Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
2 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 1498391: (TAINTED_SCALAR) /src/commonlib/fsp_relocate.c: 229 in pe_relocate() /src/commonlib/fsp_relocate.c: 256 in pe_relocate()
________________________________________________________________________________________________________ *** CID 1498391: (TAINTED_SCALAR) /src/commonlib/fsp_relocate.c: 229 in pe_relocate() 223 rsize = read_le32(&ophdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].Size); 224 roffset = read_le32(&ophdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress); 225 printk(FSP_DBG_LVL, "relocation table at offset-%x,size=%x\n", roffset, rsize); 226 // TODO - add support for PE32+ also 227 228 offset = roffset;
CID 1498391: (TAINTED_SCALAR) Using tainted variable "roffset + rsize" as a loop boundary.
229 while (offset < (roffset + rsize)) { 230 uint32_t vaddr; 231 uint32_t rlen, rnum; 232 uint16_t *rdata; 233 uint32_t i; 234 EFI_IMAGE_DATA_DIRECTORY *relocd; /src/commonlib/fsp_relocate.c: 256 in pe_relocate() 250 printk(FSP_DBG_LVL, "\t\treloc type %x offset %x aoff %x, base-0x%x\n", 251 rtype, roff, aoff, img_base_off); 252 switch (rtype) { 253 case EFI_IMAGE_REL_BASED_ABSOLUTE: 254 continue; 255 case EFI_IMAGE_REL_BASED_HIGHLOW:
CID 1498391: (TAINTED_SCALAR) Using tainted variable "aoff" as an index to pointer "pe_base".
256 val = read_le32(&pe_base[aoff]); 257 printk(FSP_DBG_LVL, "Adjusting %p %x -> %x\n", 258 &pe_base[aoff], val, val + delta); 259 write_le32(&pe_base[aoff], val + delta); 260 break; 261 case EFI_IMAGE_REL_BASED_DIR64:
** CID 1498390: Null pointer dereferences (FORWARD_NULL) /src/commonlib/fsp_relocate.c: 650 in relocate_fvh()
________________________________________________________________________________________________________ *** CID 1498390: Null pointer dereferences (FORWARD_NULL) /src/commonlib/fsp_relocate.c: 650 in relocate_fvh() 644 printk(FSP_DBG_LVL, "TE image at offset %zx\n", 645 section_offset); 646 te_relocate(section_addr, section_data); 647 } else if (read_le8(&csh->Type) == EFI_SECTION_PE32) { 648 printk(FSP_DBG_LVL, "PE32 image at offset %zx\n", 649 section_offset);
CID 1498390: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "fih_offset".
650 pe_relocate(new_addr, section_data, fsp, *fih_offset); 651 } 652 653 offset += data_size + data_offset; 654 /* Sections are aligned to 4 bytes. */ 655 offset = ALIGN_UP(offset, 4);
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...