Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
298 new defect(s) introduced to coreboot found with Coverity Scan. 12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 298 defect(s)
** CID 1370586: (UNINIT) /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control() /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control()
________________________________________________________________________________________________________ *** CID 1370586: (UNINIT) /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() 117 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 118 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 119 }; 120 121 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 122 {
CID 1370586: (UNINIT) Declaring variable "io_base" without initializer.
123 unsigned busn[4], io_base[4]; 124 int i, ck804_num = 0; 125 126 for (i = 0; i < 4; i++) { 127 u32 id; 128 pci_devfn_t dev; /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() 117 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 118 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 119 }; 120 121 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 122 {
CID 1370586: (UNINIT) Declaring variable "io_base" without initializer.
123 unsigned busn[4], io_base[4]; 124 int i, ck804_num = 0; 125 126 for (i = 0; i < 4; i++) { 127 u32 id; 128 pci_devfn_t dev; /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control() 123 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 124 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 125 }; 126 127 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 128 {
CID 1370586: (UNINIT) Declaring variable "io_base" without initializer.
129 unsigned busn[4], io_base[4]; 130 int i, ck804_num = 0; 131 132 for (i = 0; i < 4; i++) { 133 u32 id; 134 pci_devfn_t dev; /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control() 123 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 124 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 125 }; 126 127 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 128 {
CID 1370586: (UNINIT) Declaring variable "io_base" without initializer.
129 unsigned busn[4], io_base[4]; 130 int i, ck804_num = 0; 131 132 for (i = 0; i < 4; i++) { 133 u32 id; 134 pci_devfn_t dev;
** CID 1370583: Uninitialized variables (UNINIT) /src/southbridge/nvidia/ck804/early_setup_car.c: 350 in ck804_early_setup_x()
________________________________________________________________________________________________________ *** CID 1370583: Uninitialized variables (UNINIT) /src/southbridge/nvidia/ck804/early_setup_car.c: 350 in ck804_early_setup_x() 344 busn[ck804_num] = i * 0x40; 345 io_base[ck804_num] = i * 0x4000; 346 ck804_num++; 347 } 348 } 349
CID 1370583: Uninitialized variables (UNINIT) Using uninitialized value "busn[0]" when calling "do_printk".
350 printk(BIOS_DEBUG, "ck804_early_set_port(%d, %d, %d)\n", ck804_num, busn[0], io_base[0]); 351 ck804_early_set_port(ck804_num, busn, io_base); 352 printk(BIOS_DEBUG, "ck804_early_setup(%d, %d, %d)\n", ck804_num, busn[0], io_base[0]); 353 ck804_early_setup(ck804_num, busn, io_base); 354 printk(BIOS_DEBUG, "ck804_early_clear_port(%d, %d, %d)\n", ck804_num, busn[0], io_base[0]); 355 ck804_early_clear_port(ck804_num, busn, io_base);
** CID 1370582: Uninitialized variables (UNINIT) /src/cpu/x86/mtrr/mtrr.c: 347 in commit_fixed_mtrrs()
________________________________________________________________________________________________________ *** CID 1370582: Uninitialized variables (UNINIT) /src/cpu/x86/mtrr/mtrr.c: 347 in commit_fixed_mtrrs() 341 fixed_mtrr_types[type_index++] << 24; 342 msr_num++; 343 } 344 } 345 346 for (i = 0; i < ARRAY_SIZE(fixed_msrs); i++)
CID 1370582: Uninitialized variables (UNINIT) Using uninitialized value "msr_index[i]" when calling "do_printk".
347 printk(BIOS_DEBUG, "MTRR: Fixed MSR 0x%lx 0x%08x%08x\n", 348 msr_index[i], fixed_msrs[i].hi, fixed_msrs[i].lo); 349 350 disable_cache(); 351 for (i = 0; i < ARRAY_SIZE(fixed_msrs); i++) 352 wrmsr(msr_index[i], fixed_msrs[i]);
** CID 1370581: Uninitialized variables (UNINIT) /src/southbridge/nvidia/ck804/early_setup_car.c: 350 in ck804_early_setup_x()
________________________________________________________________________________________________________ *** CID 1370581: Uninitialized variables (UNINIT) /src/southbridge/nvidia/ck804/early_setup_car.c: 350 in ck804_early_setup_x() 344 busn[ck804_num] = i * 0x40; 345 io_base[ck804_num] = i * 0x4000; 346 ck804_num++; 347 } 348 } 349
CID 1370581: Uninitialized variables (UNINIT) Using uninitialized value "io_base[0]" when calling "do_printk".
350 printk(BIOS_DEBUG, "ck804_early_set_port(%d, %d, %d)\n", ck804_num, busn[0], io_base[0]); 351 ck804_early_set_port(ck804_num, busn, io_base); 352 printk(BIOS_DEBUG, "ck804_early_setup(%d, %d, %d)\n", ck804_num, busn[0], io_base[0]); 353 ck804_early_setup(ck804_num, busn, io_base); 354 printk(BIOS_DEBUG, "ck804_early_clear_port(%d, %d, %d)\n", ck804_num, busn[0], io_base[0]); 355 ck804_early_clear_port(ck804_num, busn, io_base);
** CID 1370580: Uninitialized variables (UNINIT) /src/northbridge/intel/x4x/raminit_ddr2.c: 1465 in rcven_ddr2()
________________________________________________________________________________________________________ *** CID 1370580: Uninitialized variables (UNINIT) /src/northbridge/intel/x4x/raminit_ddr2.c: 1465 in rcven_ddr2() 1459 MCHBAR8(0x400*ch + 0x560 + (lane*4)) = 1460 (MCHBAR8(0x400*ch + 0x560 + (lane*4)) & ~0xf) | pitap[ch][lane]; 1461 } 1462 MCHBAR32(0x400*ch + 0x248) = (MCHBAR32(0x400*ch + 0x248) & ~0xf0000) | 1463 (coarsectrl[ch] << 16); 1464 MCHBAR16(0x400*ch + 0x5fa) = coarsedelay[ch];
CID 1370580: Uninitialized variables (UNINIT) Using uninitialized value "mediumphase[ch]".
1465 MCHBAR16(0x400*ch + 0x58c) = mediumphase[ch]; 1466 } 1467 printk(BIOS_DEBUG, "End rcven\n"); 1468 } 1469 1470 static void sdram_save_receive_enable(void)
** CID 1370579: Uninitialized variables (UNINIT) /src/northbridge/intel/x4x/raminit_ddr2.c: 1464 in rcven_ddr2()
________________________________________________________________________________________________________ *** CID 1370579: Uninitialized variables (UNINIT) /src/northbridge/intel/x4x/raminit_ddr2.c: 1464 in rcven_ddr2() 1458 for (lane = 0; lane < 8; lane++) { 1459 MCHBAR8(0x400*ch + 0x560 + (lane*4)) = 1460 (MCHBAR8(0x400*ch + 0x560 + (lane*4)) & ~0xf) | pitap[ch][lane]; 1461 } 1462 MCHBAR32(0x400*ch + 0x248) = (MCHBAR32(0x400*ch + 0x248) & ~0xf0000) | 1463 (coarsectrl[ch] << 16);
CID 1370579: Uninitialized variables (UNINIT) Using uninitialized value "coarsedelay[ch]".
1464 MCHBAR16(0x400*ch + 0x5fa) = coarsedelay[ch]; 1465 MCHBAR16(0x400*ch + 0x58c) = mediumphase[ch]; 1466 } 1467 printk(BIOS_DEBUG, "End rcven\n"); 1468 } 1469
** CID 1370578: (UNINIT) /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control() /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control()
________________________________________________________________________________________________________ *** CID 1370578: (UNINIT) /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() 117 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 118 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 119 }; 120 121 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 122 {
CID 1370578: (UNINIT) Declaring variable "busn" without initializer.
123 unsigned busn[4], io_base[4]; 124 int i, ck804_num = 0; 125 126 for (i = 0; i < 4; i++) { 127 u32 id; 128 pci_devfn_t dev; /src/mainboard/asus/kfsn4-dre/romstage.c: 123 in ck804_control() 117 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 118 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 119 }; 120 121 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 122 {
CID 1370578: (UNINIT) Declaring variable "busn" without initializer.
123 unsigned busn[4], io_base[4]; 124 int i, ck804_num = 0; 125 126 for (i = 0; i < 4; i++) { 127 u32 id; 128 pci_devfn_t dev; /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control() 123 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 124 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 125 }; 126 127 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 128 {
CID 1370578: (UNINIT) Declaring variable "busn" without initializer.
129 unsigned busn[4], io_base[4]; 130 int i, ck804_num = 0; 131 132 for (i = 0; i < 4; i++) { 133 u32 id; 134 pci_devfn_t dev; /src/mainboard/asus/kfsn4-dre_k8/romstage.c: 129 in ck804_control() 123 static const unsigned int ctrl_conf_enable_msi_mapping[] = { 124 RES_PCI_IO, PCI_ADDR(0, 0, 0, 0xe0), ~(0x00000000), 0x00010000, /* Enable MSI mapping on host bridge -- without this Linux cannot use the network device MSI interrupts! */ 125 }; 126 127 static void ck804_control(const unsigned int* values, u32 size, uint8_t bus_unit_id) 128 {
CID 1370578: (UNINIT) Declaring variable "busn" without initializer.
129 unsigned busn[4], io_base[4]; 130 int i, ck804_num = 0; 131 132 for (i = 0; i < 4; i++) { 133 u32 id; 134 pci_devfn_t dev;
** CID 1370576: Null pointer dereferences (REVERSE_INULL) /src/lib/edid.c: 1144 in decode_edid()
________________________________________________________________________________________________________ *** CID 1370576: Null pointer dereferences (REVERSE_INULL) /src/lib/edid.c: 1144 in decode_edid() 1138 }; 1139 1140 dump_breakdown(edid); 1141 1142 memset(out, 0, sizeof(*out)); 1143
CID 1370576: Null pointer dereferences (REVERSE_INULL) Null-checking "edid" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1144 if (!edid || memcmp(edid, "\x00\xFF\xFF\xFF\xFF\xFF\xFF\x00", 8)) { 1145 printk(BIOS_SPEW, "No header found\n"); 1146 return 1; 1147 } 1148 1149 if (manufacturer_name(edid + 0x08))
** CID 1370574: (DIVIDE_BY_ZERO) /src/vendorcode/amd/agesa/f16kb/Proc/Mem/Feat/DMI/mfDMI.c: 383 in MemFDMISupport3() /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Feat/DMI/mfDMI.c: 333 in MemFDMISupport3() /src/vendorcode/amd/agesa/f14/Proc/Mem/Feat/DMI/mfDMI.c: 311 in MemFDMISupport3() /src/vendorcode/amd/agesa/f12/Proc/Mem/Feat/DMI/mfDMI.c: 311 in MemFDMISupport3() /src/vendorcode/amd/agesa/f15/Proc/Mem/Feat/DMI/mfDMI.c: 318 in MemFDMISupport3()
________________________________________________________________________________________________________ *** CID 1370574: (DIVIDE_BY_ZERO) /src/vendorcode/amd/agesa/f16kb/Proc/Mem/Feat/DMI/mfDMI.c: 383 in MemFDMISupport3() 377 Rank = 3; // 16 bits 378 } else if (((temp >> 3) & 0x07) == 3) { 379 Rank = 4; // 32 bits 380 DmiPhysicalDimmInfoTable->Attributes = 4; // Quad Rank Dimm 381 } 382
CID 1370574: (DIVIDE_BY_ZERO) In expression "Capacity / 8 * BusWidth / Width", division by expression "Width" which may be zero has undefined behavior.
383 DimmSize = (UINT32) (Capacity / 8 * BusWidth / Width * Rank); 384 if (DimmSize < 0x7FFF) { 385 DmiPhysicalDimmInfoTable->MemorySize = (UINT16) DimmSize; 386 } else { 387 DmiPhysicalDimmInfoTable->MemorySize = 0x7FFF; 388 DmiPhysicalDimmInfoTable->ExtSize = DimmSize; /src/vendorcode/amd/agesa/f15tn/Proc/Mem/Feat/DMI/mfDMI.c: 333 in MemFDMISupport3() 327 Rank = 3; // 16 bits 328 } else if (((temp >> 3) & 0x07) == 3) { 329 Rank = 4; // 32 bits 330 DmiTable[DimmIndex].Attributes = 4; // Quad Rank Dimm 331 } 332
CID 1370574: (DIVIDE_BY_ZERO) In expression "Capacity / 8 * BusWidth / Width", division by expression "Width" which may be zero has undefined behavior.
333 DimmSize = (UINT32) (Capacity / 8 * BusWidth / Width * Rank); 334 if (DimmSize < 0x7FFF) { 335 DmiTable[DimmIndex].MemorySize = (UINT16) DimmSize; 336 } else { 337 DmiTable[DimmIndex].MemorySize = 0x7FFF; 338 DmiTable[DimmIndex].ExtSize = DimmSize; /src/vendorcode/amd/agesa/f14/Proc/Mem/Feat/DMI/mfDMI.c: 311 in MemFDMISupport3() 305 Rank = 3; // 16 bits 306 } else if (((temp >> 3) & 0x07) == 3) { 307 Rank = 4; // 32 bits 308 DmiTable[DimmIndex].Attributes = 4; // Quad Rank Dimm 309 } 310
CID 1370574: (DIVIDE_BY_ZERO) In expression "Capacity / 8 * BusWidth / Width", division by expression "Width" which may be zero has undefined behavior.
311 DmiTable[DimmIndex].MemorySize = (UINT16) (Capacity / 8 * BusWidth / Width * Rank); 312 313 // Form Factor (offset 0Eh) 314 FormFactor = (UINT8) SpdDataStructure[DimmIndex].Data[3]; 315 if ((FormFactor & 0x01) == 0 || (FormFactor & 0x02) == 0) { 316 DmiTable[DimmIndex].FormFactor = 0x09; // RDIMM or UDIMM /src/vendorcode/amd/agesa/f12/Proc/Mem/Feat/DMI/mfDMI.c: 311 in MemFDMISupport3() 305 Rank = 3; // 16 bits 306 } else if (((temp >> 3) & 0x07) == 3) { 307 Rank = 4; // 32 bits 308 DmiTable[DimmIndex].Attributes = 4; // Quad Rank Dimm 309 } 310
CID 1370574: (DIVIDE_BY_ZERO) In expression "Capacity / 8 * BusWidth / Width", division by expression "Width" which may be zero has undefined behavior.
311 DmiTable[DimmIndex].MemorySize = (UINT16) (Capacity / 8 * BusWidth / Width * Rank); 312 313 // Form Factor (offset 0Eh) 314 FormFactor = (UINT8) SpdDataStructure[DimmIndex].Data[3]; 315 if ((FormFactor & 0x01) == 0 || (FormFactor & 0x02) == 0) { 316 DmiTable[DimmIndex].FormFactor = 0x09; // RDIMM or UDIMM /src/vendorcode/amd/agesa/f15/Proc/Mem/Feat/DMI/mfDMI.c: 318 in MemFDMISupport3() 312 Rank = 3; // 16 bits 313 } else if (((temp >> 3) & 0x07) == 3) { 314 Rank = 4; // 32 bits 315 DmiTable[DimmIndex].Attributes = 4; // Quad Rank Dimm 316 } 317
CID 1370574: (DIVIDE_BY_ZERO) In expression "Capacity / 8 * BusWidth / Width", division by expression "Width" which may be zero has undefined behavior.
318 DimmSize = (UINT32) (Capacity / 8 * BusWidth / Width * Rank); 319 if (DimmSize < 0x7FFF) { 320 DmiTable[DimmIndex].MemorySize = (UINT16) DimmSize; 321 } else { 322 DmiTable[DimmIndex].MemorySize = 0x7FFF; 323 DmiTable[DimmIndex].ExtSize = DimmSize;
** CID 1368413: Control flow issues (DEADCODE) /3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/dram/dfs.c: 1236 in gen_rk3399_ctl_params()
________________________________________________________________________________________________________ *** CID 1368413: Control flow issues (DEADCODE) /3rdparty/arm-trusted-firmware/plat/rockchip/rk3399/drivers/dram/dfs.c: 1236 in gen_rk3399_ctl_params() 1230 tmp0 |= (1 << 24); 1231 #endif 1232 for (i = 0; i < timing_config->ch_cnt; i++) { 1233 if (tmp0 | tmp1) 1234 mmio_setbits_32(CTL_REG(i, 305), 1 << 16); 1235 if (tmp0)
CID 1368413: Control flow issues (DEADCODE) Execution cannot reach this statement: "mmio_setbits_32(4289200128U...".
1236 mmio_setbits_32(CTL_REG(i, 70), tmp0); 1237 if (tmp1) 1238 mmio_setbits_32(CTL_REG(i, 71), tmp1); 1239 } 1240 #endif 1241 }
** CID 1367555: Integer handling issues (INCOMPATIBLE_CAST)
________________________________________________________________________________________________________ *** CID 1367555: Integer handling issues (INCOMPATIBLE_CAST) /dev/cb-build/coreboot-coverity.0/AMD_GARDENIA/agesa/PspBaseLib.c: 326 in UpdataPspDirCheckSum() 320 321 VOID 322 UpdataPspDirCheckSum ( 323 IN OUT PSP_DIRECTORY *PspDir 324 ) 325 {
CID 1367555: Integer handling issues (INCOMPATIBLE_CAST) Pointer "&PspDir->Header.TotalEntries" points to an object whose effective type is "unsigned long" (32 bits, unsigned) but is dereferenced as a narrower "unsigned short" (16 bits, unsigned). This may lead to unexpected results depending on machine endianness.
326 PspDir->Header.Checksum = Fletcher32 ((UINT16 *) &PspDir->Header.TotalEntries, \ 327 (sizeof (PSP_DIRECTORY_HEADER) - OFFSET_OF (PSP_DIRECTORY_HEADER, TotalEntries) + PspDir->Header.TotalEntries * sizeof (PSP_DIRECTORY_ENTRY)) / 2); 328 } 329 330 /** 331 Check if PSP device is present
** CID 1366397: Control flow issues (DEADCODE) /src/drivers/spi/spi_flash.c: 312 in __spi_flash_probe()
________________________________________________________________________________________________________ *** CID 1366397: Control flow issues (DEADCODE) /src/drivers/spi/spi_flash.c: 312 in __spi_flash_probe() 306 for (i = 0; i < sizeof(idcode); i++) 307 printk(BIOS_SPEW, "%02x ", idcode[i]); 308 printk(BIOS_SPEW, "\n"); 309 } 310 311 /* count the number of continuation bytes */
CID 1366397: Control flow issues (DEADCODE) Execution cannot reach the expression "*idp == 127" inside this statement: "for ((shift = 0) , (idp = i...".
312 for (shift = 0, idp = idcode; shift < IDCODE_CONT_LEN && *idp == 0x7f; 313 ++shift, ++idp) 314 continue; 315 316 printk(BIOS_INFO, "Manufacturer: %02x\n", *idp); 317
** CID 1365976: (CONSTANT_EXPRESSION_RESULT) /src/soc/rockchip/rk3399/clock.c: 680 in rkclk_i2c_clock_for_bus() /src/soc/rockchip/rk3399/clock.c: 684 in rkclk_i2c_clock_for_bus() /src/soc/rockchip/rk3399/clock.c: 688 in rkclk_i2c_clock_for_bus()
________________________________________________________________________________________________________ *** CID 1365976: (CONSTANT_EXPRESSION_RESULT) /src/soc/rockchip/rk3399/clock.c: 680 in rkclk_i2c_clock_for_bus() 674 case 4: 675 write32(&pmucru_ptr->pmucru_clksel[3], 676 PMU_I2C_CLK_REG_VALUE(4, src_clk_div)); 677 break; 678 case 5: 679 write32(&cru_ptr->clksel_con[61],
CID 1365976: (CONSTANT_EXPRESSION_RESULT) "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C5_DIV_CON_SHIFT) | (CLK_I2C_PLL_SEL_MASK << CLK_I2C5_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << CLK_I2C5_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << CLK_I2C5_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
680 I2C_CLK_REG_VALUE(5, src_clk_div)); 681 break; 682 case 6: 683 write32(&cru_ptr->clksel_con[62], 684 I2C_CLK_REG_VALUE(6, src_clk_div)); 685 break; /src/soc/rockchip/rk3399/clock.c: 684 in rkclk_i2c_clock_for_bus() 678 case 5: 679 write32(&cru_ptr->clksel_con[61], 680 I2C_CLK_REG_VALUE(5, src_clk_div)); 681 break; 682 case 6: 683 write32(&cru_ptr->clksel_con[62],
CID 1365976: (CONSTANT_EXPRESSION_RESULT) "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C6_DIV_CON_SHIFT) | (CLK_I2C_PLL_SEL_MASK << CLK_I2C6_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << CLK_I2C6_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << CLK_I2C6_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
684 I2C_CLK_REG_VALUE(6, src_clk_div)); 685 break; 686 case 7: 687 write32(&cru_ptr->clksel_con[63], 688 I2C_CLK_REG_VALUE(7, src_clk_div)); 689 break; /src/soc/rockchip/rk3399/clock.c: 688 in rkclk_i2c_clock_for_bus() 682 case 6: 683 write32(&cru_ptr->clksel_con[62], 684 I2C_CLK_REG_VALUE(6, src_clk_div)); 685 break; 686 case 7: 687 write32(&cru_ptr->clksel_con[63],
CID 1365976: (CONSTANT_EXPRESSION_RESULT) "((65280 /* (I2C_DIV_CON_MASK << CLK_I2C7_DIV_CON_SHIFT) | (CLK_I2C_PLL_SEL_MASK << CLK_I2C7_PLL_SEL_SHIFT) */) | ((src_clk_div - 1 << CLK_I2C7_DIV_CON_SHIFT) | (32768 /* CLK_I2C_PLL_SEL_GPLL << CLK_I2C7_PLL_SEL_SHIFT */))) << 16" is 0xffffffffff000000 regardless of the values of its operands. This occurs as the bitwise first operand of "|".
688 I2C_CLK_REG_VALUE(7, src_clk_div)); 689 break; 690 case 8: 691 write32(&pmucru_ptr->pmucru_clksel[2], 692 PMU_I2C_CLK_REG_VALUE(8, src_clk_div)); 693 break;
** CID 1365730: (BUFFER_SIZE) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() /src/mainboard/google/poppy/romstage.c: 43 in mainboard_memory_init_params() /src/mainboard/google/poppy/romstage.c: 44 in mainboard_memory_init_params()
________________________________________________________________________________________________________ *** CID 1365730: (BUFFER_SIZE) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() 35 { 1, 0, 5, 4, 2, 3, 7, 6 } }; 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40
CID 1365730: (BUFFER_SIZE) You might overrun the 12 byte destination string "mem_cfg->DqByteMapCh0" by writing the maximum 24 bytes from "dq_map".
41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); 42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40 41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map));
CID 1365730: (BUFFER_SIZE) You might overrun the 8 byte destination string "mem_cfg->DqsMapCpu2DramCh0" by writing the maximum 16 bytes from "dqs_map".
42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/google/poppy/romstage.c: 43 in mainboard_memory_init_params() 37 }; 38 /* Rcomp resistor */ 39 const u16 rcomp_resistor[] = { 200, 81, 162 }; 40 /* Rcomp target */ 41 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 42
CID 1365730: (BUFFER_SIZE) You might overrun the 12 byte destination string "mem_cfg->DqByteMapCh0" by writing the maximum 24 bytes from "dq_map".
43 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); 44 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 45 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 46 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 47 48 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 49 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 50 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/google/poppy/romstage.c: 44 in mainboard_memory_init_params() 38 /* Rcomp resistor */ 39 const u16 rcomp_resistor[] = { 200, 81, 162 }; 40 /* Rcomp target */ 41 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 42 43 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map));
CID 1365730: (BUFFER_SIZE) You might overrun the 8 byte destination string "mem_cfg->DqsMapCpu2DramCh0" by writing the maximum 16 bytes from "dqs_map".
44 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 45 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 46 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 47 48 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 49 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 50 mem_cfg->MemorySpdDataLen = SPD_LEN;
** CID 1365389: (OVERRUN) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() /src/mainboard/google/poppy/romstage.c: 43 in mainboard_memory_init_params()
________________________________________________________________________________________________________ *** CID 1365389: (OVERRUN) /src/mainboard/google/eve/romstage.c: 41 in mainboard_memory_init_params() 35 { 1, 0, 5, 4, 2, 3, 7, 6 } }; 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40
CID 1365389: (OVERRUN) Overrunning array "mem_cfg->DqByteMapCh0" of 12 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); 42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/google/poppy/romstage.c: 43 in mainboard_memory_init_params() 37 }; 38 /* Rcomp resistor */ 39 const u16 rcomp_resistor[] = { 200, 81, 162 }; 40 /* Rcomp target */ 41 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 42
CID 1365389: (OVERRUN) Overrunning array "mem_cfg->DqByteMapCh0" of 12 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
43 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map)); 44 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 45 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 46 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 47 48 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 49 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 50 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/intel/kblrvp/romstage.c: 38 in mainboard_memory_init_params() 32 FSP_M_CONFIG *mem_cfg; 33 mem_cfg = &mupd->FspmConfig; 34 u8 spd_index = (get_board_id() >> 5) & 0x7; 35 36 printk(BIOS_INFO, "SPD index %d\n", spd_index); 37
CID 1365389: (OVERRUN) Overrunning array "mem_cfg->DqByteMapCh0" of 12 bytes by passing it to a function which accesses it at byte offset 23.
38 mainboard_fill_dq_map_data(&mem_cfg->DqByteMapCh0); 39 mainboard_fill_dqs_map_data(&mem_cfg->DqsMapCpu2DramCh0); 40 mainboard_fill_rcomp_res_data(&mem_cfg->RcompResistor); 41 mainboard_fill_rcomp_strength_data(&mem_cfg->RcompTarget); 42 43 if (IS_ENABLED(CONFIG_BOARD_INTEL_KBLRVP3)) {
** CID 1365388: (OVERRUN) /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() /src/mainboard/google/poppy/romstage.c: 44 in mainboard_memory_init_params()
________________________________________________________________________________________________________ *** CID 1365388: (OVERRUN) /src/mainboard/google/eve/romstage.c: 42 in mainboard_memory_init_params() 36 /* Rcomp resistor */ 37 const u16 rcomp_resistor[] = { 200, 81, 162 }; 38 /* Rcomp target */ 39 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 40 41 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map));
CID 1365388: (OVERRUN) Overrunning array "mem_cfg->DqsMapCpu2DramCh0" of 8 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
42 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 43 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 44 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 45 46 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 47 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 48 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/google/poppy/romstage.c: 44 in mainboard_memory_init_params() 38 /* Rcomp resistor */ 39 const u16 rcomp_resistor[] = { 200, 81, 162 }; 40 /* Rcomp target */ 41 const u16 rcomp_target[] = { 100, 40, 40, 23, 40 }; 42 43 memcpy(&mem_cfg->DqByteMapCh0, dq_map, sizeof(dq_map));
CID 1365388: (OVERRUN) Overrunning array "mem_cfg->DqsMapCpu2DramCh0" of 8 bytes by passing it to a function which accesses it at byte offset 15 using argument "16UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
44 memcpy(&mem_cfg->DqsMapCpu2DramCh0, dqs_map, sizeof(dqs_map)); 45 memcpy(&mem_cfg->RcompResistor, rcomp_resistor, sizeof(rcomp_resistor)); 46 memcpy(&mem_cfg->RcompTarget, rcomp_target, sizeof(rcomp_target)); 47 48 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data(); 49 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00; 50 mem_cfg->MemorySpdDataLen = SPD_LEN; /src/mainboard/intel/kblrvp/romstage.c: 39 in mainboard_memory_init_params() 33 mem_cfg = &mupd->FspmConfig; 34 u8 spd_index = (get_board_id() >> 5) & 0x7; 35 36 printk(BIOS_INFO, "SPD index %d\n", spd_index); 37 38 mainboard_fill_dq_map_data(&mem_cfg->DqByteMapCh0);
CID 1365388: (OVERRUN) Overrunning array "mem_cfg->DqsMapCpu2DramCh0" of 8 bytes by passing it to a function which accesses it at byte offset 15.
39 mainboard_fill_dqs_map_data(&mem_cfg->DqsMapCpu2DramCh0); 40 mainboard_fill_rcomp_res_data(&mem_cfg->RcompResistor); 41 mainboard_fill_rcomp_strength_data(&mem_cfg->RcompTarget); 42 43 if (IS_ENABLED(CONFIG_BOARD_INTEL_KBLRVP3)) { 44 struct region_device spd_rdev;
** CID 1365384: Integer handling issues (DIVIDE_BY_ZERO) /3rdparty/chromeec/driver/temp_sensor/thermistor_ncp15wb.c: 150 in thermistor_linear_interpolate()
________________________________________________________________________________________________________ *** CID 1365384: Integer handling issues (DIVIDE_BY_ZERO) /3rdparty/chromeec/driver/temp_sensor/thermistor_ncp15wb.c: 150 in thermistor_linear_interpolate() 144 * 1. mv_per_deg_c = (v_high - v_low) / (t_high - t_low) 145 * 2. num_steps = (v_high - mv) / mv_per_deg_c 146 * 3. result = t_low + num_steps 147 * 148 * Combine #1 and #2 to mitigate precision loss due to integer division. 149 */
CID 1365384: Integer handling issues (DIVIDE_BY_ZERO) In expression "(v_high - mv) * (t_high - t_low) / (v_high - v_low)", division by expression "v_high - v_low" which may be zero has undefined behavior.
150 num_steps = ((v_high - mv) * (t_high - t_low)) / (v_high - v_low); 151 return t_low + num_steps;
** CID 1363355: (SIZEOF_MISMATCH) /src/drivers/intel/fsp2_0/upd_display.c: 37 in fspm_display_arch_params() /src/drivers/intel/fsp2_0/upd_display.c: 40 in fspm_display_arch_params()
________________________________________________________________________________________________________ *** CID 1363355: (SIZEOF_MISMATCH) /src/drivers/intel/fsp2_0/upd_display.c: 37 in fspm_display_arch_params() 31 { 32 /* Display the architectural parameters for MemoryInit */ 33 printk(BIOS_SPEW, "Architectural UPD values for MemoryInit at: 0x%p\n", 34 new); 35 fsp_display_upd_value("Revision", sizeof(old->Revision), 36 old->Revision, new->Revision);
CID 1363355: (SIZEOF_MISMATCH) Passing argument "old->NvsBufferPtr" of type "void * const" and argument "4UL /* sizeof (old->NvsBufferPtr) */" to function "fsp_display_upd_value" is suspicious.
37 fsp_display_upd_value("NvsBufferPtr", sizeof(old->NvsBufferPtr), 38 (uintptr_t)old->NvsBufferPtr, 39 (uintptr_t)new->NvsBufferPtr); 40 fsp_display_upd_value("StackBase", sizeof(old->StackBase), 41 (uintptr_t)old->StackBase, 42 (uintptr_t)new->StackBase); /src/drivers/intel/fsp2_0/upd_display.c: 40 in fspm_display_arch_params() 34 new); 35 fsp_display_upd_value("Revision", sizeof(old->Revision), 36 old->Revision, new->Revision); 37 fsp_display_upd_value("NvsBufferPtr", sizeof(old->NvsBufferPtr), 38 (uintptr_t)old->NvsBufferPtr, 39 (uintptr_t)new->NvsBufferPtr);
CID 1363355: (SIZEOF_MISMATCH) Passing argument "old->StackBase" of type "void * const" and argument "4UL /* sizeof (old->StackBase) */" to function "fsp_display_upd_value" is suspicious.
40 fsp_display_upd_value("StackBase", sizeof(old->StackBase), 41 (uintptr_t)old->StackBase, 42 (uintptr_t)new->StackBase); 43 fsp_display_upd_value("StackSize", sizeof(old->StackSize), 44 old->StackSize, new->StackSize); 45 fsp_display_upd_value("BootLoaderTolumSize",
** CID 1362811: Resource leaks (RESOURCE_LEAK) /src/southbridge/amd/sr5650/sr5650.c: 804 in add_ivrs_device_entries()
________________________________________________________________________________________________________ *** CID 1362811: Resource leaks (RESOURCE_LEAK) /src/southbridge/amd/sr5650/sr5650.c: 804 in add_ivrs_device_entries() 798 sibling = sibling->sibling) 799 add_ivrs_device_entries(dev, sibling, depth + 1, 800 depth, root_level, current, length); 801 802 if (depth == 0) 803 free(root_level);
CID 1362811: Resource leaks (RESOURCE_LEAK) Returning without freeing "root_level" leaks the storage that it points to.
804 } 805 806 unsigned long acpi_fill_mcfg(unsigned long current) 807 { 808 struct resource *res; 809 resource_t mmconf_base = EXT_CONF_BASE_ADDRESS;
** CID 1362592: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________ *** CID 1362592: Null pointer dereferences (NULL_RETURNS) /src/drivers/generic/max98357a/max98357a.c: 41 in max98357a_fill_ssdt() 35 struct acpi_dp *dp; 36 37 if (!dev->enabled || !config) 38 return; 39 40 /* Device */
CID 1362592: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be null "acpi_device_scope(dev)" when calling "acpigen_write_scope".
41 acpigen_write_scope(acpi_device_scope(dev)); 42 acpigen_write_device(acpi_device_name(dev)); 43 acpigen_write_name_string("_HID", MAX98357A_ACPI_HID); 44 acpigen_write_name_integer("_UID", 0); 45 acpigen_write_name_string("_DDN", dev->chip_ops->name); 46 acpigen_write_STA(ACPI_STATUS_DEVICE_ALL_ON);
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
To manage Coverity Scan email notifications for "coreboot@coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
-
scan-admin@coverity.com