Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
9 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 9 of 9 defect(s)
** CID 1396055: Incorrect expression (SIZEOF_MISMATCH) /src/drivers/generic/generic/generic.c: 67 in generic_autogen_name()
________________________________________________________________________________________________________ *** CID 1396055: Incorrect expression (SIZEOF_MISMATCH) /src/drivers/generic/generic/generic.c: 67 in generic_autogen_name() 61 char *name = &config->autogen_name[0]; 62 static unsigned int id; 63 64 if (name[0] != '\0') 65 return name; 66
CID 1396055: Incorrect expression (SIZEOF_MISMATCH) Passing argument "name" of type "char *" and argument "4UL /* sizeof (name) */" to function "snprintf" is suspicious.
67 snprintf(name, sizeof(name), "G%03.3X", id++); 68 name[4] = '\0'; 69 return name; 70 } 71 72 static const char *generic_dev_acpi_name(const struct device *dev)
** CID 1396054: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________ *** CID 1396054: Null pointer dereferences (NULL_RETURNS) /src/drivers/generic/generic/generic.c: 38 in generic_dev_fill_ssdt_generator() 32 33 if (!config->hid) { 34 printk(BIOS_ERR, "%s: ERROR: _HID required\n", dev_path(dev)); 35 return; 36 } 37
CID 1396054: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be null "acpi_device_scope(dev)" when calling "acpigen_write_scope".
38 acpigen_write_scope(acpi_device_scope(dev)); 39 acpigen_write_device(acpi_device_name(dev)); 40 acpigen_write_name_string("_HID", config->hid); 41 if (config->cid) 42 acpigen_write_name_string("_CID", config->cid); 43 acpigen_write_name_integer("_UID", config->uid);
** CID 1396053: Parse warnings (PARSE_ERROR) /src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 652 in ()
________________________________________________________________________________________________________ *** CID 1396053: Parse warnings (PARSE_ERROR) /src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 652 in () 646 } __packed; 647 648 struct lp0_header header __attribute__((section(".header"))) = 649 { 650 .length_insecure = (uintptr_t)&blob_total_size, 651 .length_secure = (uintptr_t)&blob_total_size,
CID 1396053: Parse warnings (PARSE_ERROR) identifier "blob_data" is undefined
652 .destination = (uintptr_t)&blob_data, 653 .entry_point = (uintptr_t)&lp0_resume, 654 .code_length = (uintptr_t)&blob_data_size
** CID 1396052: (RESOURCE_LEAK) /util/intelvbttool/intelvbttool.c: 993 in fix_vbios_checksum() /util/intelvbttool/intelvbttool.c: 998 in fix_vbios_checksum()
________________________________________________________________________________________________________ *** CID 1396052: (RESOURCE_LEAK) /util/intelvbttool/intelvbttool.c: 993 in fix_vbios_checksum() 987 if (!fo) { 988 printerr("%s open failed\n", filename); 989 return 1; 990 } 991 992 if (fo->size < sizeof(optionrom_header_t))
CID 1396052: (RESOURCE_LEAK) Variable "fo" going out of scope leaks the storage it points to.
993 return 1; 994 995 optionrom_header_t *oh = (optionrom_header_t *)fo->data; 996 997 if (oh->size * 512 > fo->size) 998 return 1; /util/intelvbttool/intelvbttool.c: 998 in fix_vbios_checksum() 992 if (fo->size < sizeof(optionrom_header_t)) 993 return 1; 994 995 optionrom_header_t *oh = (optionrom_header_t *)fo->data; 996 997 if (oh->size * 512 > fo->size)
CID 1396052: (RESOURCE_LEAK) Variable "fo" going out of scope leaks the storage it points to.
998 return 1; 999 1000 /* fix checksum */ 1001 oh->checksum = -(checksum_vbios(oh) - oh->checksum); 1002 1003 if (write_file(filename, fo)) {
** CID 1396051: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /util/intelvbttool/intelvbttool.c: 394 in read_file()
________________________________________________________________________________________________________ *** CID 1396051: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /util/intelvbttool/intelvbttool.c: 394 in read_file() 388 printerr("%s seek failed: %s\n", filename, strerror(errno)); 389 fclose(fd); 390 return NULL; 391 } 392 393 const off_t size = ftell(fd);
CID 1396051: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "size > 18446744073709551615UL" is always false regardless of the values of its operands. This occurs as the logical second operand of "||".
394 if (size < 0 || size > SIZE_MAX) { 395 printerr("%s tell failed: %s\n", filename, strerror(errno)); 396 fclose(fd); 397 return NULL; 398 } 399
** CID 1396050: Resource leaks (RESOURCE_LEAK) /util/intelvbttool/intelvbttool.c: 794 in parse_vbt()
________________________________________________________________________________________________________ *** CID 1396050: Resource leaks (RESOURCE_LEAK) /util/intelvbttool/intelvbttool.c: 794 in parse_vbt() 788 if (!bdb_head->header_size || bdb_head->header_size > fo->size) { 789 printerr("invalid BDB header size\n"); 790 return; 791 } 792 793 /* Duplicate fo as caller is owner and remalloc frees the object */
CID 1396050: Resource leaks (RESOURCE_LEAK) Failing to save or free storage allocated by "malloc_fo_sub(fo, 0UL)" leaks it.
794 *vbt = remalloc_fo(malloc_fo_sub(fo, 0), head->vbt_size); 795 } 796 797 /* Option ROM checksum */ 798 static u8 checksum_vbios(const optionrom_header_t *oh) 799 {
** CID 1396049: Parse warnings (PARSE_ERROR) /src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 653 in ()
________________________________________________________________________________________________________ *** CID 1396049: Parse warnings (PARSE_ERROR) /src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 653 in () 647 648 struct lp0_header header __attribute__((section(".header"))) = 649 { 650 .length_insecure = (uintptr_t)&blob_total_size, 651 .length_secure = (uintptr_t)&blob_total_size, 652 .destination = (uintptr_t)&blob_data,
CID 1396049: Parse warnings (PARSE_ERROR) identifier "lp0_resume" is undefined
653 .entry_point = (uintptr_t)&lp0_resume, 654 .code_length = (uintptr_t)&blob_data_size
** CID 1396048: (PARSE_ERROR) /src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 266 in () /src/soc/nvidia/tegra210/lp0/tegra_lp0_resume.c: 430 in ()
________________________________________________________________________________________________________ *** CID 1396048: (PARSE_ERROR) /src/soc/nvidia/tegra124/lp0/tegra_lp0_resume.c: 266 in () 260 static uint32_t *sysctr_cntfid0_ptr = (void *)(SYSCTR_CTLR_BASE + 0x20); 261 262 263 264 /* Utility functions. */ 265
CID 1396048: (PARSE_ERROR) expected a ";"
266 static __always_inline void __noreturn halt(void) 267 { 268 for (;;); 269 } 270 271 static inline uint32_t read32(const void *addr) /src/soc/nvidia/tegra210/lp0/tegra_lp0_resume.c: 430 in () 424 #define MAX77621_VOUT_VAL (0x80 | 0x27) 425 #define MAX77621_VOUT_DATA (MAX77621_VOUT_REG | (MAX77621_VOUT_VAL << 8)) 426 427 428 /* Utility functions. */ 429
CID 1396048: (PARSE_ERROR) expected a ";"
430 static __always_inline void __noreturn halt(void) 431 { 432 for (;;); 433 } 434 435 static inline uint32_t read32(const void *addr)
** CID 1396047: (RESOURCE_LEAK) /util/intelvbttool/intelvbttool.c: 1041 in patch_vbios() /util/intelvbttool/intelvbttool.c: 1045 in patch_vbios()
________________________________________________________________________________________________________ *** CID 1396047: (RESOURCE_LEAK) /util/intelvbttool/intelvbttool.c: 1041 in patch_vbios() 1035 parse_vbios(fo, &old_vbt); 1036 1037 if (old_vbt) { 1038 if (oh->vbt_offset + vbt_size(old_vbt) == fo->size) { 1039 /* Located at the end of file - reduce file size */ 1040 if (fo->size < vbt_size(old_vbt))
CID 1396047: (RESOURCE_LEAK) Variable "old_vbt" going out of scope leaks the storage it points to.
1041 return 1; 1042 fo = remalloc_fo(fo, fo->size - vbt_size(old_vbt)); 1043 if (!fo) { 1044 printerr("Failed to allocate memory\n"); 1045 return 1; 1046 } /util/intelvbttool/intelvbttool.c: 1045 in patch_vbios() 1039 /* Located at the end of file - reduce file size */ 1040 if (fo->size < vbt_size(old_vbt)) 1041 return 1; 1042 fo = remalloc_fo(fo, fo->size - vbt_size(old_vbt)); 1043 if (!fo) { 1044 printerr("Failed to allocate memory\n");
CID 1396047: (RESOURCE_LEAK) Variable "old_vbt" going out of scope leaks the storage it points to.
1045 return 1; 1046 } 1047 oh->vbt_offset = 0; 1048 } else if (vbt_size(old_vbt) < vbt_size(fo_vbt)) { 1049 /* In the middle of the file - Remove old VBT */ 1050 memset(fo->data + oh->vbt_offset, 0xff,
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
-
scan-admin@coverity.com