coreboot now has nightly static analysis using scan-build: https://www.coreboot.org/scan-build/
We aren't currently keeping any sort of metrics or making a global list of all errors, we're just publishing the output for the individual boards.
coreboot also runs bi-weekly scans using coverity's free open-source interface. Log in or sign up here: https://scan.coverity.com/projects/coreboot?tab=overview
The current coverity defect count is 317, broken down as follows: /payloads: 11 /src, excluding vendorcode: 154 /src/vendorcode: 120 /util: 32
Here are the "/src, excluding vendorcode" issues. To see more information about the issues, use the coverity link above. CoverityID Type File 1380296 Resource leak /src/arch/x86/acpi_device.c 1380295 Resource leak /src/arch/x86/acpi_device.c 1380294 Resource leak /src/arch/x86/acpi_device.c 1380293 Resource leak /src/arch/x86/acpi_device.c 1380292 Resource leak /src/arch/x86/acpi_device.c 1357457 Resource leak /src/arch/x86/acpi_device.c 1357456 Resource leak /src/arch/x86/acpi_device.c 1354849 Overflowed return value /src/arch/x86/tables.c 1384423 Untrusted pointer read /src/commonlib/fsp_relocate.c 1370582 Uninitialized scalar variable /src/cpu/x86/mtrr/mtrr.c 1379932 Explicit null dereferenced /src/drivers/amd/agesa/state_machine.c 1362592 Dereference null return value /src/drivers/generic/max98357a/max98357a.c 1363355 Wrong sizeof argument /src/drivers/intel/fsp2_0/upd_display.c 1375565 Logically dead code /src/drivers/spi/spi_flash.c 751084 Out-of-bounds access /src/drivers/xgi/common/vb_setmode.c 1271711 Logically dead code /src/include/device/hypertransport_def.h 1370576 Dereference before null check /src/lib/edid.c 1374795 Destination buffer too small /src/lib/edid.c 1229647 Missing break in switch /src/lib/edid.c 1354970 Out-of-bounds access /src/lib/selfboot.c 1373368 Logically dead code /src/mainboard/asus/f2a85-m/romstage.c 1370586 Uninitialized scalar variable /src/mainboard/asus/kfsn4-dre/romstage.c 1370578 Uninitialized scalar variable /src/mainboard/asus/kfsn4-dre/romstage.c 1241839 Various /src/mainboard/emulation/qemu-i440fx/fw_cfg.c 1365730 Destination buffer too small /src/mainboard/google/eve/romstage.c 1375985 Explicit null dereferenced /src/mainboard/google/link/i915.c 1375986 Improper use of negative value /src/mainboard/google/link/i915.c 1387028 Bad bit shift operation /src/mainboard/google/poppy/variants/nami/memory.c 1229682 Out-of-bounds read /src/northbridge/amd/amdfam10/ht_config.c 1229680 Out-of-bounds read /src/northbridge/amd/amdfam10/ht_config.c 1229681 Out-of-bounds write /src/northbridge/amd/amdfam10/ht_config.c 1229679 Out-of-bounds write /src/northbridge/amd/amdfam10/ht_config.c 1347343 Unintended sign extension /src/northbridge/amd/amdfam10/northbridge.c 1347336 Uninitialized scalar variable /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c 1347323 Unused value /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c 1347322 Unused value /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c 1347321 Unused value /src/northbridge/amd/amdmct/mct_ddr3/mct_d.c 1347369 Logically dead code /src/northbridge/amd/amdmct/mct_ddr3/mctrci.c 1347370 Logically dead code /src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c 1347326 Unused value /src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c 1347325 Unused value /src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c 1347324 Unused value /src/northbridge/amd/amdmct/mct_ddr3/mhwlc_d.c 1229659 Improper use of negative value /src/northbridge/amd/amdmct/mct/mct_d.c 1229618 Logically dead code /src/northbridge/amd/amdmct/mct/mct_d.c 1229583 Same on both sides /src/northbridge/amd/amdmct/mct/mctardk3.c 1229626 Logically dead code /src/northbridge/amd/amdmct/mct/mctardk4.c 1229636 Explicit null dereferenced /src/northbridge/amd/amdmct/mct/mctsrc.c 1229646 Missing break in switch /src/northbridge/amd/lx/northbridgeinit.c 1229629 Division or modulo by zero /src/northbridge/amd/lx/raminit.c 1229577 Logical vs. bitwise operator /src/northbridge/amd/lx/raminit.c 1241851 Dereference before null check /src/northbridge/amd/pi/00730F01/dimmSpd.c 1229634 Dereference after null check /src/northbridge/amd/pi/00730F01/northbridge.c 1229565 Bad bit shift operation /src/northbridge/intel/gm45/early_reset.c 1229611 Constant variable guards dead code /src/northbridge/intel/gm45/pcie.c 1229563 Bad bit shift operation /src/northbridge/intel/gm45/raminit.c 1229612 Logically dead code /src/northbridge/intel/i440bx/raminit.c 1229717 Structurally dead code /src/northbridge/intel/i945/raminit.c 1229562 Bad bit shift operation /src/northbridge/intel/nehalem/raminit.c 1229561 Bad bit shift operation /src/northbridge/intel/nehalem/raminit.c 1229628 Division or modulo by zero /src/northbridge/intel/nehalem/raminit.c 1229675 Out-of-bounds read /src/northbridge/intel/nehalem/raminit.c 1347372 Logically dead code /src/northbridge/intel/pineview/raminit.c 1347387 Operands don't affect result /src/northbridge/intel/pineview/raminit.c 1347386 Operands don't affect result /src/northbridge/intel/pineview/raminit.c 1347378 Operands don't affect result /src/northbridge/intel/pineview/raminit.c 1347356 Unsigned compared against 0 /src/northbridge/intel/pineview/raminit.c 1347330 Unused value /src/northbridge/intel/pineview/raminit.c 1347329 Unused value /src/northbridge/intel/pineview/raminit.c 1347328 Unused value /src/northbridge/intel/pineview/raminit.c 1347327 Unused value /src/northbridge/intel/pineview/raminit.c 1229715 Uninitialized scalar variable /src/northbridge/intel/sandybridge/raminit_common.c 1347351 Out-of-bounds read /src/northbridge/intel/x4x/ram_calc.c 1347350 Out-of-bounds read /src/northbridge/intel/x4x/ram_calc.c 1391088 Division or modulo by zero /src/northbridge/intel/x4x/raminit_ddr23.c 1393458 Logically dead code /src/northbridge/intel/x4x/raminit_ddr23.c 1391091 Operands don't affect result /src/northbridge/intel/x4x/raminit_ddr23.c 1391090 Operands don't affect result /src/northbridge/intel/x4x/raminit_ddr23.c 1391089 Operands don't affect result /src/northbridge/intel/x4x/raminit_ddr23.c 1391087 Operands don't affect result /src/northbridge/intel/x4x/raminit_ddr23.c 1391085 Wrong operator used /src/northbridge/intel/x4x/raminit_ddr23.c 1229564 Bad bit shift operation /src/northbridge/via/vx900/chrome9hd.c 1391086 Bad bit shift operation /src/northbridge/via/vx900/memmap.c 1229666 Unintentional integer overflow /src/northbridge/via/vx900/northbridge.c 1229665 Unintentional integer overflow /src/northbridge/via/vx900/northbridge.c 1295492 Stray semicolon /src/soc/broadcom/cygnus/ddr_init.c 1295493 Structurally dead code /src/soc/broadcom/cygnus/ddr_init.c 1295501 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295498 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295496 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295495 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295490 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295488 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295486 Dereference after null check /src/soc/broadcom/cygnus/gpio.c 1295497 Macro compares unsigned to 0 /src/soc/broadcom/cygnus/i2c.c 1295500 Logically dead code /src/soc/broadcom/cygnus/shmoo_and28.c 1393966 Logically dead code /src/soc/cavium/cn81xx/uart.c 1372243 Buffer not null terminated /src/soc/intel/apollolake/cse.c 1229677 Out-of-bounds read /src/soc/intel/baytrail/gfx.c 1229702 Unintended sign extension /src/soc/intel/baytrail/gfx.c 1229701 Unintended sign extension /src/soc/intel/baytrail/gfx.c 1229700 Unintended sign extension /src/soc/intel/baytrail/gfx.c 1229699 Unintended sign extension /src/soc/intel/baytrail/gfx.c 1384425 Logically dead code /src/soc/intel/broadwell/pmutil.c 1391422 Same on both sides /src/soc/intel/broadwell/romstage/raminit.c 1384424 Logically dead code /src/soc/intel/common/block/gpio/gpio.c 1384420 Logically dead code /src/soc/intel/common/block/gpio/gpio.c 1384419 Logically dead code /src/soc/intel/common/block/gpio/gpio.c 1384414 Logically dead code /src/soc/intel/common/block/gpio/gpio.c 1381621 Unused value /src/soc/intel/common/block/smm/smitraphandler.c 1371814 Buffer not null terminated /src/soc/intel/common/smbios.c 1229673 Out-of-bounds read /src/soc/intel/skylake/cpu.c 1362809 Dereference after null check /src/soc/marvell/mvmap2315/load_validate.c 1384418 Out-of-bounds access /src/soc/mediatek/mt8173/i2c.c 1260981 Division or modulo by zero /src/soc/nvidia/tegra124/clock.c 1293140 Logically dead code /src/soc/nvidia/tegra124/dp.c 1293138 Logically dead code /src/soc/nvidia/tegra124/dp.c 1293137 Missing break in switch /src/soc/nvidia/tegra124/sor.c 1287070 Unused value /src/soc/nvidia/tegra124/sor.c 1294805 Dereference after null check /src/soc/nvidia/tegra210/dsi.c 1294800 Unintended sign extension /src/soc/nvidia/tegra210/dsi.c 1241854 Dereference after null check /src/soc/nvidia/tegra210/spi.c 1241838 Dereference before null check /src/soc/nvidia/tegra210/spi.c 1294801 Resource leak /src/soc/qualcomm/ipq806x/lcc.c 1294795 Logically dead code /src/soc/rockchip/common/edp.c 1294799 Structurally dead code /src/soc/rockchip/common/edp.c 1294798 Unused value /src/soc/rockchip/common/edp.c 1325861 Operands don't affect result /src/soc/rockchip/rk3288/clock.c 1325857 Logically dead code /src/soc/rockchip/rk3288/hdmi.c 1291959 Missing break in switch /src/soc/rockchip/rk3288/sdram.c 1365976 Operands don't affect result /src/soc/rockchip/rk3399/clock.c 1355168 Operands don't affect result /src/soc/rockchip/rk3399/clock.c 1355166 Operands don't affect result /src/soc/rockchip/rk3399/clock.c 1375443 Unintentional integer overflow /src/soc/rockchip/rk3399/mipi.c 1354778 Uninitialized scalar variable /src/soc/samsung/exynos5250/uart.c 1375671 Various /src/soc/samsung/exynos5420/spi.c 1241880 Extra high-order bits /src/southbridge/amd/cimx/sb900/early.c 1241812 Logical vs. bitwise operator /src/southbridge/amd/cimx/sb900/early.c 1241823 Logically dead code /src/southbridge/amd/cimx/sb900/early.c 1229584 Extra high-order bits /src/southbridge/amd/rs780/ht.c 1347373 Logically dead code /src/southbridge/amd/sb700/early_setup.c 1229582 Extra high-order bits /src/southbridge/amd/sb800/usb.c 1347384 Extra high-order bits /src/southbridge/amd/sr5650/pcie.c 1229676 Out-of-bounds read /src/southbridge/amd/sr5650/pcie.c 1362811 Resource leak /src/southbridge/amd/sr5650/sr5650.c 1287065 Unused value /src/southbridge/amd/sr5650/sr5650.c 1229598 Logically dead code /src/southbridge/intel/i82801gx/smihandler.c 1229607 Logically dead code /src/southbridge/intel/lynxpoint/lpc.c 1384422 Logically dead code /src/southbridge/intel/lynxpoint/pmutil.c 1384421 Logically dead code /src/southbridge/intel/lynxpoint/pmutil.c 1384417 Logically dead code /src/southbridge/intel/lynxpoint/pmutil.c 1384416 Logically dead code /src/southbridge/intel/lynxpoint/pmutil.c 1384415 Logically dead code /src/southbridge/intel/lynxpoint/pmutil.c 1370583 Uninitialized scalar variable /src/southbridge/nvidia/ck804/early_setup_car.c 1370581 Uninitialized scalar variable /src/southbridge/nvidia/ck804/early_setup_car.c
-
Martin Roth