Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s)
** CID 1376473: Code maintainability issues (UNUSED_VALUE) /src/soc/intel/quark/spi.c: 169 in xfer()
________________________________________________________________________________________________________ *** CID 1376473: Code maintainability issues (UNUSED_VALUE) /src/soc/intel/quark/spi.c: 169 in xfer() 163 } 164 165 /* Use chip select 0 */ 166 ctrlr->address = (data[0] << 16) 167 | (data[1] << 8) 168 | data[2];
CID 1376473: Code maintainability issues (UNUSED_VALUE) Assigning value from "ctrlr->address" to "status" here, but that stored value is overwritten before it can be used.
169 status = ctrlr->address; 170 data += 3; 171 bytesout -= 3; 172 } 173 174 /* Build the control value */
** CID 1376472: Integer handling issues (SIGN_EXTENSION) /src/commonlib/storage/mmc.c: 436 in mmc_update_capacity()
________________________________________________________________________________________________________ *** CID 1376472: Integer handling issues (SIGN_EXTENSION) /src/commonlib/storage/mmc.c: 436 in mmc_update_capacity() 430 /* Determine the user partition size 431 * 432 * According to the JEDEC Standard, the value of 433 * ext_csd's capacity is valid if the value is 434 * more than 2GB 435 */
CID 1376472: Integer handling issues (SIGN_EXTENSION) Suspicious implicit sign extension: "ext_csd[215]" with type "unsigned char" (8 bits, unsigned) is promoted in "(ext_csd[212] << 0) | (ext_csd[213] << 8) | (ext_csd[214] << 16) | (ext_csd[215] << 24)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "(ext_csd[212] << 0) | (ext_csd[213] << 8) | (ext_csd[214] << 16) | (ext_csd[215] << 24)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
436 capacity = (ext_csd[EXT_CSD_SEC_CNT + 0] << 0 | 437 ext_csd[EXT_CSD_SEC_CNT + 1] << 8 | 438 ext_csd[EXT_CSD_SEC_CNT + 2] << 16 | 439 ext_csd[EXT_CSD_SEC_CNT + 3] << 24); 440 capacity *= 512; 441 if ((capacity >> 20) > 2 * 1024)
** CID 1325831: Insecure data handling (TAINTED_SCALAR) /src/lib/tlcl.c: 242 in tlcl_read()
________________________________________________________________________________________________________ *** CID 1325831: Insecure data handling (TAINTED_SCALAR) /src/lib/tlcl.c: 242 in tlcl_read() 236 237 result = tlcl_send_receive(cmd.buffer, response, sizeof(response)); 238 if (result == TPM_SUCCESS && length > 0) { 239 uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength; 240 from_tpm_uint32(nv_read_cursor, &result_length); 241 nv_read_cursor += sizeof(uint32_t);
CID 1325831: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "result_length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
242 memcpy(data, nv_read_cursor, result_length); 243 } 244 245 return result; 246 } 247
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
To manage Coverity Scan email notifications for "coreboot@coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...