New Defects reported by Coverity Scan for coreboot - coreboot

20 Oct 2017

      Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1381814:    (BUFFER_SIZE)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________
*** CID 1381814:    (BUFFER_SIZE)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
247     
248     	/* PCI Express */
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
...
...
...
CID 1381814:    (BUFFER_SIZE)
You might overrun the 16 byte destination string "params->PcieClkSrcUsage" by writing the maximum 24 bytes from "config->PcieClkSrcUsage".

253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
...
...
...
CID 1381814:    (BUFFER_SIZE)
You might overrun the 16 byte destination string "params->PcieClkSrcClkReq" by writing the maximum 24 bytes from "config->PcieClkSrcClkReq".

255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
259     	params->ScsEmmcEnabled = config->ScsEmmcEnabled;
260     	params->ScsEmmcHs400Enabled = config->ScsEmmcHs400Enabled;
** CID 1381813:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________
*** CID 1381813:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
247     
248     	/* PCI Express */
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
...
...
...
CID 1381813:  Memory - corruptions  (OVERRUN)
Overrunning array "params->PcieClkSrcUsage" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]

253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
** CID 1381812:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________
*** CID 1381812:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
...
...
...
CID 1381812:  Memory - corruptions  (OVERRUN)
Overrunning array "params->PcieClkSrcClkReq" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]

255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
259     	params->ScsEmmcEnabled = config->ScsEmmcEnabled;
260     	params->ScsEmmcHs400Enabled = config->ScsEmmcHs400Enabled;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
To manage Coverity Scan email notifications for "coreboot@coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...