Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan. 9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s)
** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON) /src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in ConfigureDefaultUpdData()
** CID 1255945: Dereference null return value (NULL_RETURNS) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
** CID 1255944: Dereference null return value (NULL_RETURNS) /src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
** CID 1255943: Dereference null return value (NULL_RETURNS) /src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
** CID 1255942: Unused value (UNUSED_VALUE) /src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_()
________________________________________________________________________________________________________ *** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON) /src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in ConfigureDefaultUpdData() 149 case MIPI_DEV_FUNC: /* Camera / Image Signal Processing */ 150 if (FspInfo->ImageRevision >= FSP_GOLD3_REV_ID) { 151 UpdData->ISPEnable = dev->enabled; 152 } else { 153 /* Gold2 and earlier FSP: ISPEnable is the filed */ 154 /* next to PcdGttSize in UPD_DATA_REGION struct */
CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON) Using "&UpdData->PcdGttSize" as an array. This might corrupt or misinterpret adjacent memory locations.
155 *(&(UpdData->PcdGttSize)+sizeof(UINT8)) = dev->enabled; 156 printk (BIOS_DEBUG, 157 "Baytrail Gold2 or earlier FSP, adjust ISPEnable offset.\n"); 158 } 159 printk(BIOS_DEBUG, "MIPI/ISP:\t\t%s\n", 160 UpdData->PcdEnableSdio?"Enabled":"Disabled");
________________________________________________________________________________________________________ *** CID 1255945: Dereference null return value (NULL_RETURNS) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule() 92 file = cbfs_get_file(&media, (const char*)CONFIG_CBFS_AGESA_NAME); 93 if (!file) return NULL; 94 agesa = cbfs_get_file_content(&media, (const char*)CONFIG_CBFS_AGESA_NAME, ntohl(file->type), &file_size); 95 if (!agesa) return NULL; 96 97 image = LibAmdLocateImage(agesa, agesa + ntohl(file->len) - 1, 4096, name);
CID 1255945: Dereference null return value (NULL_RETURNS) Dereferencing a null pointer "image".
98 module = (AMD_MODULE_HEADER*)image->ModuleInfoOffset; 99 100 return module; 101 } 102 103 /**********************************************************************
________________________________________________________________________________________________________ *** CID 1255944: Dereference null return value (NULL_RETURNS) /src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD() 31 #define DIMENSION(array)(sizeof (array)/ sizeof (array [0])) 32 33 AGESA_STATUS AmdMemoryReadSPD (UINT32 unused1, UINT32 unused2, AGESA_READ_SPD_PARAMS *info) 34 { 35 int spdAddress; 36 ROMSTAGE_CONST struct device *dev = dev_find_slot(0, PCI_DEVFN(0x18, 2));
CID 1255944: Dereference null return value (NULL_RETURNS) Dereferencing a null pointer "dev".
37 ROMSTAGE_CONST struct northbridge_amd_pi_00730F01_config *config = dev->chip_info; 38 39 if ((dev == 0) || (config == 0)) 40 return AGESA_ERROR; 41 42 if (info->SocketId >= DIMENSION(config->spdAddrLookup ))
________________________________________________________________________________________________________ *** CID 1255943: Dereference null return value (NULL_RETURNS) /src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem() 158 159 static void move_stack_high_mem(void) 160 { 161 void *high_stack; 162 163 high_stack = cbmem_find(CBMEM_ID_RESUME_SCRATCH);
CID 1255943: Dereference null return value (NULL_RETURNS) Dereferencing a pointer that might be null "high_stack" when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
164 memcpy(high_stack, (void *)BSP_STACK_BASE_ADDR, 165 (CONFIG_HIGH_SCRATCH_MEMORY_SIZE - BIOS_HEAP_SIZE)); 166 167 __asm__ 168 volatile ("add %0, %%esp; add %0, %%ebp; invd"::"g" 169 (high_stack - BSP_STACK_BASE_ADDR)
________________________________________________________________________________________________________ *** CID 1255942: Unused value (UNUSED_VALUE) /src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_() 567 568 dbgp_mdelay(100); 569 570 ret = dbgp_probe_gadget(info->ehci_debug, &info->ep_pipe[0]); 571 if (ret < 0) { 572 dprintk(BIOS_INFO, "Could not probe gadget on debug port.\n");
CID 1255942: Unused value (UNUSED_VALUE) Value "-6" is assigned to "ret" here, but that stored value is not used before it is overwritten.
573 ret = -6; 574 goto err; 575 } 576 577 return 0; 578 err:
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py