Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
17 new defect(s) introduced to coreboot found with Coverity Scan. 5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 17 of 17 defect(s)
** CID 1254658: Out-of-bounds access (ARRAY_VS_SINGLETON) /coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
** CID 1254657: Unchecked return value (CHECKED_RETURN) /src/cpu/amd/car/post_cache_as_ram.c: 107 in post_cache_as_ram()
** CID 1254659: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) /src/soc/nvidia/tegra124/sor.c: 555 in tegra_dc_sor_config_panel()
** CID 1254652: Logically dead code (DEADCODE) /src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
** CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO) /src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan() /src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
** CID 1254656: Missing break in switch (MISSING_BREAK) /src/soc/nvidia/tegra124/sor.c: 768 in tegra_dc_sor_power_down_unused_lanes()
** CID 1254653: Out-of-bounds read (OVERRUN) /coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
** CID 1254646: Uninitialized pointer read (UNINIT) /src/ec/google/chromeec/ec.c: 104 in google_chromeec_check_ec_image()
** CID 1254655: Uninitialized pointer read (UNINIT) /src/ec/google/chromeec/ec.c: 143 in google_chromeec_get_board_version()
** CID 1254654: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 554 in ImcDisableSurebootTimer()
** CID 1254649: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 491 in ImcSleep()
** CID 1254645: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 575 in ImcWakeup()
** CID 1254648: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 470 in WaitForEcLDN9MailboxCmdAck()
** CID 1254651: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 400 in AmdIdsRunApTaskLate()
** CID 1254644: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 533 in ImcEnableSurebootTimer()
** CID 1254643: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 512 in SoftwareDisableImc()
** CID 1254647: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 596 in ImcIdle()
________________________________________________________________________________________________________ *** CID 1254658: Out-of-bounds access (ARRAY_VS_SINGLETON) /coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop() 1401 } post = {0xDEAD, FileCode, 0xDEAD, FileCode}; 1402 UINT16 offset = 0; 1403 UINT16 j; 1404 1405 while(1) { 1406 offset %= sizeof(struct POST) / 2;
CID 1254658: Out-of-bounds access (ARRAY_VS_SINGLETON) Using "&post" as an array. This might corrupt or misinterpret adjacent memory locations.
1407 WriteIo32(80, *((UINT32*)(&post+offset))); 1408 ++offset; 1409 for (j=0; j<250; ++j) { 1410 ReadIo8(80); 1411 } 1412 }
________________________________________________________________________________________________________ *** CID 1254657: Unchecked return value (CHECKED_RETURN) /src/cpu/amd/car/post_cache_as_ram.c: 107 in post_cache_as_ram() 101 { 102 void *resume_backup_memory = NULL; 103 104 int s3resume = acpi_s3_resume_allowed() && acpi_is_wakeup_early(); 105 if (s3resume) { 106 #if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
CID 1254657: Unchecked return value (CHECKED_RETURN) Calling "cbmem_recovery" without checking return value (as is done elsewhere 18 out of 20 times).
107 cbmem_recovery(s3resume); 108 resume_backup_memory = cbmem_find(CBMEM_ID_RESUME); 109 #endif 110 } 111 prepare_romstage_ramstack(resume_backup_memory); 112
________________________________________________________________________________________________________ *** CID 1254659: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) /src/soc/nvidia/tegra124/sor.c: 555 in tegra_dc_sor_config_panel() 549 vblank_start << NV_HEAD_STATE4_VBLANK_START_SHIFT | 550 hblank_start << NV_HEAD_STATE4_HBLANK_START_SHIFT); 551 552 /* TODO: adding interlace mode support */ 553 tegra_sor_writel(sor, NV_HEAD_STATE5(head_num), 0x1); 554
CID 1254659: Operands don't affect result (CONSTANT_EXPRESSION_RESULT) "(33554432 /* 2 << 24 */) | is_lvds" is always true regardless of the values of its operands. This occurs as the logical first operand of '?:'.
555 tegra_sor_write_field(sor, NV_SOR_CSTM, 556 NV_SOR_CSTM_ROTCLK_DEFAULT_MASK | 557 NV_SOR_CSTM_LVDS_EN_ENABLE, 558 2 << NV_SOR_CSTM_ROTCLK_SHIFT | 559 is_lvds ? NV_SOR_CSTM_LVDS_EN_ENABLE : 560 NV_SOR_CSTM_LVDS_EN_DISABLE);
________________________________________________________________________________________________________ *** CID 1254652: Logically dead code (DEADCODE) /src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan() 1061 */ 1062 if ((node_nums * core_max) + ioapic_count >= 0x10) { 1063 lapicid_start = (ioapic_count - 1) / core_max; 1064 lapicid_start = (lapicid_start + 1) * core_max; 1065 printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start); 1066 }
CID 1254652: Logically dead code (DEADCODE) Execution cannot reach the expression "j + (siblings + 1)" inside this statement: "apic_id = lapicid_start * (...".
1067 u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j); 1068 printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n", 1069 i, j, apic_id); 1070 1071 device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node); 1072 if (cpu)
________________________________________________________________________________________________________ *** CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO) /src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan() 1061 */ 1062 if ((node_nums * core_max) + ioapic_count >= 0x10) { 1063 lapicid_start = (ioapic_count - 1) / core_max; 1064 lapicid_start = (lapicid_start + 1) * core_max; 1065 printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start); 1066 }
CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO) In expression "i / modules", division by expression "modules" which may be zero has undefined behavior.
1067 u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j); 1068 printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n", 1069 i, j, apic_id); 1070 1071 device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node); 1072 if (cpu) /src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan() 1061 */ 1062 if ((node_nums * core_max) + ioapic_count >= 0x10) { 1063 lapicid_start = (ioapic_count - 1) / core_max; 1064 lapicid_start = (lapicid_start + 1) * core_max; 1065 printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start); 1066 }
CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO) In expression "i % modules", modulo by expression "modules" which may be zero has undefined behavior.
1067 u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j); 1068 printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n", 1069 i, j, apic_id); 1070 1071 device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node); 1072 if (cpu)
________________________________________________________________________________________________________ *** CID 1254656: Missing break in switch (MISSING_BREAK) /src/soc/nvidia/tegra124/sor.c: 768 in tegra_dc_sor_power_down_unused_lanes() 762 drive_current = 0x13131313; 763 pre_emphasis = 0; 764 break; 765 case SOR_LINK_SPEED_G5_4: 766 drive_current = 0x19191919; 767 pre_emphasis = 0x09090909;
CID 1254656: Missing break in switch (MISSING_BREAK) The above case falls through to this one.
768 default: 769 printk(BIOS_ERR, "Invalid sor link bandwidth: %d\n", 770 sor->link_cfg->link_bw); 771 return; 772 } 773 774 tegra_sor_writel(sor, NV_SOR_LANE_DRIVE_CURRENT(sor->portnum), 775 drive_current); 776 tegra_sor_writel(sor, NV_SOR_PR(sor->portnum), pre_emphasis);
________________________________________________________________________________________________________ *** CID 1254653: Out-of-bounds read (OVERRUN) /coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop() 1401 } post = {0xDEAD, FileCode, 0xDEAD, FileCode}; 1402 UINT16 offset = 0; 1403 UINT16 j; 1404 1405 while(1) { 1406 offset %= sizeof(struct POST) / 2;
CID 1254653: Out-of-bounds read (OVERRUN) Overrunning array of 3 4-byte elements at element index 15 (byte offset 60) by dereferencing pointer "(UINT32 *)(&post + offset)".
1407 WriteIo32(80, *((UINT32*)(&post+offset))); 1408 ++offset; 1409 for (j=0; j<250; ++j) { 1410 ReadIo8(80); 1411 } 1412 }
________________________________________________________________________________________________________ *** CID 1254646: Uninitialized pointer read (UNINIT) /src/ec/google/chromeec/ec.c: 104 in google_chromeec_check_ec_image() 98 return google_chromeec_get_mask(EC_CMD_HOST_EVENT_GET_B); 99 } 100 101 #ifndef __SMM__ 102 void google_chromeec_check_ec_image(int expected_type) 103 {
CID 1254646: Uninitialized pointer read (UNINIT) Declaring variable "cec_cmd" without initializer.
104 struct chromeec_command cec_cmd; 105 struct ec_response_get_version cec_resp = {{0}}; 106 107 cec_cmd.cmd_code = EC_CMD_GET_VERSION; 108 cec_cmd.cmd_version = 0; 109 cec_cmd.cmd_data_out = &cec_resp;
________________________________________________________________________________________________________ *** CID 1254655: Uninitialized pointer read (UNINIT) /src/ec/google/chromeec/ec.c: 143 in google_chromeec_get_board_version() 137 google_chromeec_check_ec_image(EC_IMAGE_RO); 138 } 139 } 140 141 u16 google_chromeec_get_board_version(void) 142 {
CID 1254655: Uninitialized pointer read (UNINIT) Declaring variable "cmd" without initializer.
143 struct chromeec_command cmd; 144 struct ec_response_board_version board_v; 145 146 cmd.cmd_code = EC_CMD_GET_BOARD_VERSION; 147 cmd.cmd_version = 0; 148 cmd.cmd_size_in = 0;
________________________________________________________________________________________________________ *** CID 1254654: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 554 in ImcDisableSurebootTimer() 548 ) 549 { 550 MODULE_ENTRY Dispatcher = NULL; 551 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 552 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0; 553 return;
CID 1254654: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 554 if (!module) return; 555 Dispatcher = module->ModuleDispatcher; 556 Dispatcher(FchDataPtr); 557 } 558 559 /**
________________________________________________________________________________________________________ *** CID 1254649: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 491 in ImcSleep() 485 ) 486 { 487 MODULE_ENTRY Dispatcher = NULL; 488 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 489 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0; 490 return;
CID 1254649: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 491 if (!module) return; 492 Dispatcher = module->ModuleDispatcher; 493 Dispatcher(FchDataPtr); 494 } 495 496 /**
________________________________________________________________________________________________________ *** CID 1254645: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 575 in ImcWakeup() 569 ) 570 { 571 MODULE_ENTRY Dispatcher = NULL; 572 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 573 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0; 574 return;
CID 1254645: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 575 if (!module) return; 576 Dispatcher = module->ModuleDispatcher; 577 Dispatcher(FchDataPtr); 578 } 579 580 /**
________________________________________________________________________________________________________ *** CID 1254648: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 470 in WaitForEcLDN9MailboxCmdAck() 464 ) 465 { 466 MODULE_ENTRY Dispatcher = NULL; 467 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 468 StdHeader->Func = 0; 469 return;
CID 1254648: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 470 if (!module) return; 471 Dispatcher = module->ModuleDispatcher; 472 Dispatcher(StdHeader); 473 } 474 475 /**
________________________________________________________________________________________________________ *** CID 1254651: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 400 in AmdIdsRunApTaskLate() 394 ) 395 { 396 MODULE_ENTRY Dispatcher = NULL; 397 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 398 AmdApExeParams->StdHeader.Func = -1; 399 return AGESA_UNSUPPORTED;
CID 1254651: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return AGESA...". 400 if (!module) return AGESA_UNSUPPORTED; 401 Dispatcher = module->ModuleDispatcher; 402 return Dispatcher(AmdApExeParams); 403 } 404 405 /**********************************************************************
________________________________________________________________________________________________________ *** CID 1254644: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 533 in ImcEnableSurebootTimer() 527 ) 528 { 529 MODULE_ENTRY Dispatcher = NULL; 530 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 531 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0; 532 return;
CID 1254644: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 533 if (!module) return; 534 Dispatcher = module->ModuleDispatcher; 535 Dispatcher(FchDataPtr); 536 } 537 538 /**
________________________________________________________________________________________________________ *** CID 1254643: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 512 in SoftwareDisableImc() 506 ) 507 { 508 MODULE_ENTRY Dispatcher = NULL; 509 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 510 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0; 511 return;
CID 1254643: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 512 if (!module) return; 513 Dispatcher = module->ModuleDispatcher; 514 Dispatcher(FchDataPtr); 515 } 516 517 /**
________________________________________________________________________________________________________ *** CID 1254647: Structurally dead code (UNREACHABLE) /coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 596 in ImcIdle() 590 ) 591 { 592 MODULE_ENTRY Dispatcher = NULL; 593 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier); 594 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0; 595 return;
CID 1254647: Structurally dead code (UNREACHABLE) This code cannot be reached: "if (!module)
return;". 596 if (!module) return; 597 Dispatcher = module->ModuleDispatcher; 598 Dispatcher(FchDataPtr); 599 } 600 601 // TODO This has to be removed
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
Hi all,
Am 16.11.2014 um 00:18 schrieb scan-admin@coverity.com:
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
this automated report will now be copied to the mailing list. I run coverity on our tree (in abuild default configuration) about once a week.
The reports contains _new_ issues only. Patches are welcome, but please give credit in the commit message (eg. "Found-by: Coverity Scan"). If you want to work with the full list, request access on https://scan.coverity.com/projects/1016 and I'll set things up.
Patrick
-
Patrick Georgi -
scan-admin@coverity.com