New Defects reported by Coverity Scan for coreboot - coreboot

26 Jan 2018

      Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1385420:  Null pointer dereferences  (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/region-init.c: 45 in VbGbbReadHWID()
________________________________________________________________________________________________________
*** CID 1385420:  Null pointer dereferences  (REVERSE_INULL)
/3rdparty/vboot/firmware/lib/region-init.c: 45 in VbGbbReadHWID()
39     	struct vb2_shared_data *sd = vb2_get_sd(ctx);
40     
41     	if (!max_size)
42     		return VBERROR_INVALID_PARAMETER;
43     	*hwid = '\0';
44     	StrnAppend(hwid, "{INVALID}", max_size);
...
...
...
CID 1385420:  Null pointer dereferences  (REVERSE_INULL)
Null-checking "ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

45     	if (!ctx)
46     		return VBERROR_INVALID_GBB;
47     
48     	if (0 == sd->gbb->hwid_size) {
49     		VB2_DEBUG("VbHWID(): invalid hwid size\n");
50     		return VBERROR_SUCCESS; /* oddly enough! */
** CID 1385419:  Memory - corruptions  (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1265 in cru_register_save()
________________________________________________________________________________________________________
*** CID 1385419:  Memory - corruptions  (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1265 in cru_register_save()
1259     
1260     void cru_register_save(void)
1261     {
1262     	int i;
1263     
1264     	for (i = 0; i <= CRU_SDIO0_CON1; i = i + 4)
...
...
...
CID 1385419:  Memory - corruptions  (OVERRUN)
Overrunning array "store_cru" of 355 4-byte elements at element index 355 (byte offset 1420) using index "i / 4" (which evaluates to 355).

1265     		store_cru[i / 4] = mmio_read_32(CRU_BASE + i);
1266     }
1267     
1268     void cru_register_restore(void)
1269     {
1270     	int i;
** CID 1385418:  Memory - illegal accesses  (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1296 in cru_register_restore()
________________________________________________________________________________________________________
*** CID 1385418:  Memory - illegal accesses  (OVERRUN)
/3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/pmu/pmu.c: 1296 in cru_register_restore()
1290     		 * CRU_GLB_CNT_TH and CRU_CLKSEL_CON97~CRU_CLKSEL_CON107
1291     		 * not need do high 16bit mask
1292     		 */
1293     		else if ((i > 0x27c && i < 0x2b0) || (i == 0x508))
1294     			mmio_write_32(CRU_BASE + i, store_cru[i / 4]);
1295     		else
...
...
...
CID 1385418:  Memory - illegal accesses  (OVERRUN)
Overrunning array "store_cru" of 355 4-byte elements at element index 355 (byte offset 1420) using index "i / 4" (which evaluates to 355).

1296     			mmio_write_32(CRU_BASE + i,
1297     				      REG_SOC_WMSK | store_cru[i / 4]);
1298     	}
1299     }
1300     
1301     void wdt_register_save(void)
** CID 1385417:    (NO_EFFECT)
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv2.c: 166 in plat_ic_is_sgi()
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv3.c: 190 in plat_ic_is_sgi()
________________________________________________________________________________________________________
*** CID 1385417:    (NO_EFFECT)
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv2.c: 166 in plat_ic_is_sgi()
160     {
161     	return (id >= MIN_PPI_ID) && (id < MIN_SPI_ID);
162     }
163     
164     int plat_ic_is_sgi(unsigned int id)
165     {
...
...
...
CID 1385417:    (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "id >= 0U".

166     	return (id >= MIN_SGI_ID) && (id < MIN_PPI_ID);
167     }
168     
169     unsigned int plat_ic_get_interrupt_active(unsigned int id)
170     {
171     	return gicv2_get_interrupt_active(id);
/3rdparty/arm-trusted-firmware/plat/common/plat_gicv3.c: 190 in plat_ic_is_sgi()
184     {
185     	return (id >= MIN_PPI_ID) && (id < MIN_SPI_ID);
186     }
187     
188     int plat_ic_is_sgi(unsigned int id)
189     {
...
...
...
CID 1385417:    (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "id >= 0U".

190     	return (id >= MIN_SGI_ID) && (id < MIN_PPI_ID);
191     }
192     
193     unsigned int plat_ic_get_interrupt_active(unsigned int id)
194     {
195     	return gicv3_get_interrupt_active(id, plat_my_core_pos());
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
To manage Coverity Scan email notifications for "coreboot@coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...