Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
6 new defect(s) introduced to coreboot found with Coverity Scan. 16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s)
** CID 1401305: Memory - illegal accesses (BUFFER_SIZE_WARNING) /src/soc/qualcomm/common/qclib.c: 44 in qclib_add_if_table_entry()
________________________________________________________________________________________________________ *** CID 1401305: Memory - illegal accesses (BUFFER_SIZE_WARNING) /src/soc/qualcomm/common/qclib.c: 44 in qclib_add_if_table_entry() 38 void qclib_add_if_table_entry(const char *name, void *base, 39 uint32_t size, uint32_t attrs) 40 { 41 struct qclib_cb_if_table_entry *te = 42 &qclib_cb_if_table.te[qclib_cb_if_table.num_entries++]; 43 assert(qclib_cb_if_table.num_entries <= qclib_cb_if_table.max_entries);
CID 1401305: Memory - illegal accesses (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size argument of 24 bytes on destination array "te->name" of size 24 bytes might leave the destination string unterminated.
44 strncpy(te->name, name, sizeof(te->name)); 45 te->blob_address = (uintptr_t)base; 46 te->size = size; 47 te->blob_attributes = attrs; 48 } 49
** CID 1401304: Control flow issues (NO_EFFECT) /3rdparty/vboot/firmware/2lib/2misc.c: 131 in vb2_init_context()
________________________________________________________________________________________________________ *** CID 1401304: Control flow issues (NO_EFFECT) /3rdparty/vboot/firmware/2lib/2misc.c: 131 in vb2_init_context() 125 * initialized. */ 126 if (ctx->workbuf_used) { 127 if (sd->magic != VB2_SHARED_DATA_MAGIC) 128 return VB2_ERROR_SHARED_DATA_MAGIC; 129 130 if (sd->struct_version_major != VB2_SHARED_DATA_VERSION_MAJOR ||
CID 1401304: Control flow issues (NO_EFFECT) This less-than-zero comparison of an unsigned value is never true. "sd->struct_version_minor < 0".
131 sd->struct_version_minor < VB2_SHARED_DATA_VERSION_MINOR) 132 return VB2_ERROR_SHARED_DATA_VERSION; 133 134 return VB2_SUCCESS; 135 } 136
** CID 1381814: (BUFFER_SIZE) /src/soc/intel/cannonlake/fsp_params.c: 281 in platform_fsp_silicon_init_params_cb() /src/soc/intel/cannonlake/fsp_params.c: 283 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________ *** CID 1381814: (BUFFER_SIZE) /src/soc/intel/cannonlake/fsp_params.c: 281 in platform_fsp_silicon_init_params_cb() 275 #endif 276 /* PCI Express */ 277 for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) { 278 if (config->PcieClkSrcUsage[i] == 0) 279 config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED; 280 }
CID 1381814: (BUFFER_SIZE) You might overrun the 16 byte destination string "params->PcieClkSrcUsage" by writing the maximum 24 bytes from "config->PcieClkSrcUsage".
281 memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage, 282 sizeof(config->PcieClkSrcUsage)); 283 memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq, 284 sizeof(config->PcieClkSrcClkReq)); 285 memcpy(params->PcieRpLtrEnable, config->PcieRpLtrEnable, 286 sizeof(config->PcieRpLtrEnable)); /src/soc/intel/cannonlake/fsp_params.c: 283 in platform_fsp_silicon_init_params_cb() 277 for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) { 278 if (config->PcieClkSrcUsage[i] == 0) 279 config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED; 280 } 281 memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage, 282 sizeof(config->PcieClkSrcUsage));
CID 1381814: (BUFFER_SIZE) You might overrun the 16 byte destination string "params->PcieClkSrcClkReq" by writing the maximum 24 bytes from "config->PcieClkSrcClkReq".
283 memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq, 284 sizeof(config->PcieClkSrcClkReq)); 285 memcpy(params->PcieRpLtrEnable, config->PcieRpLtrEnable, 286 sizeof(config->PcieRpLtrEnable)); 287 memcpy(params->PcieRpHotPlug, config->PcieRpHotPlug, 288 sizeof(config->PcieRpHotPlug));
** CID 1381813: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 281 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________ *** CID 1381813: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 281 in platform_fsp_silicon_init_params_cb() 275 #endif 276 /* PCI Express */ 277 for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) { 278 if (config->PcieClkSrcUsage[i] == 0) 279 config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED; 280 }
CID 1381813: Memory - corruptions (OVERRUN) Overrunning array "params->PcieClkSrcUsage" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
281 memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage, 282 sizeof(config->PcieClkSrcUsage)); 283 memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq, 284 sizeof(config->PcieClkSrcClkReq)); 285 memcpy(params->PcieRpLtrEnable, config->PcieRpLtrEnable, 286 sizeof(config->PcieRpLtrEnable));
** CID 1381812: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 283 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________ *** CID 1381812: Memory - corruptions (OVERRUN) /src/soc/intel/cannonlake/fsp_params.c: 283 in platform_fsp_silicon_init_params_cb() 277 for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) { 278 if (config->PcieClkSrcUsage[i] == 0) 279 config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED; 280 } 281 memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage, 282 sizeof(config->PcieClkSrcUsage));
CID 1381812: Memory - corruptions (OVERRUN) Overrunning array "params->PcieClkSrcClkReq" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
283 memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq, 284 sizeof(config->PcieClkSrcClkReq)); 285 memcpy(params->PcieRpLtrEnable, config->PcieRpLtrEnable, 286 sizeof(config->PcieRpLtrEnable)); 287 memcpy(params->PcieRpHotPlug, config->PcieRpHotPlug, 288 sizeof(config->PcieRpHotPlug));
** CID 1353342: (OVERRUN)
________________________________________________________________________________________________________ *** CID 1353342: (OVERRUN) /3rdparty/chromeec/common/pwm.c: 120 in cc_pwm_duty() 114 char *e; 115 char *raw; 116 117 if (argc < 2) { 118 ccprintf("PWM channels:\n"); 119 for (ch = 0; ch < PWM_CH_COUNT; ch++)
CID 1353342: (OVERRUN) Overrunning callee's array of size 1 by passing argument "ch" (which evaluates to 2) in call to "print_channel".
120 print_channel(ch, max_duty); 121 return EC_SUCCESS; 122 } 123 124 ch = strtoi(argv[1], &e, 0); 125 if (*e || ch < 0 || ch >= PWM_CH_COUNT) /3rdparty/chromeec/common/pwm.c: 148 in cc_pwm_duty() 142 return EC_ERROR_PARAM2; 143 } else if (value < 0) { 144 /* Negative = disable */ 145 pwm_enable(ch, 0); 146 } else { 147 ccprintf("Setting channel %d to %d\n", ch, value);
CID 1353342: (OVERRUN) Overrunning callee's array of size 1 by passing argument "ch" (which evaluates to 2) in call to "pwm_enable".
148 pwm_enable(ch, 1); 149 (max_duty == 100) ? pwm_set_duty(ch, value) : 150 pwm_set_raw_duty(ch, value); 151 } 152 } 153 /3rdparty/chromeec/common/pwm.c: 149 in cc_pwm_duty() 143 } else if (value < 0) { 144 /* Negative = disable */ 145 pwm_enable(ch, 0); 146 } else { 147 ccprintf("Setting channel %d to %d\n", ch, value); 148 pwm_enable(ch, 1);
CID 1353342: (OVERRUN) Overrunning callee's array of size 1 by passing argument "ch" (which evaluates to 2) in call to "pwm_set_raw_duty".
149 (max_duty == 100) ? pwm_set_duty(ch, value) : 150 pwm_set_raw_duty(ch, value); 151 } 152 } 153 154 print_channel(ch, max_duty); /3rdparty/chromeec/common/pwm.c: 154 in cc_pwm_duty() 148 pwm_enable(ch, 1); 149 (max_duty == 100) ? pwm_set_duty(ch, value) : 150 pwm_set_raw_duty(ch, value); 151 } 152 } 153
CID 1353342: (OVERRUN) Overrunning callee's array of size 1 by passing argument "ch" (which evaluates to 2) in call to "print_channel".
154 print_channel(ch, max_duty); 155 156 return EC_SUCCESS; 157 } 158 DECLARE_CONSOLE_COMMAND(pwmduty, cc_pwm_duty, 159 "[channel [<percent> | -1=disable] | [raw <value>]]",
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
-
scan-admin@coverity.com