Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
6 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s)
** CID 1487636: Resource leaks (RESOURCE_LEAK) /util/cbfstool/fmd_parser.y: 173 in parse_descriptor()
________________________________________________________________________________________________________ *** CID 1487636: Resource leaks (RESOURCE_LEAK) /util/cbfstool/fmd_parser.y: 173 in parse_descriptor() 167 struct descriptor_node *next_node = cur_node->next; 168 free(cur_node); 169 cur_node = next_node; 170 } 171 } else { 172 region->list = NULL;
CID 1487636: Resource leaks (RESOURCE_LEAK) Variable "region" going out of scope leaks the storage it points to.
173 } 174 return region; 175 } 176 177 void yyerror(const char *s) 178 { 179 fprintf(stderr, "%s\n", s);
** CID 1487635: Incorrect expression (SIZEOF_MISMATCH) /src/soc/qualcomm/common/qclib.c: 172 in qclib_load_and_run()
________________________________________________________________________________________________________ *** CID 1487635: Incorrect expression (SIZEOF_MISMATCH) /src/soc/qualcomm/common/qclib.c: 172 in qclib_load_and_run() 166 memset(_ddr_training, 0, REGION_SIZE(ddr_training)); 167 } 168 qclib_add_if_table_entry(QCLIB_TE_DDR_TRAINING_DATA, 169 _ddr_training, REGION_SIZE(ddr_training), 0); 170 171 /* Attempt to read MEM CHIP information */
CID 1487635: Incorrect expression (SIZEOF_MISMATCH) Passing argument "mem_chip_addr" of type "void *" and argument "8U /* sizeof (mem_chip_addr) */" to function "qclib_add_if_table_entry" is suspicious.
172 qclib_add_if_table_entry(QCLIB_TE_MEM_CHIP_INFO, 173 mem_chip_addr, sizeof(mem_chip_addr), 0); 174 175 /* Attempt to load PMICCFG Blob */ 176 data_size = cbfs_load(CONFIG_CBFS_PREFIX "/pmiccfg", 177 _pmic, REGION_SIZE(pmic));
** CID 1487634: Integer handling issues (SIGN_EXTENSION) /src/cpu/intel/common/common_init.c: 226 in set_energy_perf_pref()
________________________________________________________________________________________________________ *** CID 1487634: Integer handling issues (SIGN_EXTENSION) /src/cpu/intel/common/common_init.c: 226 in set_energy_perf_pref() 220 * prefer energy efficiency. 221 * This function needs to be called when HWP_ENABLE is set. 222 */ 223 void set_energy_perf_pref(u8 pref) 224 { 225 msr_unset_and_set(IA32_HWP_REQUEST, IA32_HWP_REQUEST_EPP_MASK,
CID 1487634: Integer handling issues (SIGN_EXTENSION) Suspicious implicit sign extension: "pref" with type "u8" (8 bits, unsigned) is promoted in "pref << 24" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "pref << 24" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
226 pref << IA32_HWP_REQUEST_EPP_SHIFT);
** CID 1487633: Error handling issues (CHECKED_RETURN) /src/drivers/i2c/tpm/cr50.c: 257 in cr50_i2c_tis_ready()
________________________________________________________________________________________________________ *** CID 1487633: Error handling issues (CHECKED_RETURN) /src/drivers/i2c/tpm/cr50.c: 257 in cr50_i2c_tis_ready() 251 } 252 253 /* cr50 requires all 4 bytes of status register to be written */ 254 static void cr50_i2c_tis_ready(struct tpm_chip *chip) 255 { 256 uint8_t buf[4] = { TPM_STS_COMMAND_READY };
CID 1487633: Error handling issues (CHECKED_RETURN) Calling "cr50_i2c_write" without checking return value (as is done elsewhere 4 out of 5 times).
257 cr50_i2c_write(TPM_STS(chip->vendor.locality), buf, sizeof(buf)); 258 mdelay(CR50_TIMEOUT_SHORT_MS); 259 } 260 261 /* cr50 uses bytes 3:2 of status register for burst count and 262 * all 4 bytes must be read */
** CID 1487632: Null pointer dereferences (REVERSE_INULL) /src/drivers/wifi/generic/acpi.c: 539 in wifi_ssdt_write_properties()
________________________________________________________________________________________________________ *** CID 1487632: Null pointer dereferences (REVERSE_INULL) /src/drivers/wifi/generic/acpi.c: 539 in wifi_ssdt_write_properties() 533 534 static void wifi_ssdt_write_properties(const struct device *dev, const char *scope) 535 { 536 bool is_cnvi_ddr_rfim_enabled = false; 537 538 const struct drivers_wifi_generic_config *config = dev->chip_info;
CID 1487632: Null pointer dereferences (REVERSE_INULL) Null-checking "dev" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
539 if (dev && config) 540 is_cnvi_ddr_rfim_enabled = config->enable_cnvi_ddr_rfim; 541 542 /* Scope */ 543 acpigen_write_scope(scope); 544
** CID 1487631: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________ *** CID 1487631: Memory - corruptions (OVERRUN) /src/mainboard/google/herobrine/bootblock.c: 14 in bootblock_mainboard_init() 8 9 void bootblock_mainboard_init(void) 10 { 11 setup_chromeos_gpios(); 12 13 if (CONFIG(MAINBOARD_HAS_I2C_TPM_CR50))
CID 1487631: Memory - corruptions (OVERRUN) Overrunning callee's array of size 12 by passing argument "14U" in call to "i2c_init".
14 i2c_init(CONFIG_DRIVER_TPM_I2C_BUS, I2C_SPEED_FAST); /* H1/TPM I2C */ 15 16 if (CONFIG(MAINBOARD_HAS_SPI_TPM_CR50)) 17 qup_spi_init(CONFIG_DRIVER_TPM_SPI_BUS, 1010 * KHz); /* H1/TPM SPI */ 18 19 if (CONFIG(EC_GOOGLE_CHROMEEC)) 20 qup_spi_init(CONFIG_EC_GOOGLE_CHROMEEC_SPI_BUS, 1010 * KHz); /* EC SPI */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
-
scan-admin@coverity.com