Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s)
** CID 1395334: (BAD_SHIFT) /src/lib/gpio.c: 150 in _gpio_base3_value() /src/lib/gpio.c: 147 in _gpio_base3_value() /src/lib/gpio.c: 150 in _gpio_base3_value() /src/lib/gpio.c: 150 in _gpio_base3_value()
________________________________________________________________________________________________________ *** CID 1395334: (BAD_SHIFT) /src/lib/gpio.c: 150 in _gpio_base3_value() 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */
CID 1395334: (BAD_SHIFT) In expression "1 << index + 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "index + 1", is at least 32.
150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } 153 } 154 } 155 /src/lib/gpio.c: 147 in _gpio_base3_value() 141 */ 142 if (binary_first && !has_z) { 143 switch (temp) { 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */
CID 1395334: (BAD_SHIFT) In expression "1 << index", left shifting by more than 31 bits has undefined behavior. The shift amount, "index", is at least 32.
147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */ 150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } /src/lib/gpio.c: 150 in _gpio_base3_value() 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */
CID 1395334: (BAD_SHIFT) In expression "1 << index + 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "index + 1", is at least 33.
150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } 153 } 154 } 155 /src/lib/gpio.c: 150 in _gpio_base3_value() 144 case 0: /* Ignore '0' digits. */ 145 break; 146 case 1: /* Account for binaries 0 to 2^index - 1. */ 147 binary_below += 1 << index; 148 break; 149 case 2: /* Account for binaries 0 to 2^(index+1) - 1. */
CID 1395334: (BAD_SHIFT) In expression "1 << index + 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "index + 1", is as much as 32.
150 binary_below += 1 << (index + 1); 151 has_z = 1; 152 } 153 } 154 } 155
** CID 1395333: Memory - illegal accesses (OVERRUN) /src/lib/gpio.c: 117 in _gpio_base3_value()
________________________________________________________________________________________________________ *** CID 1395333: Memory - illegal accesses (OVERRUN) /src/lib/gpio.c: 117 in _gpio_base3_value() 111 * 1: pull up 112 * 2: floating 113 */ 114 printk(BIOS_DEBUG, "Reading tristate GPIOs: "); 115 for (index = num_gpio - 1; index >= 0; --index) { 116 temp = gpio_get(gpio[index]);
CID 1395333: Memory - illegal accesses (OVERRUN) Overrunning array "value" of 32 bytes at byte offset 32 using index "index" (which evaluates to 32).
117 temp |= ((value[index] ^ temp) << 1); 118 printk(BIOS_DEBUG, "%c ", tristate_char[temp]); 119 result = (result * 3) + temp; 120 121 /* 122 * For binary_first we keep track of the normal ternary result
** CID 1395332: Integer handling issues (BAD_SHIFT) /src/lib/gpio.c: 158 in _gpio_base3_value()
________________________________________________________________________________________________________ *** CID 1395332: Integer handling issues (BAD_SHIFT) /src/lib/gpio.c: 158 in _gpio_base3_value() 152 } 153 } 154 } 155 156 if (binary_first) { 157 if (has_z)
CID 1395332: Integer handling issues (BAD_SHIFT) In expression "1 << num_gpio", left shifting by more than 31 bits has undefined behavior. The shift amount, "num_gpio", is at least 33.
158 result = result + (1 << num_gpio) - binary_below; 159 else /* binary_below is normal binary system value if !has_z. */ 160 result = binary_below; 161 } 162 163 printk(BIOS_DEBUG, "= %d (%s base3 number system)\n", result,
** CID 1395331: Uninitialized variables (UNINIT) /src/soc/intel/cannonlake/cnl_memcfg_init.c: 116 in cannonlake_memcfg_init()
________________________________________________________________________________________________________ *** CID 1395331: Uninitialized variables (UNINIT) /src/soc/intel/cannonlake/cnl_memcfg_init.c: 116 in cannonlake_memcfg_init() 110 if (spd->spd_smbus_address[i] != 0) { 111 mem_cfg->SpdAddressTable[i] = spd->spd_smbus_address[i]; 112 OnModuleSpd = 1; 113 } 114 } 115
CID 1395331: Uninitialized variables (UNINIT) Using uninitialized value "OnModuleSpd".
116 if (!OnModuleSpd) { 117 if (spd->spd_by_index) { 118 meminit_cbfs_spd_index(mem_cfg, cnl_cfg, 119 spd->spd_spec.spd_index); 120 } else { 121 meminit_spd_data(mem_cfg, cnl_cfg,
** CID 1395330: Null pointer dereferences (FORWARD_NULL) /util/romcc/romcc.c: 1988 in new_occurrence()
________________________________________________________________________________________________________ *** CID 1395330: Null pointer dereferences (FORWARD_NULL) /util/romcc/romcc.c: 1988 in new_occurrence() 1982 col = get_col(state->file); 1983 } 1984 if (state->function) { 1985 function = state->function; 1986 } 1987 last = state->last_occurrence;
CID 1395330: Null pointer dereferences (FORWARD_NULL) Passing null pointer "filename" to "strcmp", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]
1988 if (last && 1989 (last->col == col) && 1990 (last->line == line) && 1991 (last->function == function) && 1992 ((last->filename == filename) || 1993 (strcmp(last->filename, filename) == 0)))
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
-
scan-admin@coverity.com