Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
15 new defect(s) introduced to coreboot found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 15 of 15 defect(s)
** CID 1518916: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518916: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn);
CID 1518916: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseHsuartEnable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn);
** CID 1518915: (TAINTED_SCALAR) /src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init() /src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init() /src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init()
________________________________________________________________________________________________________ *** CID 1518915: (TAINTED_SCALAR) /src/soc/qualcomm/common/qupv3_config.c: 155 in qupv3_se_fw_load_and_init() 149 (hdr->fw_version & 0xFF << 150 FW_REV_VERSION_SHFT); 151 write32(®s->se_s_fw_revision, reg_value); 152 153 assert(hdr->fw_size_in_items <= SIZE_GENI_FW_RAM); 154
CID 1518915: (TAINTED_SCALAR) Passing tainted expression "hdr->fw_size_in_items * 4UL" to "memcpy", which uses it as an offset. [Note: The source code implementation of the function has been overridden by a builtin model.]
155 memcpy((®s->se_geni_cfg_ramn), fw_val_arr, 156 hdr->fw_size_in_items * sizeof(uint32_t)); 157 158 /* HPG section 3.1.7.12 */ 159 write32(®s->geni_force_default_reg, 0x1); 160 setbits_le32(®s->geni_cgc_ctrl, GENI_CGC_CTRL_PROG_RAM_SCLK_OFF_BMSK /src/soc/qualcomm/common/qupv3_config.c: 83 in qupv3_se_fw_load_and_init() 77 write32(®s->geni_cgc_ctrl, DEFAULT_CGC_EN); 78 79 /* HPG section 3.1.7.4 */ 80 write32(®s->geni_init_cfg_revision, hdr->cfg_version); 81 write32(®s->geni_s_init_cfg_revision, hdr->cfg_version); 82
CID 1518915: (TAINTED_SCALAR) Using tainted variable "hdr->cfg_size_in_items - 1" as an index to pointer "cfg_idx_arr".
83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <= 84 MAX_OFFSET_CFG_REG); 85 86 for (i = 0; i < hdr->cfg_size_in_items; i++) 87 write32(®s->geni_cfg_reg0 + cfg_idx_arr[i], 88 cfg_val_arr[i]); /src/soc/qualcomm/common/qupv3_config.c: 86 in qupv3_se_fw_load_and_init() 80 write32(®s->geni_init_cfg_revision, hdr->cfg_version); 81 write32(®s->geni_s_init_cfg_revision, hdr->cfg_version); 82 83 assert(cfg_idx_arr[hdr->cfg_size_in_items - 1] * sizeof(uint32_t) <= 84 MAX_OFFSET_CFG_REG); 85
CID 1518915: (TAINTED_SCALAR) Using tainted variable "hdr->cfg_size_in_items" as a loop boundary.
86 for (i = 0; i < hdr->cfg_size_in_items; i++) 87 write32(®s->geni_cfg_reg0 + cfg_idx_arr[i], 88 cfg_val_arr[i]); 89 90 /* HPG section 3.1.7.9 */ 91 /* non-UART configuration, UART driver can configure as desired for UART
** CID 1518914: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518914: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() 154 pse_fw_base = (uintptr_t)&psefwbuf; 155 params->SiipRegionBase = pse_fw_base; 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */
CID 1518914: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseDmaEnable" of 3 bytes by passing it to a function which accesses it at byte offset 11 using argument "12UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn);
** CID 1518913: (TAINTED_SCALAR) /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode()
________________________________________________________________________________________________________ *** CID 1518913: (TAINTED_SCALAR) /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224
CID 1518913: (TAINTED_SCALAR) Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224
CID 1518913: (TAINTED_SCALAR) Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224
CID 1518913: (TAINTED_SCALAR) Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 } /src/cpu/intel/microcode/microcode.c: 225 in find_cbfs_microcode() 219 ext_tbl = ucode_get_ext_sig_table(ucode_updates); 220 221 if (ext_tbl != NULL) { 222 int i; 223 struct ext_sig_entry *entry = (struct ext_sig_entry *)(ext_tbl + 1); 224
CID 1518913: (TAINTED_SCALAR) Using tainted variable "ext_tbl->ext_sig_cnt" as a loop boundary.
225 for (i = 0; i < ext_tbl->ext_sig_cnt; i++, entry++) { 226 if ((sig == entry->sig) && (pf & entry->pf)) { 227 return ucode_updates; 228 } 229 } 230 }
** CID 1518912: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518912: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn);
CID 1518912: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseQepEnable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn);
** CID 1518911: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518911: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own);
CID 1518911: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseCanEnable" of 2 bytes by passing it to a function which accesses it at byte offset 7 using argument "8UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); 180 params->PchPseAdcEnable = config->PseAdcOwn;
** CID 1518910: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518910: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own);
CID 1518910: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseSpiCs1Enable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn);
** CID 1518909: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518909: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn);
CID 1518909: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseI2sEnable" of 2 bytes by passing it to a function which accesses it at byte offset 7 using argument "8UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own);
** CID 1518908: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518908: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn);
CID 1518908: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseI2cEnable" of 8 bytes by passing it to a function which accesses it at byte offset 31 using argument "32UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn);
** CID 1518907: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________ *** CID 1518907: Null pointer dereferences (FORWARD_NULL) /src/acpi/acpi.c: 1499 in write_acpi_tables() 1493 current = acpi_align_current(current); 1494 1495 /* clear all table memory */ 1496 memset((void *)start, 0, current - start); 1497 1498 acpi_write_rsdp(rsdp, rsdt, xsdt, oem_id);
CID 1518907: Null pointer dereferences (FORWARD_NULL) Passing null pointer "rsdt" to "acpi_write_rsdt", which dereferences it.
1499 acpi_write_rsdt(rsdt, oem_id, oem_table_id); 1500 acpi_write_xsdt(xsdt, oem_id, oem_table_id); 1501 1502 if (ENV_X86) { 1503 printk(BIOS_DEBUG, "ACPI: * FACS\n"); 1504 current = ALIGN_UP(current, 64);
** CID 1518906: (BUFFER_SIZE) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518906: (BUFFER_SIZE) /src/soc/intel/elkhartlake/fsp_params.c: 164 in fill_fsps_pse_params() 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn);
CID 1518906: (BUFFER_SIZE) You might overrun the 4 byte destination string "params->PchPseHsuartEnable" by writing the maximum 16 bytes from "config->PseHsuartOwn".
164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); /src/soc/intel/elkhartlake/fsp_params.c: 160 in fill_fsps_pse_params() 154 pse_fw_base = (uintptr_t)&psefwbuf; 155 params->SiipRegionBase = pse_fw_base; 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */
CID 1518906: (BUFFER_SIZE) You might overrun the 3 byte destination string "params->PchPseDmaEnable" by writing the maximum 12 bytes from "config->PseDmaOwn".
160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); /src/soc/intel/elkhartlake/fsp_params.c: 167 in fill_fsps_pse_params() 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn);
CID 1518906: (BUFFER_SIZE) You might overrun the 8 byte destination string "params->PchPseI2cEnable" by writing the maximum 32 bytes from "config->PseI2cOwn".
167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn);
CID 1518906: (BUFFER_SIZE) You might overrun the 4 byte destination string "params->PchPseSpiEnable" by writing the maximum 16 bytes from "config->PseSpiOwn".
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn);
CID 1518906: (BUFFER_SIZE) You might overrun the 4 byte destination string "params->PchPseSpiCs0Enable" by writing the maximum 16 bytes from "config->PseSpiCs0Own".
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; /src/soc/intel/elkhartlake/fsp_params.c: 169 in fill_fsps_pse_params() 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn);
CID 1518906: (BUFFER_SIZE) You might overrun the 2 byte destination string "params->PchPseI2sEnable" by writing the maximum 8 bytes from "config->PseI2sOwn".
169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); /src/soc/intel/elkhartlake/fsp_params.c: 165 in fill_fsps_pse_params() 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn); 162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn);
CID 1518906: (BUFFER_SIZE) You might overrun the 4 byte destination string "params->PchPseQepEnable" by writing the maximum 16 bytes from "config->PseQepOwn".
165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); /src/soc/intel/elkhartlake/fsp_params.c: 175 in fill_fsps_pse_params() 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own);
CID 1518906: (BUFFER_SIZE) You might overrun the 2 byte destination string "params->PchPseCanEnable" by writing the maximum 8 bytes from "config->PseCanOwn".
175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); 180 params->PchPseAdcEnable = config->PseAdcOwn; /src/soc/intel/elkhartlake/fsp_params.c: 174 in fill_fsps_pse_params() 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own);
CID 1518906: (BUFFER_SIZE) You might overrun the 4 byte destination string "params->PchPseSpiCs1Enable" by writing the maximum 16 bytes from "config->PseSpiCs1Own".
174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn; 179 FSP_ARRAY_LOAD(params->PchPsePwmPinEnable, config->PsePwmPinEn); /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params() 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn);
CID 1518906: (BUFFER_SIZE) You might overrun the 6 byte destination string "params->PchPseUartEnable" by writing the maximum 24 bytes from "config->PseUartOwn".
162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn);
** CID 1518905: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518905: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 171 in fill_fsps_pse_params() 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn);
CID 1518905: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseSpiEnable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn); 173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn);
** CID 1518904: Integer handling issues (BAD_SHIFT) /src/security/intel/txt/common.c: 277 in intel_txt_prepare_bios_acm()
________________________________________________________________________________________________________ *** CID 1518904: Integer handling issues (BAD_SHIFT) /src/security/intel/txt/common.c: 277 in intel_txt_prepare_bios_acm() 271 } 272 273 /* 274 * The ACM should be aligned to it's size, but that's not possible, as 275 * some ACMs are not power of two. Use the next power of two for verification. 276 */
CID 1518904: Integer handling issues (BAD_SHIFT) In expression "1UL << log2_ceil(*acm_len)", shifting by a negative amount has undefined behavior. The shift amount, "log2_ceil(*acm_len)", is -1.
277 if (!IS_ALIGNED((uintptr_t)acm_data, (1UL << log2_ceil(*acm_len)))) { 278 printk(BIOS_ERR, "TEE-TXT: BIOS ACM isn't aligned to its size.\n"); 279 cbfs_unmap(acm_data); 280 return NULL; 281 } 282
** CID 1518903: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518903: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 162 in fill_fsps_pse_params() 156 params->SiipRegionSize = psefwsize; 157 printk(BIOS_DEBUG, "PSE base: %08x size: %08zx\n", pse_fw_base, psefwsize); 158 159 /* Configure PSE peripherals */ 160 FSP_ARRAY_LOAD(params->PchPseDmaEnable, config->PseDmaOwn); 161 FSP_ARRAY_LOAD(params->PchPseDmaSbInterruptEnable, config->PseDmaSbIntEn);
CID 1518903: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseUartEnable" of 6 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
162 FSP_ARRAY_LOAD(params->PchPseUartEnable, config->PseUartOwn); 163 FSP_ARRAY_LOAD(params->PchPseUartSbInterruptEnable, config->PseUartSbIntEn); 164 FSP_ARRAY_LOAD(params->PchPseHsuartEnable, config->PseHsuartOwn); 165 FSP_ARRAY_LOAD(params->PchPseQepEnable, config->PseQepOwn); 166 FSP_ARRAY_LOAD(params->PchPseQepSbInterruptEnable, config->PseQepSbIntEn); 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn);
** CID 1518902: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params()
________________________________________________________________________________________________________ *** CID 1518902: Memory - corruptions (OVERRUN) /src/soc/intel/elkhartlake/fsp_params.c: 173 in fill_fsps_pse_params() 167 FSP_ARRAY_LOAD(params->PchPseI2cEnable, config->PseI2cOwn); 168 FSP_ARRAY_LOAD(params->PchPseI2cSbInterruptEnable, config->PseI2cSbIntEn); 169 FSP_ARRAY_LOAD(params->PchPseI2sEnable, config->PseI2sOwn); 170 FSP_ARRAY_LOAD(params->PchPseI2sSbInterruptEnable, config->PseI2sSbIntEn); 171 FSP_ARRAY_LOAD(params->PchPseSpiEnable, config->PseSpiOwn); 172 FSP_ARRAY_LOAD(params->PchPseSpiSbInterruptEnable, config->PseSpiSbIntEn);
CID 1518902: Memory - corruptions (OVERRUN) Overrunning array "params->PchPseSpiCs0Enable" of 4 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
173 FSP_ARRAY_LOAD(params->PchPseSpiCs0Enable, config->PseSpiCs0Own); 174 FSP_ARRAY_LOAD(params->PchPseSpiCs1Enable, config->PseSpiCs1Own); 175 FSP_ARRAY_LOAD(params->PchPseCanEnable, config->PseCanOwn); 176 FSP_ARRAY_LOAD(params->PchPseCanSbInterruptEnable, config->PseCanSbIntEn); 177 params->PchPsePwmEnable = config->PsePwmOwn; 178 params->PchPsePwmSbInterruptEnable = config->PsePwmSbIntEn;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...