Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
14 new defect(s) introduced to coreboot found with Coverity Scan. 11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 14 of 14 defect(s)
** CID 1451398: Control flow issues (DEADCODE) /3rdparty/chromeec/driver/usb_mux/usb_mux.c: 400 in hc_usb_pd_mux_ack()
________________________________________________________________________________________________________ *** CID 1451398: Control flow issues (DEADCODE) /3rdparty/chromeec/driver/usb_mux/usb_mux.c: 400 in hc_usb_pd_mux_ack() 394 { 395 __maybe_unused const struct ec_params_usb_pd_mux_ack *p = args->params; 396 397 if (!IS_ENABLED(CONFIG_USB_MUX_AP_ACK_REQUEST)) 398 return EC_RES_INVALID_COMMAND; 399
CID 1451398: Control flow issues (DEADCODE) Execution cannot reach this statement: "task_set_event(TASK_ID_PD_C...".
400 task_set_event(PD_PORT_TO_TASK_ID(p->port), PD_EVENT_AP_MUX_DONE); 401 402 return EC_RES_SUCCESS; 403 } 404 DECLARE_HOST_COMMAND(EC_CMD_USB_PD_MUX_ACK, 405 hc_usb_pd_mux_ack,
** CID 1451397: Memory - corruptions (ARRAY_VS_SINGLETON)
________________________________________________________________________________________________________ *** CID 1451397: Memory - corruptions (ARRAY_VS_SINGLETON) /src/lib/selfboot.c: 238 in selfload_mapped() 232 { 233 uintptr_t entry = 0; 234 struct cbfs_payload_segment *cbfssegs; 235 236 cbfssegs = &((struct cbfs_payload *)mapping)->segments; 237
CID 1451397: Memory - corruptions (ARRAY_VS_SINGLETON) Passing "cbfssegs" to function "check_payload_segments" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
238 if (check_payload_segments(cbfssegs, dest_type)) 239 return false; 240 241 if (load_payload_segments(cbfssegs, &entry)) 242 return false; 243
** CID 1451396: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________ *** CID 1451396: Memory - corruptions (OVERRUN) /src/lib/selfboot.c: 241 in selfload_mapped() 235 236 cbfssegs = &((struct cbfs_payload *)mapping)->segments; 237 238 if (check_payload_segments(cbfssegs, dest_type)) 239 return false; 240
CID 1451396: Memory - corruptions (OVERRUN) Overrunning struct type cbfs_payload_segment of 28 bytes by passing it to a function which accesses it at byte offset 55.
241 if (load_payload_segments(cbfssegs, &entry)) 242 return false; 243 244 printk(BIOS_SPEW, "Loaded segments\n"); 245 246 /* Pass cbtables to payload if architecture desires it. */
** CID 1451395: Control flow issues (NESTING_INDENT_MISMATCH) /src/soc/amd/common/block/i2c/i2c.c: 105 in dw_i2c_soc_init()
________________________________________________________________________________________________________ *** CID 1451395: Control flow issues (NESTING_INDENT_MISMATCH) /src/soc/amd/common/block/i2c/i2c.c: 105 in dw_i2c_soc_init() 99 if (ctrlr->mode == I2C_PERIPHERAL_MODE || !ctrlr->bar || 100 cfg->early_init != is_early_init) 101 continue; 102 103 if (dw_i2c_init(bus, cfg)) 104 printk(BIOS_ERR, "Failed to init i2c bus %d\n", bus);
CID 1451395: Control flow issues (NESTING_INDENT_MISMATCH) This statement is indented to column 25, as if it were nested within the preceding parent statement, but it is not.
105 continue; 106 107 soc_i2c_misc_init(bus, cfg); 108 } 109 } 110
** CID 1451394: Parse warnings (PW.PARAM_SET_BUT_NOT_USED) /src/vendorcode/mediatek/mt8192/dramc/dramc_pi_calibration_api.c: 3630 in ()
________________________________________________________________________________________________________ *** CID 1451394: Parse warnings (PW.PARAM_SET_BUT_NOT_USED) /src/vendorcode/mediatek/mt8192/dramc/dramc_pi_calibration_api.c: 3630 in () 3624 3625 msg("[WriteLevelingPosCal] DQS PI B0/B1 = %d/%d\n", wrlevel_dqs_delay[0], wrlevel_dqs_delay[1]); 3626 } 3627 #endif 3628 3629 #define SET_PATTERN_MANUALLY_FOR_DEBUG 1
CID 1451394: Parse warnings (PW.PARAM_SET_BUT_NOT_USED) parameter "isAutoK" was set but never used
3630 DRAM_STATUS_T DramcWriteLeveling(DRAMC_CTX_T *p, u8 isAutoK, WLEV_DELAY_BASED_T stDelayBase) 3631 { 3632 // Note that below procedure is based on "ODT off" 3633 DRAM_STATUS_T KResult = DRAM_FAIL; 3634 3635 U8 byte_i, rank_i, ucDoneFlg;
** CID 1451393: Control flow issues (DEADCODE) /3rdparty/chromeec/driver/charger/isl923x.c: 177 in get_amon_bmon()
________________________________________________________________________________________________________ *** CID 1451393: Control flow issues (DEADCODE) /3rdparty/chromeec/driver/charger/isl923x.c: 177 in get_amon_bmon() 171 static int get_amon_bmon(int chgnum, enum isl923x_amon_bmon amon, 172 enum isl923x_mon_dir direction, int *adc) 173 { 174 int reg, ret; 175 176 if (IS_ENABLED(CHARGER_ISL9238X)) {
CID 1451393: Control flow issues (DEADCODE) Execution cannot reach this statement: "ret = raw_read16(chgnum, 76...".
177 ret = raw_read16(chgnum, ISL9238_REG_CONTROL3, ®); 178 if (ret) 179 return ret; 180 181 /* Switch direction */ 182 if (direction)
** CID 1451392: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 699 in i2c_read_string()
________________________________________________________________________________________________________ *** CID 1451392: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 699 in i2c_read_string() 693 694 if (len && block_length > (len - 1)) 695 data_length = len - 1; 696 else 697 data_length = block_length; 698
CID 1451392: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "({...; 0;}) && addr_flags & (8192U /* 1U << 13 */)" is always false regardless of the values of its operands. This occurs as the logical operand of "if".
699 if (IS_ENABLED(CONFIG_SMBUS_PEC) && 700 I2C_USE_PEC(addr_flags)) { 701 uint8_t addr_8bit = 702 I2C_STRIP_FLAGS(addr_flags) << 1; 703 uint8_t out[3] = {addr_8bit, reg, addr_8bit | 1}; 704 uint8_t pec, pec_remote;
** CID 1451391: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 775 in i2c_write_block()
________________________________________________________________________________________________________ *** CID 1451391: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 775 in i2c_write_block() 769 int i, rv; 770 uint8_t reg_address = offset, pec = 0; 771 772 if (!IS_ENABLED(CONFIG_SMBUS_PEC) && I2C_USE_PEC(addr_flags)) 773 return EC_ERROR_UNIMPLEMENTED; 774
CID 1451391: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "({...; 0;}) && addr_flags & (8192U /* 1U << 13 */)" is always false regardless of the values of its operands. This occurs as the logical operand of "if".
775 if (IS_ENABLED(CONFIG_SMBUS_PEC) && I2C_USE_PEC(addr_flags)) { 776 uint8_t addr_8bit = I2C_STRIP_FLAGS(addr_flags) << 1; 777 778 pec = cros_crc8(&addr_8bit, sizeof(uint8_t)); 779 pec = cros_crc8_arg(data, len, pec); 780 }
** CID 1451390: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 331 in platform_ec_i2c_write()
________________________________________________________________________________________________________ *** CID 1451390: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 331 in platform_ec_i2c_write() 325 const uint16_t addr_flags, 326 const uint8_t *out, int out_size) 327 { 328 if (!IS_ENABLED(CONFIG_SMBUS_PEC) && I2C_USE_PEC(addr_flags)) 329 return EC_ERROR_UNIMPLEMENTED; 330
CID 1451390: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "({...; 0;}) && addr_flags & (8192U /* 1U << 13 */)" is always false regardless of the values of its operands. This occurs as the logical operand of "if".
331 if (IS_ENABLED(CONFIG_SMBUS_PEC) && I2C_USE_PEC(addr_flags)) { 332 int i, rv; 333 uint8_t addr_8bit = I2C_STRIP_FLAGS(addr_flags) << 1; 334 uint8_t pec; 335 336 pec = cros_crc8(&addr_8bit, 1);
** CID 1451389: Incorrect expression (MISSING_COMMA) /src/soc/amd/picasso/mca.c: 140 in ()
________________________________________________________________________________________________________ *** CID 1451389: Incorrect expression (MISSING_COMMA) /src/soc/amd/picasso/mca.c: 140 in () 134 } 135 136 static const char *const mca_bank_name[] = { 137 "Load-store unit", 138 "Instruction fetch unit", 139 "L2 cache unit",
CID 1451389: Incorrect expression (MISSING_COMMA) In the initialization of "mca_bank_name", a suspicious concatenated string ""Decode unit"" is produced due to a missing comma between lines.
140 "Decode unit" 141 "", 142 "Execution unit", 143 "Floating point unit", 144 "L3 cache unit" 145 };
** CID 1451388: (BAD_SHIFT) /3rdparty/chromeec/core/cortex-m/mpu.c: 142 in mpu_config_region_greedy() /3rdparty/chromeec/core/cortex-m/mpu.c: 161 in mpu_config_region_greedy() /3rdparty/chromeec/core/cortex-m/mpu.c: 142 in mpu_config_region_greedy() /3rdparty/chromeec/core/cortex-m/mpu.c: 161 in mpu_config_region_greedy()
________________________________________________________________________________________________________ *** CID 1451388: (BAD_SHIFT) /3rdparty/chromeec/core/cortex-m/mpu.c: 142 in mpu_config_region_greedy() 136 137 /* 138 * Generate the subregion mask by walking through each, 139 * disabling if it is not completely contained in the requested 140 * range. 141 */
CID 1451388: (BAD_SHIFT) In expression "1 << natural_alignment", left shifting by more than 31 bits has undefined behavior. The shift amount, "natural_alignment", is as much as 32.
142 subregion_base = addr & ~((1 << natural_alignment) - 1); 143 subregion_size = 1 << (natural_alignment - 3); 144 *consumed = 0; 145 for (int sr_idx = 0; sr_idx < 8; sr_idx++) { 146 if (subregion_base < addr || 147 (subregion_base + subregion_size) > (addr + size)) /3rdparty/chromeec/core/cortex-m/mpu.c: 161 in mpu_config_region_greedy() 155 } 156 } else { 157 /* Not using subregions; all enabled */ 158 *consumed = 1 << natural_alignment; 159 } 160
CID 1451388: (BAD_SHIFT) In expression "1 << natural_alignment", left shifting by more than 31 bits has undefined behavior. The shift amount, "natural_alignment", is as much as 32.
161 return mpu_update_region(region, 162 addr & ~((1 << natural_alignment) - 1), 163 natural_alignment, 164 attr, enable, subregion_disable); 165 } 166 /3rdparty/chromeec/core/cortex-m/mpu.c: 142 in mpu_config_region_greedy() 136 137 /* 138 * Generate the subregion mask by walking through each, 139 * disabling if it is not completely contained in the requested 140 * range. 141 */
CID 1451388: (BAD_SHIFT) In expression "1 << natural_alignment", left shifting by more than 31 bits has undefined behavior. The shift amount, "natural_alignment", is 32.
142 subregion_base = addr & ~((1 << natural_alignment) - 1); 143 subregion_size = 1 << (natural_alignment - 3); 144 *consumed = 0; 145 for (int sr_idx = 0; sr_idx < 8; sr_idx++) { 146 if (subregion_base < addr || 147 (subregion_base + subregion_size) > (addr + size)) /3rdparty/chromeec/core/cortex-m/mpu.c: 161 in mpu_config_region_greedy() 155 } 156 } else { 157 /* Not using subregions; all enabled */ 158 *consumed = 1 << natural_alignment; 159 } 160
CID 1451388: (BAD_SHIFT) In expression "1 << natural_alignment", left shifting by more than 31 bits has undefined behavior. The shift amount, "natural_alignment", is 32.
161 return mpu_update_region(region, 162 addr & ~((1 << natural_alignment) - 1), 163 natural_alignment, 164 attr, enable, subregion_disable); 165 } 166
** CID 1451387: Control flow issues (UNREACHABLE) /src/soc/amd/common/block/i2c/i2c.c: 107 in dw_i2c_soc_init()
________________________________________________________________________________________________________ *** CID 1451387: Control flow issues (UNREACHABLE) /src/soc/amd/common/block/i2c/i2c.c: 107 in dw_i2c_soc_init() 101 continue; 102 103 if (dw_i2c_init(bus, cfg)) 104 printk(BIOS_ERR, "Failed to init i2c bus %d\n", bus); 105 continue; 106
CID 1451387: Control flow issues (UNREACHABLE) This code cannot be reached: "soc_i2c_misc_init(bus, cfg);".
107 soc_i2c_misc_init(bus, cfg); 108 } 109 } 110 111 void i2c_soc_early_init(void) 112 {
** CID 1451386: Control flow issues (UNREACHABLE) /src/mainboard/google/poppy/variants/rammus/mainboard.c: 44 in get_wifi_sar_cbfs_filename()
________________________________________________________________________________________________________ *** CID 1451386: Control flow issues (UNREACHABLE) /src/mainboard/google/poppy/variants/rammus/mainboard.c: 44 in get_wifi_sar_cbfs_filename() 38 sku_id = variant_board_sku(); 39 if (sku_id & 0x200) 40 return "wifi_sar-shyvana.hex"; 41 else 42 return "wifi_sar-leona.hex"; 43
CID 1451386: Control flow issues (UNREACHABLE) This code cannot be reached: "return "wifi_sar_defaults.h...".
44 return WIFI_SAR_CBFS_DEFAULT_FILENAME;
** CID 1451385: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 289 in platform_ec_i2c_read()
________________________________________________________________________________________________________ *** CID 1451385: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /3rdparty/chromeec/common/i2c_controller.c: 289 in platform_ec_i2c_read() 283 static int platform_ec_i2c_read(const int port, const uint16_t addr_flags, 284 uint8_t reg, uint8_t *in, int in_size) 285 { 286 if (!IS_ENABLED(CONFIG_SMBUS_PEC) && I2C_USE_PEC(addr_flags)) 287 return EC_ERROR_UNIMPLEMENTED; 288
CID 1451385: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "({...; 0;}) && addr_flags & (8192U /* 1U << 13 */)" is always false regardless of the values of its operands. This occurs as the logical operand of "if".
289 if (IS_ENABLED(CONFIG_SMBUS_PEC) && I2C_USE_PEC(addr_flags)) { 290 int i, rv; 291 /* addr_8bit = 7 bit addr_flags + 1 bit r/w */ 292 uint8_t addr_8bit = I2C_STRIP_FLAGS(addr_flags) << 1; 293 uint8_t out[3] = {addr_8bit, reg, addr_8bit | 1}; 294 uint8_t pec_local = 0, pec_remote;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...