[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Sun Nov 16 00:18:44 CET 2014
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
17 new defect(s) introduced to coreboot found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 1254658: Out-of-bounds access (ARRAY_VS_SINGLETON)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
** CID 1254657: Unchecked return value (CHECKED_RETURN)
/src/cpu/amd/car/post_cache_as_ram.c: 107 in post_cache_as_ram()
** CID 1254659: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/src/soc/nvidia/tegra124/sor.c: 555 in tegra_dc_sor_config_panel()
** CID 1254652: Logically dead code (DEADCODE)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
** CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
** CID 1254656: Missing break in switch (MISSING_BREAK)
/src/soc/nvidia/tegra124/sor.c: 768 in tegra_dc_sor_power_down_unused_lanes()
** CID 1254653: Out-of-bounds read (OVERRUN)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
** CID 1254646: Uninitialized pointer read (UNINIT)
/src/ec/google/chromeec/ec.c: 104 in google_chromeec_check_ec_image()
** CID 1254655: Uninitialized pointer read (UNINIT)
/src/ec/google/chromeec/ec.c: 143 in google_chromeec_get_board_version()
** CID 1254654: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 554 in ImcDisableSurebootTimer()
** CID 1254649: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 491 in ImcSleep()
** CID 1254645: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 575 in ImcWakeup()
** CID 1254648: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 470 in WaitForEcLDN9MailboxCmdAck()
** CID 1254651: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 400 in AmdIdsRunApTaskLate()
** CID 1254644: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 533 in ImcEnableSurebootTimer()
** CID 1254643: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 512 in SoftwareDisableImc()
** CID 1254647: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 596 in ImcIdle()
________________________________________________________________________________________________________
*** CID 1254658: Out-of-bounds access (ARRAY_VS_SINGLETON)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
1401 } post = {0xDEAD, FileCode, 0xDEAD, FileCode};
1402 UINT16 offset = 0;
1403 UINT16 j;
1404
1405 while(1) {
1406 offset %= sizeof(struct POST) / 2;
>>> CID 1254658: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Using "&post" as an array. This might corrupt or misinterpret adjacent memory locations.
1407 WriteIo32(80, *((UINT32*)(&post+offset)));
1408 ++offset;
1409 for (j=0; j<250; ++j) {
1410 ReadIo8(80);
1411 }
1412 }
________________________________________________________________________________________________________
*** CID 1254657: Unchecked return value (CHECKED_RETURN)
/src/cpu/amd/car/post_cache_as_ram.c: 107 in post_cache_as_ram()
101 {
102 void *resume_backup_memory = NULL;
103
104 int s3resume = acpi_s3_resume_allowed() && acpi_is_wakeup_early();
105 if (s3resume) {
106 #if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
>>> CID 1254657: Unchecked return value (CHECKED_RETURN)
>>> Calling "cbmem_recovery" without checking return value (as is done elsewhere 18 out of 20 times).
107 cbmem_recovery(s3resume);
108 resume_backup_memory = cbmem_find(CBMEM_ID_RESUME);
109 #endif
110 }
111 prepare_romstage_ramstack(resume_backup_memory);
112
________________________________________________________________________________________________________
*** CID 1254659: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/src/soc/nvidia/tegra124/sor.c: 555 in tegra_dc_sor_config_panel()
549 vblank_start << NV_HEAD_STATE4_VBLANK_START_SHIFT |
550 hblank_start << NV_HEAD_STATE4_HBLANK_START_SHIFT);
551
552 /* TODO: adding interlace mode support */
553 tegra_sor_writel(sor, NV_HEAD_STATE5(head_num), 0x1);
554
>>> CID 1254659: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
>>> "(33554432 /* 2 << 24 */) | is_lvds" is always true regardless of the values of its operands. This occurs as the logical first operand of '?:'.
555 tegra_sor_write_field(sor, NV_SOR_CSTM,
556 NV_SOR_CSTM_ROTCLK_DEFAULT_MASK |
557 NV_SOR_CSTM_LVDS_EN_ENABLE,
558 2 << NV_SOR_CSTM_ROTCLK_SHIFT |
559 is_lvds ? NV_SOR_CSTM_LVDS_EN_ENABLE :
560 NV_SOR_CSTM_LVDS_EN_DISABLE);
________________________________________________________________________________________________________
*** CID 1254652: Logically dead code (DEADCODE)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
1061 */
1062 if ((node_nums * core_max) + ioapic_count >= 0x10) {
1063 lapicid_start = (ioapic_count - 1) / core_max;
1064 lapicid_start = (lapicid_start + 1) * core_max;
1065 printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start);
1066 }
>>> CID 1254652: Logically dead code (DEADCODE)
>>> Execution cannot reach the expression "j + (siblings + 1)" inside this statement: "apic_id = lapicid_start * (...".
1067 u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j);
1068 printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n",
1069 i, j, apic_id);
1070
1071 device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node);
1072 if (cpu)
________________________________________________________________________________________________________
*** CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
1061 */
1062 if ((node_nums * core_max) + ioapic_count >= 0x10) {
1063 lapicid_start = (ioapic_count - 1) / core_max;
1064 lapicid_start = (lapicid_start + 1) * core_max;
1065 printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start);
1066 }
>>> CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "i / modules", division by expression "modules" which may be zero has undefined behavior.
1067 u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j);
1068 printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n",
1069 i, j, apic_id);
1070
1071 device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node);
1072 if (cpu)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
1061 */
1062 if ((node_nums * core_max) + ioapic_count >= 0x10) {
1063 lapicid_start = (ioapic_count - 1) / core_max;
1064 lapicid_start = (lapicid_start + 1) * core_max;
1065 printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start);
1066 }
>>> CID 1254650: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "i % modules", modulo by expression "modules" which may be zero has undefined behavior.
1067 u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j);
1068 printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n",
1069 i, j, apic_id);
1070
1071 device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node);
1072 if (cpu)
________________________________________________________________________________________________________
*** CID 1254656: Missing break in switch (MISSING_BREAK)
/src/soc/nvidia/tegra124/sor.c: 768 in tegra_dc_sor_power_down_unused_lanes()
762 drive_current = 0x13131313;
763 pre_emphasis = 0;
764 break;
765 case SOR_LINK_SPEED_G5_4:
766 drive_current = 0x19191919;
767 pre_emphasis = 0x09090909;
>>> CID 1254656: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
768 default:
769 printk(BIOS_ERR, "Invalid sor link bandwidth: %d\n",
770 sor->link_cfg->link_bw);
771 return;
772 }
773
774 tegra_sor_writel(sor, NV_SOR_LANE_DRIVE_CURRENT(sor->portnum),
775 drive_current);
776 tegra_sor_writel(sor, NV_SOR_PR(sor->portnum), pre_emphasis);
________________________________________________________________________________________________________
*** CID 1254653: Out-of-bounds read (OVERRUN)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
1401 } post = {0xDEAD, FileCode, 0xDEAD, FileCode};
1402 UINT16 offset = 0;
1403 UINT16 j;
1404
1405 while(1) {
1406 offset %= sizeof(struct POST) / 2;
>>> CID 1254653: Out-of-bounds read (OVERRUN)
>>> Overrunning array of 3 4-byte elements at element index 15 (byte offset 60) by dereferencing pointer "(UINT32 *)(&post + offset)".
1407 WriteIo32(80, *((UINT32*)(&post+offset)));
1408 ++offset;
1409 for (j=0; j<250; ++j) {
1410 ReadIo8(80);
1411 }
1412 }
________________________________________________________________________________________________________
*** CID 1254646: Uninitialized pointer read (UNINIT)
/src/ec/google/chromeec/ec.c: 104 in google_chromeec_check_ec_image()
98 return google_chromeec_get_mask(EC_CMD_HOST_EVENT_GET_B);
99 }
100
101 #ifndef __SMM__
102 void google_chromeec_check_ec_image(int expected_type)
103 {
>>> CID 1254646: Uninitialized pointer read (UNINIT)
>>> Declaring variable "cec_cmd" without initializer.
104 struct chromeec_command cec_cmd;
105 struct ec_response_get_version cec_resp = {{0}};
106
107 cec_cmd.cmd_code = EC_CMD_GET_VERSION;
108 cec_cmd.cmd_version = 0;
109 cec_cmd.cmd_data_out = &cec_resp;
________________________________________________________________________________________________________
*** CID 1254655: Uninitialized pointer read (UNINIT)
/src/ec/google/chromeec/ec.c: 143 in google_chromeec_get_board_version()
137 google_chromeec_check_ec_image(EC_IMAGE_RO);
138 }
139 }
140
141 u16 google_chromeec_get_board_version(void)
142 {
>>> CID 1254655: Uninitialized pointer read (UNINIT)
>>> Declaring variable "cmd" without initializer.
143 struct chromeec_command cmd;
144 struct ec_response_board_version board_v;
145
146 cmd.cmd_code = EC_CMD_GET_BOARD_VERSION;
147 cmd.cmd_version = 0;
148 cmd.cmd_size_in = 0;
________________________________________________________________________________________________________
*** CID 1254654: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 554 in ImcDisableSurebootTimer()
548 )
549 {
550 MODULE_ENTRY Dispatcher = NULL;
551 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
552 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
553 return;
>>> CID 1254654: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
554 if (!module) return;
555 Dispatcher = module->ModuleDispatcher;
556 Dispatcher(FchDataPtr);
557 }
558
559 /**
________________________________________________________________________________________________________
*** CID 1254649: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 491 in ImcSleep()
485 )
486 {
487 MODULE_ENTRY Dispatcher = NULL;
488 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
489 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
490 return;
>>> CID 1254649: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
491 if (!module) return;
492 Dispatcher = module->ModuleDispatcher;
493 Dispatcher(FchDataPtr);
494 }
495
496 /**
________________________________________________________________________________________________________
*** CID 1254645: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 575 in ImcWakeup()
569 )
570 {
571 MODULE_ENTRY Dispatcher = NULL;
572 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
573 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
574 return;
>>> CID 1254645: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
575 if (!module) return;
576 Dispatcher = module->ModuleDispatcher;
577 Dispatcher(FchDataPtr);
578 }
579
580 /**
________________________________________________________________________________________________________
*** CID 1254648: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 470 in WaitForEcLDN9MailboxCmdAck()
464 )
465 {
466 MODULE_ENTRY Dispatcher = NULL;
467 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
468 StdHeader->Func = 0;
469 return;
>>> CID 1254648: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
470 if (!module) return;
471 Dispatcher = module->ModuleDispatcher;
472 Dispatcher(StdHeader);
473 }
474
475 /**
________________________________________________________________________________________________________
*** CID 1254651: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 400 in AmdIdsRunApTaskLate()
394 )
395 {
396 MODULE_ENTRY Dispatcher = NULL;
397 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
398 AmdApExeParams->StdHeader.Func = -1;
399 return AGESA_UNSUPPORTED;
>>> CID 1254651: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return AGESA...".
400 if (!module) return AGESA_UNSUPPORTED;
401 Dispatcher = module->ModuleDispatcher;
402 return Dispatcher(AmdApExeParams);
403 }
404
405 /**********************************************************************
________________________________________________________________________________________________________
*** CID 1254644: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 533 in ImcEnableSurebootTimer()
527 )
528 {
529 MODULE_ENTRY Dispatcher = NULL;
530 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
531 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
532 return;
>>> CID 1254644: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
533 if (!module) return;
534 Dispatcher = module->ModuleDispatcher;
535 Dispatcher(FchDataPtr);
536 }
537
538 /**
________________________________________________________________________________________________________
*** CID 1254643: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 512 in SoftwareDisableImc()
506 )
507 {
508 MODULE_ENTRY Dispatcher = NULL;
509 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
510 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
511 return;
>>> CID 1254643: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
512 if (!module) return;
513 Dispatcher = module->ModuleDispatcher;
514 Dispatcher(FchDataPtr);
515 }
516
517 /**
________________________________________________________________________________________________________
*** CID 1254647: Structurally dead code (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 596 in ImcIdle()
590 )
591 {
592 MODULE_ENTRY Dispatcher = NULL;
593 const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
594 ((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
595 return;
>>> CID 1254647: Structurally dead code (UNREACHABLE)
>>> This code cannot be reached: "if (!module)
return;".
596 if (!module) return;
597 Dispatcher = module->ModuleDispatcher;
598 Dispatcher(FchDataPtr);
599 }
600
601 // TODO This has to be removed
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
More information about the coreboot
mailing list