Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
3 new defect(s) introduced to coreboot found with Coverity Scan. 35 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s)
** CID 1498916: (STRING_OVERFLOW)
________________________________________________________________________________________________________ *** CID 1498916: (STRING_OVERFLOW) /src/arch/x86/smbios.c: 1068 in smbios_write_type28() 1062 u32 oem, 1063 u16 nominal_value) 1064 { 1065 struct smbios_type28 *t = smbios_carve_table(*current, SMBIOS_TEMPERATURE_PROBE, 1066 sizeof(*t), *handle); 1067
CID 1498916: (STRING_OVERFLOW) You might overrun the 2-character fixed-size string "t->eos" by copying "name" without checking the length.
1068 t->description = smbios_add_string(t->eos, name ? name : "Temperature"); 1069 t->location_and_status = location | (status << 5); 1070 t->maximum_value = max_value; 1071 t->minimum_value = min_value; 1072 t->resolution = resolution; 1073 t->tolerance = tolerance; /src/arch/x86/smbios.c: 1068 in smbios_write_type28() 1062 u32 oem, 1063 u16 nominal_value) 1064 { 1065 struct smbios_type28 *t = smbios_carve_table(*current, SMBIOS_TEMPERATURE_PROBE, 1066 sizeof(*t), *handle); 1067
CID 1498916: (STRING_OVERFLOW) You might overrun the 2-character destination string "t->eos" by writing 12 characters from ""Temperature"".
1068 t->description = smbios_add_string(t->eos, name ? name : "Temperature"); 1069 t->location_and_status = location | (status << 5); 1070 t->maximum_value = max_value; 1071 t->minimum_value = min_value; 1072 t->resolution = resolution; 1073 t->tolerance = tolerance;
** CID 1498915: Error handling issues (CHECKED_RETURN) /util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file()
________________________________________________________________________________________________________ *** CID 1498915: Error handling issues (CHECKED_RETURN) /util/amdfwtool/amdfwtool.c: 602 in write_from_buf_to_file() 596 bytes = write(fd, buf + total_bytes, buf_size - total_bytes); 597 if (bytes < 0 && errno == EAGAIN) 598 bytes = 0; 599 600 if (bytes < 0) { 601 fprintf(stderr, "Write failure %s\n", strerror(errno));
CID 1498915: Error handling issues (CHECKED_RETURN) Calling "lseek(fd, 1L, -total_bytes)" without checking return value. This library function may fail and return an error code.
602 lseek(fd, SEEK_CUR, -total_bytes); 603 return bytes; 604 } 605 606 total_bytes += bytes; 607 } while (total_bytes < buf_size);
** CID 1498914: Security best practices violations (STRING_OVERFLOW)
________________________________________________________________________________________________________ *** CID 1498914: Security best practices violations (STRING_OVERFLOW) /src/arch/x86/smbios.c: 1155 in smbios_write_type43() 1149 t->major_spec_ver = major_spec_ver; 1150 t->minor_spec_ver = minor_spec_ver; 1151 t->fw_ver1 = fw_ver1; 1152 t->fw_ver2 = fw_ver2; 1153 t->characteristics = characteristics; 1154 t->oem_defined = oem_defined;
CID 1498914: Security best practices violations (STRING_OVERFLOW) You might overrun the 2-character fixed-size string "t->eos" by copying "description" without checking the length.
1155 t->description = smbios_add_string(t->eos, description); 1156 1157 const int len = smbios_full_table_len(&t->header, t->eos); 1158 *current += len; 1159 *handle += 1; 1160 return len;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...