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/coreboot?tab=overview
To manage Coverity Scan email notifications for "coreboot@coreboot.org", click https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&a...