Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
49 new defect(s) introduced to coreboot found with Coverity Scan. 124 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 49 defect(s)
** CID 1403651: Control flow issues (DEADCODE) /src/mainboard/purism/librem_skl/hda_verb.c: 51 in mb_hda_codec_init()
________________________________________________________________________________________________________ *** CID 1403651: Control flow issues (DEADCODE) /src/mainboard/purism/librem_skl/hda_verb.c: 51 in mb_hda_codec_init() 45 struct resource *res; 46 u32 codec_mask; 47 struct device *dev; 48 49 dev = SA_DEV_ROOT; 50 /* Check if HDA is enabled, else return */
CID 1403651: Control flow issues (DEADCODE) Execution cannot reach the expression "dev->chip_info == NULL" inside this statement: "if (dev == NULL || dev->chi...".
51 if (dev == NULL || dev->chip_info == NULL) 52 return; 53 54 config = dev->chip_info; 55 56 /*
** CID 1403002: (UNINIT) /src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 548 in dramc_find_gating_window() /src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 542 in dramc_find_gating_window()
________________________________________________________________________________________________________ *** CID 1403002: (UNINIT) /src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 548 in dramc_find_gating_window() 542 pass_count_1[dqs]++; 543 544 if (pass_begin[dqs] == 1 && 545 pass_count_1[dqs] * DQS_GW_FINE_STEP > DQS_GW_FINE_END) 546 dqs_high[dqs] = 0; 547
CID 1403002: (UNINIT) Using uninitialized value "pass_count_1[0]".
548 if (pass_count_1[0] * DQS_GW_FINE_STEP > DQS_GW_FINE_END && 549 pass_count_1[1] * DQS_GW_FINE_STEP > DQS_GW_FINE_END) { 550 dramc_dbg("All bytes gating window > 1 coarse_tune," 551 " Early break\n"); 552 *dly_fine_xt = DQS_GW_FINE_END; 553 *coarse_tune = GATING_END; /src/soc/mediatek/mt8183/dramc_pi_calibration_api.c: 542 in dramc_find_gating_window() 536 dramc_dbg("[Byte %d]First pass (%d, %d, %d)\n", 537 dqs, dly_coarse_large, 538 dly_coarse_0p5t, *dly_fine_xt); 539 } 540 541 if (pass_begin[dqs] == 1)
CID 1403002: (UNINIT) Using uninitialized value "pass_count_1[dqs]".
542 pass_count_1[dqs]++; 543 544 if (pass_begin[dqs] == 1 && 545 pass_count_1[dqs] * DQS_GW_FINE_STEP > DQS_GW_FINE_END) 546 dqs_high[dqs] = 0; 547
** CID 1403001: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________ *** CID 1403001: Null pointer dereferences (FORWARD_NULL) /src/soc/mediatek/mt8183/gpio.c: 184 in gpio_set_spi_driving() 178 case 5: 179 reg = (void *)(IOCFG_LM_BASE + GPIO_DRV0_OFFSET); 180 offset = 8; 181 break; 182 } 183
CID 1403001: Null pointer dereferences (FORWARD_NULL) Passing null pointer "reg" to "read32", which dereferences it.
184 clrsetbits_le32(reg, 0xf << offset, reg_val << offset);
** CID 1401793: Insecure data handling (INTEGER_OVERFLOW) /3rdparty/vboot/futility/updater.c: 240 in host_get_platform_version()
________________________________________________________________________________________________________ *** CID 1401793: Insecure data handling (INTEGER_OVERFLOW) /3rdparty/vboot/futility/updater.c: 240 in host_get_platform_version() 234 /* Result should be 'revN' */ 235 if (strncmp(result, STR_REV, strlen(STR_REV)) == 0) 236 rev = strtol(result + strlen(STR_REV), NULL, 0); 237 DEBUG("Raw data = [%s], parsed version is %d", result, rev); 238 239 free(result);
CID 1401793: Insecure data handling (INTEGER_OVERFLOW) Overflowed or truncated value (or a value computed from an overflowed or truncated value) "rev" used as return value.
240 return rev; 241 } 242 243 /* 244 * A helper function to invoke flashrom(8) command. 245 * Returns 0 if success, non-zero if error.
** CID 1401086: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________ *** CID 1401086: Null pointer dereferences (FORWARD_NULL) /src/soc/qualcomm/qcs405/clock.c: 245 in clock_configure_spi() 239 } else if (blsp == 2) 240 spi_clk = (struct qcs405_clock *)&gcc->blsp2_qup0_spi_clk; 241 242 else 243 printk(BIOS_ERR, "BLSP%d not supported\n", blsp); 244
CID 1401086: Null pointer dereferences (FORWARD_NULL) Passing null pointer "spi_clk" to "clock_configure", which dereferences it.
245 clock_configure(spi_clk, spi_cfg, hz, ARRAY_SIZE(spi_cfg)); 246 } 247 248 void clock_configure_i2c(uint32_t hz) 249 { 250 struct qcs405_clock *i2c_clk =
** CID 1398603: (CONSTANT_EXPRESSION_RESULT) /src/soc/mediatek/mt8183/dramc_pi_basic_api.c: 125 in transfer_pll_to_spm_control() /src/soc/mediatek/mt8183/dramc_pi_basic_api.c: 124 in transfer_pll_to_spm_control()
________________________________________________________________________________________________________ *** CID 1398603: (CONSTANT_EXPRESSION_RESULT) /src/soc/mediatek/mt8183/dramc_pi_basic_api.c: 125 in transfer_pll_to_spm_control() 119 (0xffff << 16) | (0x1 << 0), 120 (0xb16 << 16) | (0x1 << 0)); 121 122 /* Set SPM pinmux */ 123 clrbits_le32(&mtk_spm->pcm_pwr_io_en, (0xff << 0) | (0xff << 16)); 124 setbits_le32(&mtk_spm->dramc_dpy_clk_sw_con_sel, 0xffffffff);
CID 1398603: (CONSTANT_EXPRESSION_RESULT) "((uint32_t)read32(&mtk_spm->dramc_dpy_clk_sw_con_sel2) & 4294967295U /* ~((uint32_t)0) */) | 0xffffffffU" is always 0xffffffff regardless of the values of its operands. This occurs as an argument to a function call.
125 setbits_le32(&mtk_spm->dramc_dpy_clk_sw_con_sel2, 0xffffffff); 126 127 setbits_le32(&mtk_spm->spm_power_on_val0, (0x1 << 8) | (0xf << 12)); 128 setbits_le32(&mtk_spm->spm_s1_mode_ch, 0x3 << 0); 129 130 shu_lev = (shu_lev == 1) ? 2 : 1; /src/soc/mediatek/mt8183/dramc_pi_basic_api.c: 124 in transfer_pll_to_spm_control() 118 clrsetbits_le32(&mtk_spm->poweron_config_set, 119 (0xffff << 16) | (0x1 << 0), 120 (0xb16 << 16) | (0x1 << 0)); 121 122 /* Set SPM pinmux */ 123 clrbits_le32(&mtk_spm->pcm_pwr_io_en, (0xff << 0) | (0xff << 16));
CID 1398603: (CONSTANT_EXPRESSION_RESULT) "((uint32_t)read32(&mtk_spm->dramc_dpy_clk_sw_con_sel) & 4294967295U /* ~((uint32_t)0) */) | 0xffffffffU" is always 0xffffffff regardless of the values of its operands. This occurs as an argument to a function call.
124 setbits_le32(&mtk_spm->dramc_dpy_clk_sw_con_sel, 0xffffffff); 125 setbits_le32(&mtk_spm->dramc_dpy_clk_sw_con_sel2, 0xffffffff); 126 127 setbits_le32(&mtk_spm->spm_power_on_val0, (0x1 << 8) | (0xf << 12)); 128 setbits_le32(&mtk_spm->spm_s1_mode_ch, 0x3 << 0); 129
** CID 1394268: Possible Control flow issues (DEADCODE) /src/vendorcode/cavium/bdk/libdram/libdram.c: 187 in bdk_libdram_tune_node()
________________________________________________________________________________________________________ *** CID 1394268: Possible Control flow issues (DEADCODE) /src/vendorcode/cavium/bdk/libdram/libdram.c: 187 in bdk_libdram_tune_node() 181 } 182 183 // disabled by default for now, does not seem to be needed much? 184 // Automatically tune the ECC byte DLL read offsets 185 // FIXME? allow override of the filtering 186 // FIXME? allow programmatic override, not via envvar?
CID 1394268: Possible Control flow issues (DEADCODE) Execution cannot reach the expression "lmc_config.s.mode32b == 0" inside this statement: "if (do_eccdll && !do_dllro_...".
187 if (do_eccdll && !do_dllro_hw && (lmc_config.s.mode32b == 0)) { // do not do HW-assist twice for ECC 188 BDK_TRACE(DRAM, "N%d: Starting ECC DLL Read Offset Tuning for LMCs\n", node); 189 errs = perform_HW_dll_offset_tuning(node, 2, 8/* ECC bytelane */); 190 BDK_TRACE(DRAM, "N%d: Finished ECC DLL Read Offset Tuning for LMCs, %d errors\n", 191 node, errs); 192 tot_errs += errs;
** CID 1393983: (INTEGER_OVERFLOW) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1146 in initialize_ddr_clock() /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1150 in initialize_ddr_clock()
________________________________________________________________________________________________________ *** CID 1393983: (INTEGER_OVERFLOW) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1146 in initialize_ddr_clock() 1140 best_en_idx = strtoul(s, NULL, 0); 1141 override_pll_settings = 1; 1142 } 1143 1144 if (override_pll_settings) { 1145 best_pll_MHz = ddr_ref_hertz * (best_clkf+1) / (best_clkr+1) / 1000000;
CID 1393983: (INTEGER_OVERFLOW) Overflowed or truncated value (or a value computed from an overflowed or truncated value) "best_en_idx" used as array index.
1146 best_calculated_ddr_hertz = ddr_ref_hertz * (best_clkf + 1) / ((best_clkr + 1) * (_en[best_en_idx])); 1147 best_error = ddr_hertz - best_calculated_ddr_hertz; 1148 } 1149 1150 ddr_print("clkr: %2llu, en[%d]: %2d, clkf: %4llu, pll_MHz: %4llu, ddr_hertz: %8llu, error: %8lld <==\n", 1151 best_clkr, best_en_idx, _en[best_en_idx], best_clkf, best_pll_MHz, /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1150 in initialize_ddr_clock() 1144 if (override_pll_settings) { 1145 best_pll_MHz = ddr_ref_hertz * (best_clkf+1) / (best_clkr+1) / 1000000; 1146 best_calculated_ddr_hertz = ddr_ref_hertz * (best_clkf + 1) / ((best_clkr + 1) * (_en[best_en_idx])); 1147 best_error = ddr_hertz - best_calculated_ddr_hertz; 1148 } 1149
CID 1393983: (INTEGER_OVERFLOW) Overflowed or truncated value (or a value computed from an overflowed or truncated value) "best_en_idx" used as array index.
1150 ddr_print("clkr: %2llu, en[%d]: %2d, clkf: %4llu, pll_MHz: %4llu, ddr_hertz: %8llu, error: %8lld <==\n", 1151 best_clkr, best_en_idx, _en[best_en_idx], best_clkf, best_pll_MHz, 1152 best_calculated_ddr_hertz, best_error); 1153 1154 /* Try lowering the frequency if we can't get a working configuration */ 1155 if (best_error == ddr_hertz) {
** CID 1393982: Memory - illegal accesses (UNINIT)
________________________________________________________________________________________________________ *** CID 1393982: Memory - illegal accesses (UNINIT) /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 437 in report_ddr3_dimm() 431 volt_str = "1.5V"; 432 if (spd_voltage & 2) 433 volt_str = "1.35V"; 434 if (spd_voltage & 4) 435 volt_str = "1.2xV"; 436
CID 1393982: Memory - illegal accesses (UNINIT) Using uninitialized value "volt_str" when calling "report_common_dimm".
437 report_common_dimm(node, dimm_config, dimm, ddr3_dimm_types, 438 DDR3_DRAM, volt_str, ddr_interface_num, 439 num_ranks, dram_width, dimm_size_mb); 440 } 441 442 const char *ddr4_dimm_types[16] = {
** CID 1393981: Insecure data handling (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/dram-init-ddr3.c: 745 in Perform_Read_Deskew_Training()
________________________________________________________________________________________________________ *** CID 1393981: Insecure data handling (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/dram-init-ddr3.c: 745 in Perform_Read_Deskew_Training() 739 perform_octeon3_ddr3_sequence(node, rank_mask, ddr_interface_num, 0x0A); /* LMC Deskew Training */ 740 741 lock_retries = 0; 742 743 perform_read_deskew_training: 744 // maybe perform the NORMAL deskew training sequence multiple times before looking at lock status
CID 1393981: Insecure data handling (TAINTED_SCALAR) Using tainted variable "normal_loops" as a loop boundary.
745 for (loops = 0; loops < normal_loops; loops++) { 746 DRAM_CSR_MODIFY(phy_ctl, node, BDK_LMCX_PHY_CTL(ddr_interface_num), 747 phy_ctl.s.phy_dsk_reset = 0); /* Normal Deskew sequence */ 748 perform_octeon3_ddr3_sequence(node, rank_mask, ddr_interface_num, 0x0A); /* LMC Deskew Training */ 749 } 750 // Moved this from Validate_Read_Deskew_Training
** CID 1393980: Incorrect expression (NO_EFFECT) /src/vendorcode/cavium/bdk/libdram/libdram.c: 89 in bdk_dram_clear_mem()
________________________________________________________________________________________________________ *** CID 1393980: Incorrect expression (NO_EFFECT) /src/vendorcode/cavium/bdk/libdram/libdram.c: 89 in bdk_dram_clear_mem() 83 /* The above pointer got address 8 to avoid NULL pointer checking 84 in bdk_phys_to_ptr(). Correct it here */ 85 ptr--; 86 uint64_t *end = bdk_phys_to_ptr(bdk_numa_get_address(node, skip)); 87 while (ptr < end) 88 {
CID 1393980: Incorrect expression (NO_EFFECT) Assigning "*ptr" to itself has no effect.
89 *ptr = *ptr; 90 ptr++; 91 } 92 } 93 ddr_print("N%d: Clearing DRAM: start 0x%llx length 0x%llx\n", node, skip, len); 94 bdk_zero_memory(bdk_phys_to_ptr(bdk_numa_get_address(node, skip)), len);
** CID 1393973: (DEADCODE) /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 101 in read_entire_spd() /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 112 in read_entire_spd() /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 120 in read_entire_spd()
________________________________________________________________________________________________________ *** CID 1393973: (DEADCODE) /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 101 in read_entire_spd() 95 uint32_t *ptr = (uint32_t *)spd_buf; 96 97 for (int bank = 0; bank < (spd_size >> 8); bank++) 98 { 99 /* this should only happen for DDR4, which has a second bank of 256 bytes */ 100 if (bank)
CID 1393973: (DEADCODE) Execution cannot reach this statement: "bdk_twsix_write_ia(node, bu...".
101 bdk_twsix_write_ia(node, bus, 0x36 | bank, 0, 2, 1, 0); 102 int bank_size = 256; 103 for (int i = 0; i < bank_size; i += 4) 104 { 105 int64_t data = bdk_twsix_read_ia(node, bus, address, i, 4, 1); 106 if (data < 0) /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 112 in read_entire_spd() 106 if (data < 0) 107 { 108 free(spd_buf); 109 bdk_error("Failed to read SPD data at 0x%x\n", i + (bank << 8)); 110 /* Restore the bank to zero */ 111 if (bank)
CID 1393973: (DEADCODE) Execution cannot reach this statement: "bdk_twsix_write_ia(node, bu...".
112 bdk_twsix_write_ia(node, bus, 0x36 | 0, 0, 2, 1, 0); 113 return -1; 114 } 115 else 116 *ptr++ = bdk_be32_to_cpu(data); 117 } /src/vendorcode/cavium/bdk/libdram/dram-spd.c: 120 in read_entire_spd() 114 } 115 else 116 *ptr++ = bdk_be32_to_cpu(data); 117 } 118 /* Restore the bank to zero */ 119 if (bank)
CID 1393973: (DEADCODE) Execution cannot reach this statement: "bdk_twsix_write_ia(node, bu...".
120 bdk_twsix_write_ia(node, bus, 0x36 | 0, 0, 2, 1, 0); 121 } 122 123 /* Store the SPD in the device tree */ 124 /* FIXME(dhendrix): No need for this? cfg gets updated, so the caller 125 * (libdram_config()) has what it needs. */
** CID 1393972: Insecure data handling (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/dram-tune-ddr3.c: 1011 in perform_dll_offset_tuning()
________________________________________________________________________________________________________ *** CID 1393972: Insecure data handling (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/dram-tune-ddr3.c: 1011 in perform_dll_offset_tuning() 1005 /* Disable l2 sets for DRAM testing */ 1006 limit_l2_ways(node, 0, ways_print); 1007 #endif 1008 1009 // testing is done on all LMCs simultaneously 1010 // FIXME: for now, loop here to show what happens multiple times
CID 1393972: Insecure data handling (TAINTED_SCALAR) Using tainted variable "loops" as a loop boundary.
1011 for (loop = 0; loop < loops; loop++) { 1012 /* Perform DLL offset tuning */ 1013 errs = auto_set_dll_offset(node, dll_offset_mode, num_lmcs, ddr_interface_64b, do_tune); 1014 } 1015 1016 #if USE_L2_WAYS_LIMIT
** CID 1393971: Insecure data handling (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1146 in initialize_ddr_clock()
________________________________________________________________________________________________________ *** CID 1393971: Insecure data handling (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1146 in initialize_ddr_clock() 1140 best_en_idx = strtoul(s, NULL, 0); 1141 override_pll_settings = 1; 1142 } 1143 1144 if (override_pll_settings) { 1145 best_pll_MHz = ddr_ref_hertz * (best_clkf+1) / (best_clkr+1) / 1000000;
CID 1393971: Insecure data handling (TAINTED_SCALAR) Using tainted variable "best_en_idx" as an index into an array "_en".
1146 best_calculated_ddr_hertz = ddr_ref_hertz * (best_clkf + 1) / ((best_clkr + 1) * (_en[best_en_idx])); 1147 best_error = ddr_hertz - best_calculated_ddr_hertz; 1148 } 1149 1150 ddr_print("clkr: %2llu, en[%d]: %2d, clkf: %4llu, pll_MHz: %4llu, ddr_hertz: %8llu, error: %8lld <==\n", 1151 best_clkr, best_en_idx, _en[best_en_idx], best_clkf, best_pll_MHz,
** CID 1393969: Possible Control flow issues (DEADCODE) /src/vendorcode/cavium/bdk/libbdk-hal/bdk-qlm.c: 421 in bdk_qlm_eye_display()
________________________________________________________________________________________________________ *** CID 1393969: Possible Control flow issues (DEADCODE) /src/vendorcode/cavium/bdk/libbdk-hal/bdk-qlm.c: 421 in bdk_qlm_eye_display() 415 result = 0; 416 } 417 else 418 result = -1; 419 420 if (need_free)
CID 1393969: Possible Control flow issues (DEADCODE) Execution cannot reach this statement: "free((void *)eye);".
421 free((void*)eye); 422 return result;
** CID 1393967: Code maintainability issues (UNUSED_VALUE) /src/vendorcode/cavium/bdk/libdram/dram-tune-ddr3.c: 658 in auto_set_dll_offset()
________________________________________________________________________________________________________ *** CID 1393967: Code maintainability issues (UNUSED_VALUE) /src/vendorcode/cavium/bdk/libdram/dram-tune-ddr3.c: 658 in auto_set_dll_offset() 652 } /* for (lmc = 0; lmc < num_lmcs; lmc++) */ 653 654 bdk_watchdog_poke(); 655 656 // run the test(s) 657 // only 1 call should be enough, let the bursts, etc, control the load...
CID 1393967: Code maintainability issues (UNUSED_VALUE) Assigning value from "run_dram_tuning_threads(node, num_lmcs, bytemask)" to "tot_errors" here, but that stored value is overwritten before it can be used.
658 tot_errors = run_dram_tuning_threads(node, num_lmcs, bytemask); 659 660 for (lmc = 0; lmc < num_lmcs; lmc++) { 661 // record stop cycle CSRs here for utilization measure 662 stop_dram_dclk[lmc] = BDK_CSR_READ(node, BDK_LMCX_DCLK_CNT(lmc)); 663 stop_dram_ops[lmc] = BDK_CSR_READ(node, BDK_LMCX_OPS_CNT(lmc));
** CID 1393966: Control flow issues (DEADCODE) /src/soc/cavium/cn81xx/uart.c: 104 in uart_platform_refclk()
________________________________________________________________________________________________________ *** CID 1393966: Control flow issues (DEADCODE) /src/soc/cavium/cn81xx/uart.c: 104 in uart_platform_refclk() 98 unsigned int uart_platform_refclk(void) 99 { 100 struct cn81xx_uart *uart = 101 (struct cn81xx_uart *)CONFIG_CONSOLE_SERIAL_UART_ADDRESS; 102 103 if (!uart)
CID 1393966: Control flow issues (DEADCODE) Execution cannot reach this statement: "return 0U;".
104 return 0; 105 106 return uart_hclk(uart); 107 } 108 109 uintptr_t uart_platform_base(int idx)
** CID 1393965: Control flow issues (DEADCODE) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1880 in dbi_switchover_interface()
________________________________________________________________________________________________________ *** CID 1393965: Control flow issues (DEADCODE) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 1880 in dbi_switchover_interface() 1874 for (byte = 0; byte < (8+ecc_ena); byte++) { 1875 unlocked += (dbi_settings[byte] & 1) ^ 1; 1876 } 1877 1878 // FIXME: print out the DBI settings array after each rank? 1879 if (rank_max > 1) // only when doing more than 1 rank
CID 1393965: Control flow issues (DEADCODE) Execution cannot reach this statement: "display_DAC_DBI_settings(no...".
1880 display_DAC_DBI_settings(node, lmc, /* DBI */0, ecc_ena, dbi_settings, " RANK"); 1881 1882 if (unlocked > 0) { 1883 ddr_print("N%d.LMC%d: DBI switchover: LOCK: %d still unlocked.\n", 1884 node, lmc, unlocked); 1885
** CID 1393964: (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1393964: (TAINTED_SCALAR) /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 682 in perform_ddr_init_sequence() 676 677 bdk_wait_usec(1000); /* Wait a while. */ 678 679 if ((s = lookup_env_parameter("ddr_sequence1")) != NULL) { 680 int sequence1; 681 sequence1 = strtoul(s, NULL, 0);
CID 1393964: (TAINTED_SCALAR) Passing tainted variable "sequence1" to a tainted sink.
682 perform_octeon3_ddr3_sequence(node, (1 << rankx), 683 ddr_interface_num, sequence1); 684 } 685 686 if ((s = lookup_env_parameter("ddr_sequence2")) != NULL) { 687 int sequence2; /src/vendorcode/cavium/bdk/libdram/lib_octeon_shared.c: 689 in perform_ddr_init_sequence() 683 ddr_interface_num, sequence1); 684 } 685 686 if ((s = lookup_env_parameter("ddr_sequence2")) != NULL) { 687 int sequence2; 688 sequence2 = strtoul(s, NULL, 0);
CID 1393964: (TAINTED_SCALAR) Passing tainted variable "sequence2" to a tainted sink.
689 perform_octeon3_ddr3_sequence(node, (1 << rankx), 690 ddr_interface_num, sequence2); 691 } 692 } 693 } 694 }
** CID 1393962: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________ *** CID 1393962: Null pointer dereferences (FORWARD_NULL) /src/vendorcode/cavium/bdk/libbdk-dram/bdk-dram-test-addrbus.c: 64 in __bdk_dram_test_mem_address_bus() 58 { 59 int failures = 0; 60 61 /* Clear our work area. Checking for aliases later could get false 62 positives if it matched stale data */ 63 void *ptr = (area) ? bdk_phys_to_ptr(area) : NULL;
CID 1393962: Null pointer dereferences (FORWARD_NULL) Passing null pointer "ptr" to "bdk_zero_memory", which dereferences it.
64 bdk_zero_memory(ptr, max_address - area); 65 __bdk_dram_flush_to_mem_range(area, max_address); 66 67 /* Each time we write, we'll write this pattern xored the address it is 68 written too */ 69 uint64_t pattern = 0x0fedcba987654321;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
-
scan-admin@coverity.com