Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
106 new defect(s) introduced to coreboot found with Coverity Scan. 77 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 106 defect(s)
** CID 1402138: (OVERRUN)
________________________________________________________________________________________________________ *** CID 1402138: (OVERRUN) /src/vendorcode/amd/cimx/sb900/Sata.c: 601 in sataInitAfterPciEnum() 595 596 sataBar5setting (pConfig, &ddBar5); 597 598 ReadPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8, &dbVar); 599 RWPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8, 0xFF, 0x03); //memory and io access enable 600 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
CID 1402138: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
601 getEfuseStatus (&dbEfuse); 602 603 if ( !cimSataPortMultCap ) { 604 ddAndMask |= BIT12; 605 } 606 if ( cimSataAggrLinkPmCap ) { /src/vendorcode/amd/cimx/sb800/SATA.c: 407 in sataInitAfterPciEnum() 401 402 sataBar5setting (pConfig, &ddBar5); 403 404 ReadPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8, &dbVar); 405 RWPCI (((SATA_BUS_DEV_FUN << 16) + SB_SATA_REG04), AccWidthUint8,0xFF, 0x03); //memory and io access enable 406 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
CID 1402138: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
407 getEfuseStatus (&dbEfuse); 408 409 if ( !cimSataPortMultCap ) { 410 ddAndMask |= BIT12; 411 } 412 if ( cimSataAggrLinkPmCap ) {
** CID 1402137: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________ *** CID 1402137: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb900/SbPeLib.c: 345 in getEfuseByte() 339 UINT8 340 getEfuseByte ( 341 IN UINT8 Index 342 ) 343 { 344 UINT8 Data;
CID 1402137: Memory - corruptions (OVERRUN) Overrunning buffer pointed to by "&Index" of 1 bytes by passing it to a function which accesses it at byte offset 1.
345 WriteMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8, &Index); 346 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8 + 1, AccWidthUint8, &Data); 347 return Data; 348 } 349 350
** CID 1402136: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 414 in PcieMapTopologyOnWrapper() /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 428 in PcieMapTopologyOnWrapper() /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 414 in PcieMapTopologyOnWrapper()
________________________________________________________________________________________________________ *** CID 1402136: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 414 in PcieMapTopologyOnWrapper() 408 Status = AGESA_ERROR; 409 AGESA_STATUS_UPDATE (Status, AgesaStatus); 410 } else { 411 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap; 412 } 413 }
CID 1402136: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
414 EngineList = PcieLibGetNextDescriptor (EngineList); 415 } 416 IDS_HDT_CONSOLE (GNB_TRACE, "PcieMapTopologyOnWrapper Exit [%d]\n", AgesaStatus); 417 return AgesaStatus; 418 } 419 /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 428 in PcieMapTopologyOnWrapper() 422 Status = AGESA_ERROR; 423 AGESA_STATUS_UPDATE (Status, AgesaStatus); 424 } else { 425 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap; 426 } 427 }
CID 1402136: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
428 EngineList = PcieLibGetNextDescriptor (EngineList); 429 } 430 return AgesaStatus; 431 } 432 433 /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieMapTopology.c: 414 in PcieMapTopologyOnWrapper() 408 Status = AGESA_ERROR; 409 AGESA_STATUS_UPDATE (Status, AgesaStatus); 410 } else { 411 WrapperPhyLaneBitMap |= EnginePhyLaneBitMap; 412 } 413 }
CID 1402136: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
414 EngineList = PcieLibGetNextDescriptor (EngineList); 415 } 416 IDS_HDT_CONSOLE (GNB_TRACE, "PcieMapTopologyOnWrapper Exit [%d]\n", AgesaStatus); 417 return AgesaStatus; 418 } 419
** CID 1402135: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1402135: Insecure data handling (TAINTED_SCALAR) /util/cbfstool/cbfstool.c: 1726 in main() 1720 1721 if (commands[i].function == cbfs_create) { 1722 if (param.fmap) { 1723 struct buffer flashmap; 1724 if (buffer_from_file(&flashmap, param.fmap)) 1725 return 1;
CID 1402135: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "flashmap.data" to a tainted sink.
1726 param.image_file = partitioned_file_create( 1727 image_name, &flashmap); 1728 buffer_delete(&flashmap); 1729 } else if (param.size) { 1730 param.image_file = partitioned_file_create_flat( 1731 image_name, param.size);
** CID 1402134: (OVERRUN)
________________________________________________________________________________________________________ *** CID 1402134: (OVERRUN) /src/vendorcode/amd/cimx/sb800/SBCMN.c: 982 in softwareToggleImcStrapping() 976 { 977 UINT8 dbValue; 978 UINT8 dbPortStatus; 979 UINT32 abValue; 980 UINT32 abValue1; 981
CID 1402134: (OVERRUN) Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing it to a function which accesses it at byte offset 1.
982 getChipSysMode (&dbPortStatus); 983 984 ReadPMIO (SB_PMIOA_REGBF, AccWidthUint8, &dbValue); 985 //if ( (dbValue & (BIT6 + BIT7)) != 0xC0 ) { // PwrGoodOut =1, PwrGoodEnB=1 986 //The strapStatus register is not mapped into StrapOveride not in the same bit position. The following is difference. 987 /src/vendorcode/amd/cimx/sb900/SbCmn.c: 1248 in softwareToggleImcStrapping() 1242 { 1243 UINT8 dbValue; 1244 UINT8 dbPortStatus; 1245 UINT32 abValue; 1246 UINT32 abValue1; 1247
CID 1402134: (OVERRUN) Overrunning buffer pointed to by "&dbPortStatus" of 1 bytes by passing it to a function which accesses it at byte offset 1.
1248 getChipSysMode (&dbPortStatus); 1249 1250 ReadPMIO (SB_PMIOA_REGBF, AccWidthUint8, &dbValue); 1251 //if ( (dbValue & (BIT6 + BIT7)) != 0xC0 ) { // PwrGoodOut =1, PwrGoodEnB=1 1252 //The strapStatus register is not mapped into StrapOveride not in the same bit position. The following is difference. 1253
** CID 1402133: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 249 in PcieTopologyApplyLaneMux() /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 249 in PcieTopologyApplyLaneMux() /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 226 in PcieTopologyApplyLaneMux()
________________________________________________________________________________________________________ *** CID 1402133: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 249 in PcieTopologyApplyLaneMux() 243 if (TxLaneMuxSelectorArray [PhyLaneIndex] != CoreLaneIndex) { 244 TxLaneMuxSelectorArray [PcieTopologyLocateMuxIndex (TxLaneMuxSelectorArray, CoreLaneIndex)] = TxLaneMuxSelectorArray [PhyLaneIndex]; 245 TxLaneMuxSelectorArray [PhyLaneIndex] = CoreLaneIndex; 246 } 247 } 248 }
CID 1402133: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
249 EngineList = PcieLibGetNextDescriptor (EngineList); 250 } 251 RxMaxSelectorValue = 0; 252 TxMaxSelectorValue = 0; 253 for (Index = 0; Index < sizeof (LaneMuxSelectorTable); Index++) { 254 RxMaxSelectorValue |= (RxLaneMuxSelectorArray[Index] << (Index * 4)); /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 249 in PcieTopologyApplyLaneMux() 243 if (TxLaneMuxSelectorArray [PhyLaneIndex] != CoreLaneIndex) { 244 TxLaneMuxSelectorArray [PcieTopologyLocateMuxIndex (TxLaneMuxSelectorArray, CoreLaneIndex)] = TxLaneMuxSelectorArray [PhyLaneIndex]; 245 TxLaneMuxSelectorArray [PhyLaneIndex] = CoreLaneIndex; 246 } 247 } 248 }
CID 1402133: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
249 EngineList = PcieLibGetNextDescriptor (EngineList); 250 } 251 RxMaxSelectorValue = 0; 252 TxMaxSelectorValue = 0; 253 for (Index = 0; Index < sizeof (LaneMuxSelectorTable); Index++) { 254 RxMaxSelectorValue |= (RxLaneMuxSelectorArray[Index] << (Index * 4)); /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 226 in PcieTopologyApplyLaneMux() 220 if (TxLaneMuxSelectorArray [PhyLaneIndex] != CoreLaneIndex) { 221 TxLaneMuxSelectorArray [PcieTopologyLocateMuxIndex (TxLaneMuxSelectorArray, CoreLaneIndex)] = TxLaneMuxSelectorArray [PhyLaneIndex]; 222 TxLaneMuxSelectorArray [PhyLaneIndex] = CoreLaneIndex; 223 } 224 } 225 }
CID 1402133: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
226 EngineList = PcieLibGetNextDescriptor (EngineList); 227 } 228 RxMaxSelectorValue = 0; 229 TxMaxSelectorValue = 0; 230 for (Index = 0; Index < sizeof (LaneMuxSelectorTable); Index++) { 231 RxMaxSelectorValue |= (RxLaneMuxSelectorArray[Index] << (Index * 4));
** CID 1402132: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 164 in PcieConfigDisableAllEngines() /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 167 in PcieConfigDisableAllEngines() /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 167 in PcieConfigDisableAllEngines()
________________________________________________________________________________________________________ *** CID 1402132: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 164 in PcieConfigDisableAllEngines() 158 PCIe_ENGINE_CONFIG *EngineList; 159 EngineList = PcieConfigGetChildEngine (Wrapper); 160 while (EngineList != NULL) { 161 if ((EngineList->EngineData.EngineType & EngineTypeMask) != 0) { 162 PcieConfigDisableEngine (EngineList); 163 }
CID 1402132: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
164 EngineList = PcieLibGetNextDescriptor (EngineList); 165 } 166 } 167 168 169 /*----------------------------------------------------------------------------------------*/ /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 167 in PcieConfigDisableAllEngines() 161 PCIe_ENGINE_CONFIG *EngineList; 162 EngineList = PcieConfigGetChildEngine (Wrapper); 163 while (EngineList != NULL) { 164 if ((EngineList->EngineData.EngineType & EngineTypeMask) != 0) { 165 PcieConfigDisableEngine (EngineList); 166 }
CID 1402132: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
167 EngineList = PcieLibGetNextDescriptor (EngineList); 168 } 169 } 170 171 172 /*----------------------------------------------------------------------------------------*/ /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 167 in PcieConfigDisableAllEngines() 161 PCIe_ENGINE_CONFIG *EngineList; 162 EngineList = PcieConfigGetChildEngine (Wrapper); 163 while (EngineList != NULL) { 164 if ((EngineList->EngineData.EngineType & EngineTypeMask) != 0) { 165 PcieConfigDisableEngine (EngineList); 166 }
CID 1402132: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
167 EngineList = PcieLibGetNextDescriptor (EngineList); 168 } 169 } 170 171 172 /*----------------------------------------------------------------------------------------*/
** CID 1402131: Memory - corruptions (OVERRUN) /src/soc/samsung/exynos5420/fimd.c: 358 in exynos_fimd_lcd_init()
________________________________________________________________________________________________________ *** CID 1402131: Memory - corruptions (OVERRUN) /src/soc/samsung/exynos5420/fimd.c: 358 in exynos_fimd_lcd_init() 352 lwritel(cfg, &FIMD_CTRL->vidcon1 + offset); 353 354 /* set timing */ 355 cfg = EXYNOS_VIDTCON0_VFPD(vid->vl_vfpd - 1); 356 cfg |= EXYNOS_VIDTCON0_VBPD(vid->vl_vbpd - 1); 357 cfg |= EXYNOS_VIDTCON0_VSPW(vid->vl_vspw - 1);
CID 1402131: Memory - corruptions (OVERRUN) "&(struct exynos_fb *)0x14400000->vidtcon0 + offset" evaluates to an address that is at byte offset 131072 of an array of 624 bytes.
358 lwritel(cfg, &FIMD_CTRL->vidtcon0 + offset); 359 360 cfg = EXYNOS_VIDTCON1_HFPD(vid->vl_hfpd - 1); 361 cfg |= EXYNOS_VIDTCON1_HBPD(vid->vl_hbpd - 1); 362 cfg |= EXYNOS_VIDTCON1_HSPW(vid->vl_hspw - 1); 363
** CID 1402130: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieConfigTN.c: 489 in PcieConfigureDdi2EnginesLaneAllocationTN()
________________________________________________________________________________________________________ *** CID 1402130: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieConfigTN.c: 489 in PcieConfigureDdi2EnginesLaneAllocationTN() 483 } 484 LaneIndex = 0; 485 while (EnginesList != NULL) { 486 PcieConfigResetDescriptorFlags (EnginesList, DESCRIPTOR_ALLOCATED); 487 EnginesList->EngineData.StartLane = Ddi2LaneConfigurationTable [ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane; 488 EnginesList->EngineData.EndLane = Ddi2LaneConfigurationTable [ConfigurationId][LaneIndex++] + Wrapper->StartPhyLane;
CID 1402130: Memory - corruptions (ARRAY_VS_SINGLETON) Using "EnginesList" as an array. This might corrupt or misinterpret adjacent memory locations.
489 EnginesList = PcieLibGetNextDescriptor (EnginesList); 490 } 491 return AGESA_SUCCESS; 492 } 493 494
** CID 1402129: (OVERRUN)
________________________________________________________________________________________________________ *** CID 1402129: (OVERRUN) /src/vendorcode/amd/cimx/sb800/SBPort.c: 186 in sbPowerOnInit() 180 writeAlink (0x34, readAlink (0x34) | BIT9); 181 182 dbEfuse = FUSE_ID_EFUSE_LOC; 183 getEfuseStatus (&dbEfuse); 184 if ( dbEfuse == M1_D1_FUSE_ID ) { 185 dbEfuse = MINOR_ID_EFUSE_LOC;
CID 1402129: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
186 getEfuseStatus (&dbEfuse); 187 if ( dbEfuse == M1_MINOR_ID ) { 188 // Limit ALink speed to 2.5G if Hudson-M1 189 cimNbSbGen2 = 0; 190 } 191 } /src/vendorcode/amd/cimx/sb900/SBPort.c: 236 in sbPowerOnInit() 230 getEfuseStatus (&dbEfuse); 231 if ( dbEfuse & BIT0 ) { 232 pConfig->NbSbGen2 = 0; 233 } 234 235 dbEfuse = FCH_Variant_EFUSE_LOCATION;
CID 1402129: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
236 getEfuseStatus (&dbEfuse); 237 if ((dbEfuse == 0x07) || (dbEfuse == 0x08)) { 238 pConfig->NbSbGen2 = 0; 239 } 240 241 if (pConfig->NbSbGen2) { /src/vendorcode/amd/cimx/sb900/SBPort.c: 284 in sbPowerOnInit() 278 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG2E, AccWidthUint8, ~(BIT1 + BIT2), 0); //clear BIT[2:1] 279 smbusBase = (UINT16) (pConfig->BuildParameters.Smbus0BaseAddress); 280 dbValue = 0x00; 281 WriteIO (smbusBase + 0x14, AccWidthUint8, &dbValue); 282 283 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
CID 1402129: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
284 getEfuseStatus (&dbEfuse); 285 286 programSbAcpiMmioTbl ((AcpiRegWrite*) FIXUP_PTR (&sbPmioPorInitTable[0])); 287 288 //RPR 3.4 Enabling ClkRun Function 289 RWPCI ((LPC_BUS_DEV_FUN << 16) + SB_LPC_REGBB, AccWidthUint8, ~ BIT2, BIT2); /src/vendorcode/amd/cimx/sb900/SBPort.c: 230 in sbPowerOnInit() 224 //abValue = readAlink (SB_AX_DATAC_REG34 | (UINT32) (AXINDC << 29)); 225 //abValue |= BIT6 + BIT5; 226 //writeAlink (SB_AX_DATAC_REG34 | (UINT32) (AXINDC << 29), abValue); 227 228 // Configure UMI target link speed 229 dbEfuse = PCIE_FORCE_GEN1_EFUSE_LOCATION;
CID 1402129: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
230 getEfuseStatus (&dbEfuse); 231 if ( dbEfuse & BIT0 ) { 232 pConfig->NbSbGen2 = 0; 233 } 234 235 dbEfuse = FCH_Variant_EFUSE_LOCATION; /src/vendorcode/amd/cimx/sb800/SBPort.c: 228 in sbPowerOnInit() 222 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG6A, AccWidthUint16, 00, (pConfig->BuildParameters.SmiCmdPortAddr)); 223 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG6C, AccWidthUint16, 00, (pConfig->BuildParameters.AcpiPmaCntBlkAddr)); 224 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG6E, AccWidthUint16, 00, (pConfig->BuildParameters.SmiCmdPortAddr) + 8); 225 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REG48, AccWidthUint32, 00, (pConfig->BuildParameters.WatchDogTimerBase)); 226 227 dbEfuse = SATA_FIS_BASE_EFUSE_LOC;
CID 1402129: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
228 getEfuseStatus (&dbEfuse); 229 230 programSbAcpiMmioTbl ((AcpiRegWrite*) FIXUP_PTR (&sbPmioPorInitTable[0])); 231 232 233 SataPortNum = 0; /src/vendorcode/amd/cimx/sb800/SBPort.c: 183 in sbPowerOnInit() 177 abValue = abValue | BIT0; 178 writeAlink (SB_ABCFG_REG9C | (UINT32) (ABCFG << 29), abValue); 179 writeAlink (0x30, 0x10); // AXINDC 0x10[9]=1, Enabling Non-Posted memory write for K8 platform. 180 writeAlink (0x34, readAlink (0x34) | BIT9); 181 182 dbEfuse = FUSE_ID_EFUSE_LOC;
CID 1402129: (OVERRUN) Overrunning buffer pointed to by "&dbEfuse" of 1 bytes by passing it to a function which accesses it at byte offset 1.
183 getEfuseStatus (&dbEfuse); 184 if ( dbEfuse == M1_D1_FUSE_ID ) { 185 dbEfuse = MINOR_ID_EFUSE_LOC; 186 getEfuseStatus (&dbEfuse); 187 if ( dbEfuse == M1_MINOR_ID ) { 188 // Limit ALink speed to 2.5G if Hudson-M1
** CID 1402128: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________ *** CID 1402128: API usage errors (PRINTF_ARGS) /3rdparty/vboot/cgpt/cgpt_create.c: 18 in AllocAndClear() 12 static void AllocAndClear(uint8_t **buf, uint64_t size) { 13 if (*buf) { 14 memset(*buf, 0, size); 15 } else { 16 *buf = calloc(1, size); 17 if (!*buf) {
CID 1402128: API usage errors (PRINTF_ARGS) Argument "size" to format specifier "%u" was expected to have type "unsigned int" but has type "unsigned long".
18 Error("Cannot allocate %u bytes.\n", size); 19 abort(); 20 } 21 } 22 } 23
** CID 1402126: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 242 in PcieConfigGetConfigurationSignature() /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 242 in PcieConfigGetConfigurationSignature() /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 239 in PcieConfigGetConfigurationSignature()
________________________________________________________________________________________________________ *** CID 1402126: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 242 in PcieConfigGetConfigurationSignature() 236 ConfigurationSignature = 0; 237 EngineList = PcieConfigGetChildEngine (Wrapper); 238 while (EngineList != NULL) { 239 if (PcieConfigIsPcieEngine (EngineList) && EngineList->Type.Port.CoreId == CoreId) { 240 ConfigurationSignature = (ConfigurationSignature << 8) | PcieConfigGetNumberOfCoreLane (EngineList); 241 }
CID 1402126: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
242 EngineList = PcieLibGetNextDescriptor (EngineList); 243 } 244 return ConfigurationSignature; 245 } 246 247 /*----------------------------------------------------------------------------------------*/ /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 242 in PcieConfigGetConfigurationSignature() 236 ConfigurationSignature = 0; 237 EngineList = PcieConfigGetChildEngine (Wrapper); 238 while (EngineList != NULL) { 239 if (PcieConfigIsPcieEngine (EngineList) && EngineList->Type.Port.CoreId == CoreId) { 240 ConfigurationSignature = (ConfigurationSignature << 8) | PcieConfigGetNumberOfCoreLane (EngineList); 241 }
CID 1402126: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
242 EngineList = PcieLibGetNextDescriptor (EngineList); 243 } 244 return ConfigurationSignature; 245 } 246 247 /*----------------------------------------------------------------------------------------*/ /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieConfig/PcieConfigLib.c: 239 in PcieConfigGetConfigurationSignature() 233 ConfigurationSignature = 0; 234 EngineList = PcieConfigGetChildEngine (Wrapper); 235 while (EngineList != NULL) { 236 if (EngineList->Type.Port.CoreId == CoreId) { 237 ConfigurationSignature = (ConfigurationSignature << 8) | PcieConfigGetNumberOfCoreLane (EngineList); 238 }
CID 1402126: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
239 EngineList = PcieLibGetNextDescriptor (EngineList); 240 } 241 return ConfigurationSignature; 242 } 243 244 /*----------------------------------------------------------------------------------------*/
** CID 1402125: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 474 in PcieTopologySetLinkReversal() /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 441 in PcieTopologySetLinkReversal() /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 474 in PcieTopologySetLinkReversal()
________________________________________________________________________________________________________ *** CID 1402125: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 474 in PcieTopologySetLinkReversal() 468 FALSE, 469 Pcie 470 ); 471 } 472 } 473 }
CID 1402125: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
474 EngineList = PcieLibGetNextDescriptor (EngineList); 475 } 476 IDS_HDT_CONSOLE (GNB_TRACE, "PcieTopologySetLinkReversal Exit\n"); 477 } 478 479 /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 441 in PcieTopologySetLinkReversal() 435 FALSE, 436 Pcie 437 ); 438 } 439 } 440 }
CID 1402125: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
441 EngineList = PcieLibGetNextDescriptor (EngineList); 442 } 443 IDS_HDT_CONSOLE (GNB_TRACE, "PcieTopologySetLinkReversal Exit\n"); 444 } 445 446 /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbPcieInitLibV1/PcieTopologyServices.c: 474 in PcieTopologySetLinkReversal() 468 FALSE, 469 Pcie 470 ); 471 } 472 } 473 }
CID 1402125: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
474 EngineList = PcieLibGetNextDescriptor (EngineList); 475 } 476 IDS_HDT_CONSOLE (GNB_TRACE, "PcieTopologySetLinkReversal Exit\n"); 477 } 478 479
** CID 1402124: Memory - corruptions (OVERRUN) /src/soc/samsung/exynos5420/fimd.c: 364 in exynos_fimd_lcd_init()
________________________________________________________________________________________________________ *** CID 1402124: Memory - corruptions (OVERRUN) /src/soc/samsung/exynos5420/fimd.c: 364 in exynos_fimd_lcd_init() 358 lwritel(cfg, &FIMD_CTRL->vidtcon0 + offset); 359 360 cfg = EXYNOS_VIDTCON1_HFPD(vid->vl_hfpd - 1); 361 cfg |= EXYNOS_VIDTCON1_HBPD(vid->vl_hbpd - 1); 362 cfg |= EXYNOS_VIDTCON1_HSPW(vid->vl_hspw - 1); 363
CID 1402124: Memory - corruptions (OVERRUN) "&(struct exynos_fb *)0x14400000->vidtcon1 + offset" evaluates to an address that is at byte offset 131072 of an array of 620 bytes.
364 lwritel(cfg, &FIMD_CTRL->vidtcon1 + offset); 365 366 /* set lcd size */ 367 cfg = EXYNOS_VIDTCON2_HOZVAL(vid->vl_col - 1) | 368 EXYNOS_VIDTCON2_LINEVAL(vid->vl_row - 1) | 369 EXYNOS_VIDTCON2_HOZVAL_E(vid->vl_col - 1) |
** CID 1402123: Memory - illegal accesses (OVERRUN) /3rdparty/arm-trusted-firmware/lib/pmf/pmf_main.c: 100 in pmf_setup()
________________________________________________________________________________________________________ *** CID 1402123: Memory - illegal accesses (OVERRUN) /3rdparty/arm-trusted-firmware/lib/pmf/pmf_main.c: 100 in pmf_setup() 94 /* 95 * Sort the successfully registered PMF services 96 * according to service ID 97 */ 98 for (ii = 1; ii < pmf_num_services; ii++) { 99 for (jj = 0; jj < (pmf_num_services - ii); jj++) {
CID 1402123: Memory - illegal accesses (OVERRUN) Overrunning array of 8 bytes at byte offset 40 by dereferencing pointer "pmf_svc_descs + (jj + 1)".
100 if ((pmf_svc_descs[jj].svc_config & PMF_SVC_ID_MASK) > 101 (pmf_svc_descs[jj + 1].svc_config & 102 PMF_SVC_ID_MASK)) { 103 temp_val = pmf_svc_descs_indices[jj]; 104 pmf_svc_descs_indices[jj] = 105 pmf_svc_descs_indices[jj+1];
** CID 1402122: Insecure data handling (TAINTED_SCALAR) /util/cbfstool/cbfs_image.c: 1325 in cbfs_export_entry()
________________________________________________________________________________________________________ *** CID 1402122: Insecure data handling (TAINTED_SCALAR) /util/cbfstool/cbfs_image.c: 1325 in cbfs_export_entry() 1319 LOG("Found file %.30s at 0x%x, type %.12s, compressed %d, size %d\n", 1320 entry_name, cbfs_get_entry_addr(image, entry), 1321 get_cbfs_entry_type_name(ntohl(entry->type)), compressed_size, 1322 decompressed_size); 1323 1324 buffer_init(&buffer, strdup("(cbfs_export_entry)"), NULL, 0);
CID 1402122: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "buffer_len" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
1325 buffer.data = malloc(buffer_len); 1326 buffer.size = buffer_len; 1327 1328 if (decompress(CBFS_SUBHEADER(entry), compressed_size, 1329 buffer.data, buffer.size, NULL)) { 1330 ERROR("decompression failed for %s\n", entry_name);
** CID 1402121: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________ *** CID 1402121: Memory - corruptions (OVERRUN) /src/vendorcode/amd/cimx/sb800/SBPort.c: 285 in sbPowerOnInit() 279 WriteIO (SB_IOMAP_REG71, AccWidthUint8, &dbValue); 280 281 // Change the CG PLL multiplier to x1.1 282 if ( pConfig->UsbRxMode !=0 ) { 283 dbCg2WR = 0x00; 284 dbCg1Pll = 0x3A;
CID 1402121: Memory - corruptions (OVERRUN) Overrunning buffer pointed to by "&dbCg2WR" of 1 bytes by passing it to a function which accesses it at byte offset 1.
285 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGC8, AccWidthUint8, &dbCg2WR); 286 RWMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD8, AccWidthUint8, 0, 0x3A); 287 ReadMEM (ACPI_MMIO_BASE + PMIO_BASE + SB_PMIOA_REGD9, AccWidthUint8, &dbCg1Pll); 288 dbCg2WR &= BIT4; 289 if (( dbCg2WR == 0x00 ) && ( dbCg1Pll !=0x10 )) 290 {
** CID 1402120: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c: 232 in PcieSiliconHidePorts() /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c: 233 in PcieSiliconHidePorts()
________________________________________________________________________________________________________ *** CID 1402120: (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c: 232 in PcieSiliconHidePorts() 226 if (!PcieConfigCheckPortStatus (EngineList, INIT_STATUS_PCIE_TRAINING_SUCCESS) && 227 ((EngineList->Type.Port.PortData.LinkHotplug == HotplugDisabled) || (EngineList->Type.Port.PortData.LinkHotplug == HotplugInboard)) && 228 !PcieConfigIsSbPcieEngine (EngineList)) { 229 D0F0x64_x0C.Value |= 1 << EngineList->Type.Port.NativeDevNumber; 230 } 231 }
CID 1402120: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
232 EngineList = PcieLibGetNextDescriptor (EngineList); 233 } 234 WrapperList = PcieLibGetNextDescriptor (WrapperList); 235 } 236 237 GnbLibPciIndirectRMW ( /src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PcieSiliconServices.c: 233 in PcieSiliconHidePorts() 227 while (EngineList != NULL) { 228 if (PcieConfigIsPcieEngine (EngineList)) { 229 if (PcieConfigIsActivePcieEngine (EngineList) && !PcieConfigIsSbPcieEngine (EngineList)) { 230 D0F0x64_x0C.Value &= ~(1 << EngineList->Type.Port.Address.Address.Device); 231 } 232 }
CID 1402120: (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
233 EngineList = PcieLibGetNextDescriptor (EngineList); 234 } 235 WrapperList = PcieLibGetNextDescriptor (WrapperList); 236 } 237 238 GnbLibPciIndirectRMW (
** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in PcieTopologySelectMasterPllKB()
________________________________________________________________________________________________________ *** CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON) /src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 416 in PcieTopologySelectMasterPllKB() 410 MasterLane = (EngineMasterLane < MasterLane) ? EngineMasterLane : MasterLane; 411 if (PcieConfigIsSbPcieEngine (EngineList)) { 412 break; 413 } 414 } 415 }
CID 1402119: Memory - corruptions (ARRAY_VS_SINGLETON) Using "EngineList" as an array. This might corrupt or misinterpret adjacent memory locations.
416 EngineList = PcieLibGetNextDescriptor (EngineList); 417 } 418 419 if (MasterLane == 0xffff) { 420 if (MasterHotplugLane != 0xffff) { 421 MasterLane = MasterHotplugLane;
** CID 1402118: (OVERRUN)
________________________________________________________________________________________________________ *** CID 1402118: (OVERRUN) /src/vendorcode/amd/cimx/sb900/SbCmn.c: 1219 in validateImcFirmware() 1213 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0); 1214 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1); 1215 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2); 1216 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) && (ImcBinSig2 == 0x435F) ) { 1217 dbIMCChecksume = 0; 1218 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++ ) {
CID 1402118: (OVERRUN) Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a function which accesses it at byte offset 1.
1219 ReadMEM (CurAddr, AccWidthUint8, &dbIMC); 1220 dbIMCChecksume = dbIMCChecksume + dbIMC; 1221 } 1222 } 1223 } 1224 if ( dbIMCChecksume ) { /src/vendorcode/amd/cimx/sb800/SBCMN.c: 953 in validateImcFirmware() 947 ReadMEM ((ImcAddr + 0x2000), AccWidthUint32, &ImcBinSig0); 948 ReadMEM ((ImcAddr + 0x2004), AccWidthUint32, &ImcBinSig1); 949 ReadMEM ((ImcAddr + 0x2008), AccWidthUint16, &ImcBinSig2); 950 if ((ImcBinSig0 == 0x444D415F) && (ImcBinSig1 == 0x434D495F) && (ImcBinSig2 == 0x435F) ) { 951 dbIMCChecksume = 0; 952 for ( CurAddr = ImcAddr; CurAddr < ImcAddr + 0x10000; CurAddr++ ) {
CID 1402118: (OVERRUN) Overrunning buffer pointed to by "&dbIMC" of 1 bytes by passing it to a function which accesses it at byte offset 1.
953 ReadMEM (CurAddr, AccWidthUint8, &dbIMC); 954 dbIMCChecksume = dbIMCChecksume + dbIMC; 955 } 956 } 957 } 958 if ( dbIMCChecksume ) {
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
-
scan-admin@coverity.com