Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
7 new defect(s) introduced to coreboot found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s)
** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON) /src/lib/gcov-glue.c: 128 in coverage_init()
________________________________________________________________________________________________________ *** CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON) /src/lib/gcov-glue.c: 128 in coverage_init() 122 extern long __CTOR_LIST__; 123 typedef void (*func_ptr)(void); 124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__; 125 if (ctor == NULL) 126 return; 127
CID 1431127: Memory - corruptions (ARRAY_VS_SINGLETON) Using "ctor" as an array. This might corrupt or misinterpret adjacent memory locations.
128 for (; *ctor != (func_ptr) 0; ctor++) 129 (*ctor)(); 130 } 131 132 void __gcov_flush(void); 133 static void coverage_exit(void *unused)
** CID 1431126: (DEADCODE) /src/lib/libgcov.c: 425 in gcov_exit() /src/lib/libgcov.c: 391 in gcov_exit()
________________________________________________________________________________________________________ *** CID 1431126: (DEADCODE) /src/lib/libgcov.c: 425 in gcov_exit() 419 fname += 2; 420 421 /* Build relocated filename, stripping off leading 422 * directories from the initial filename if requested. 423 */ 424 if (gcov_prefix_strip > 0) {
CID 1431126: (DEADCODE) Execution cannot reach this statement: "level = 0;".
425 int level = 0; 426 427 s = fname; 428 if (IS_DIR_SEPARATOR(*s)) 429 ++s; 430 /src/lib/libgcov.c: 391 in gcov_exit() 385 } else 386 #endif 387 prefix_length = 0; 388 389 /* If no prefix was specified and a prefix strip, then we assume 390 relative. */
CID 1431126: (DEADCODE) Execution cannot reach the expression "prefix_length == 0UL" inside this statement: "if (gcov_prefix_strip != 0 ...".
391 if (gcov_prefix_strip != 0 && prefix_length == 0) { 392 gcov_prefix = "."; 393 prefix_length = 1; 394 } 395 /* Allocate and initialize the filename scratch space plus one. */ 396 gi_filename = (char *) alloca(prefix_length + gcov_max_filename + 2);
** CID 1431125: Control flow issues (DEADCODE) /src/lib/gcov-glue.c: 126 in coverage_init()
________________________________________________________________________________________________________ *** CID 1431125: Control flow issues (DEADCODE) /src/lib/gcov-glue.c: 126 in coverage_init() 120 static void coverage_init(void *unused) 121 { 122 extern long __CTOR_LIST__; 123 typedef void (*func_ptr)(void); 124 func_ptr *ctor = (func_ptr *) &__CTOR_LIST__; 125 if (ctor == NULL)
CID 1431125: Control flow issues (DEADCODE) Execution cannot reach this statement: "return;".
126 return; 127 128 for (; *ctor != (func_ptr) 0; ctor++) 129 (*ctor)(); 130 } 131
** CID 1431124: Integer handling issues (BAD_SHIFT) /src/security/intel/txt/common.c: 166 in validate_acm()
________________________________________________________________________________________________________ *** CID 1431124: Integer handling issues (BAD_SHIFT) /src/security/intel/txt/common.c: 166 in validate_acm() 160 /* 161 * Causes #GP if acm_header->size > processor internal authenticated 162 * code area capacity. 163 * SAFER MODE EXTENSIONS REFERENCE. 164 * Intel 64 and IA-32 Architectures Software Developer Manuals Vol 2D 165 */
CID 1431124: Integer handling issues (BAD_SHIFT) In expression "1UL << log2_ceil((acm_header->size & 0xffffffU) << 2)", shifting by a negative amount has undefined behavior. The shift amount, "log2_ceil((acm_header->size & 0xffffffU) << 2)", is -1.
166 const size_t acm_len = 1UL << log2_ceil((acm_header->size & 0xffffff) << 2); 167 if (max_size_acm_area < acm_len) { 168 printk(BIOS_ERR, "TEE-TXT: BIOS ACM doesn't fit into AC execution region\n"); 169 return ACM_E_NOT_FIT_INTO_CPU_ACM_MEM; 170 } 171
** CID 1431123: Control flow issues (DEADCODE) /src/lib/libgcov.c: 398 in gcov_exit()
________________________________________________________________________________________________________ *** CID 1431123: Control flow issues (DEADCODE) /src/lib/libgcov.c: 398 in gcov_exit() 392 gcov_prefix = "."; 393 prefix_length = 1; 394 } 395 /* Allocate and initialize the filename scratch space plus one. */ 396 gi_filename = (char *) alloca(prefix_length + gcov_max_filename + 2); 397 if (prefix_length)
CID 1431123: Control flow issues (DEADCODE) Execution cannot reach this statement: "memcpy(gi_filename, gcov_pr...".
398 memcpy(gi_filename, gcov_prefix, prefix_length); 399 gi_filename_up = gi_filename + prefix_length; 400 401 /* Now merge each file. */ 402 for (gi_ptr = gcov_list; gi_ptr; gi_ptr = gi_ptr->next) { 403 unsigned int n_counts;
** CID 1255942: Code maintainability issues (UNUSED_VALUE) /src/drivers/usb/ehci_debug.c: 572 in usbdebug_init_()
________________________________________________________________________________________________________ *** CID 1255942: Code maintainability issues (UNUSED_VALUE) /src/drivers/usb/ehci_debug.c: 572 in usbdebug_init_() 566 dbgp_mdelay(100); 567 568 struct ehci_dbg_port *port = (void *)(uintptr_t)info->ehci_debug; 569 ret = dbgp_probe_gadget(port, &info->ep_pipe[0]); 570 if (ret < 0) { 571 dprintk(BIOS_INFO, "Could not probe gadget on debug port.\n");
CID 1255942: Code maintainability issues (UNUSED_VALUE) Assigning value "-6" to "ret" here, but that stored value is overwritten before it can be used.
572 ret = -6; 573 goto err; 574 } 575 576 info->ep_pipe[0].status &= ~DBGP_EP_NOT_PRESENT; 577
** CID 1241836: Code maintainability issues (UNUSED_VALUE) /src/drivers/usb/ehci_debug.c: 561 in usbdebug_init_()
________________________________________________________________________________________________________ *** CID 1241836: Code maintainability issues (UNUSED_VALUE) /src/drivers/usb/ehci_debug.c: 561 in usbdebug_init_() 555 ctrl |= DBGP_CLAIM; 556 write32(&ehci_debug->control, ctrl); 557 ctrl = read32(&ehci_debug->control); 558 if ((ctrl & DBGP_CLAIM) != DBGP_CLAIM) { 559 dprintk(BIOS_INFO, "No device in EHCI debug port.\n"); 560 write32(&ehci_debug->control, ctrl & ~DBGP_CLAIM);
CID 1241836: Code maintainability issues (UNUSED_VALUE) Assigning value "-4" to "ret" here, but that stored value is overwritten before it can be used.
561 ret = -4; 562 goto err; 563 } 564 dprintk(BIOS_INFO, "EHCI debug port enabled.\n"); 565 566 dbgp_mdelay(100);
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...