[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Sun Nov 16 00:18:44 CET 2014


Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

17 new defect(s) introduced to coreboot found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)


** CID 1254658:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()

** CID 1254657:  Unchecked return value  (CHECKED_RETURN)
/src/cpu/amd/car/post_cache_as_ram.c: 107 in post_cache_as_ram()

** CID 1254659:  Operands don't affect result  (CONSTANT_EXPRESSION_RESULT)
/src/soc/nvidia/tegra124/sor.c: 555 in tegra_dc_sor_config_panel()

** CID 1254652:  Logically dead code  (DEADCODE)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()

** CID 1254650:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()

** CID 1254656:  Missing break in switch  (MISSING_BREAK)
/src/soc/nvidia/tegra124/sor.c: 768 in tegra_dc_sor_power_down_unused_lanes()

** CID 1254653:  Out-of-bounds read  (OVERRUN)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()

** CID 1254646:  Uninitialized pointer read  (UNINIT)
/src/ec/google/chromeec/ec.c: 104 in google_chromeec_check_ec_image()

** CID 1254655:  Uninitialized pointer read  (UNINIT)
/src/ec/google/chromeec/ec.c: 143 in google_chromeec_get_board_version()

** CID 1254654:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 554 in ImcDisableSurebootTimer()

** CID 1254649:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 491 in ImcSleep()

** CID 1254645:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 575 in ImcWakeup()

** CID 1254648:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 470 in WaitForEcLDN9MailboxCmdAck()

** CID 1254651:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 400 in AmdIdsRunApTaskLate()

** CID 1254644:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 533 in ImcEnableSurebootTimer()

** CID 1254643:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 512 in SoftwareDisableImc()

** CID 1254647:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 596 in ImcIdle()


________________________________________________________________________________________________________
*** CID 1254658:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
1401     	} post = {0xDEAD, FileCode, 0xDEAD, FileCode};
1402     	UINT16 offset = 0;
1403     	UINT16 j;
1404     
1405     	while(1) {
1406     		offset %= sizeof(struct POST) / 2;
>>>     CID 1254658:  Out-of-bounds access  (ARRAY_VS_SINGLETON)
>>>     Using "&post" as an array.  This might corrupt or misinterpret adjacent memory locations.
1407     		WriteIo32(80, *((UINT32*)(&post+offset)));
1408     		++offset;
1409     		for (j=0; j<250; ++j) {
1410     			ReadIo8(80);
1411     		}
1412     	}

________________________________________________________________________________________________________
*** CID 1254657:  Unchecked return value  (CHECKED_RETURN)
/src/cpu/amd/car/post_cache_as_ram.c: 107 in post_cache_as_ram()
101     {
102     	void *resume_backup_memory = NULL;
103     
104     	int s3resume = acpi_s3_resume_allowed() && acpi_is_wakeup_early();
105     	if (s3resume) {
106     #if IS_ENABLED(CONFIG_HAVE_ACPI_RESUME)
>>>     CID 1254657:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "cbmem_recovery" without checking return value (as is done elsewhere 18 out of 20 times).
107     		cbmem_recovery(s3resume);
108     		resume_backup_memory = cbmem_find(CBMEM_ID_RESUME);
109     #endif
110     	}
111     	prepare_romstage_ramstack(resume_backup_memory);
112     

________________________________________________________________________________________________________
*** CID 1254659:  Operands don't affect result  (CONSTANT_EXPRESSION_RESULT)
/src/soc/nvidia/tegra124/sor.c: 555 in tegra_dc_sor_config_panel()
549     		vblank_start << NV_HEAD_STATE4_VBLANK_START_SHIFT |
550     		hblank_start << NV_HEAD_STATE4_HBLANK_START_SHIFT);
551     
552     	/* TODO: adding interlace mode support */
553     	tegra_sor_writel(sor, NV_HEAD_STATE5(head_num), 0x1);
554     
>>>     CID 1254659:  Operands don't affect result  (CONSTANT_EXPRESSION_RESULT)
>>>     "(33554432 /* 2 << 24 */) | is_lvds" is always true regardless of the values of its operands. This occurs as the logical first operand of '?:'.
555     	tegra_sor_write_field(sor, NV_SOR_CSTM,
556     		NV_SOR_CSTM_ROTCLK_DEFAULT_MASK |
557     		NV_SOR_CSTM_LVDS_EN_ENABLE,
558     		2 << NV_SOR_CSTM_ROTCLK_SHIFT |
559     		is_lvds ? NV_SOR_CSTM_LVDS_EN_ENABLE :
560     		NV_SOR_CSTM_LVDS_EN_DISABLE);

________________________________________________________________________________________________________
*** CID 1254652:  Logically dead code  (DEADCODE)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
1061                              */
1062     			if ((node_nums * core_max) + ioapic_count >= 0x10) {
1063     				lapicid_start = (ioapic_count - 1) / core_max;
1064     				lapicid_start = (lapicid_start + 1) * core_max;
1065     				printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start);
1066     			}
>>>     CID 1254652:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach the expression "j + (siblings + 1)" inside this statement: "apic_id = lapicid_start * (...".
1067     			u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j);
1068     			printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n",
1069     					i, j, apic_id);
1070     
1071     			device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node);
1072     			if (cpu)

________________________________________________________________________________________________________
*** CID 1254650:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
1061                              */
1062     			if ((node_nums * core_max) + ioapic_count >= 0x10) {
1063     				lapicid_start = (ioapic_count - 1) / core_max;
1064     				lapicid_start = (lapicid_start + 1) * core_max;
1065     				printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start);
1066     			}
>>>     CID 1254650:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "i / modules", division by expression "modules" which may be zero has undefined behavior.
1067     			u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j);
1068     			printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n",
1069     					i, j, apic_id);
1070     
1071     			device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node);
1072     			if (cpu)
/src/northbridge/amd/agesa/00730F01/northbridge.c: 1067 in cpu_bus_scan()
1061                              */
1062     			if ((node_nums * core_max) + ioapic_count >= 0x10) {
1063     				lapicid_start = (ioapic_count - 1) / core_max;
1064     				lapicid_start = (lapicid_start + 1) * core_max;
1065     				printk(BIOS_SPEW, "lpaicid_start=0x%x ", lapicid_start);
1066     			}
>>>     CID 1254650:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "i % modules", modulo by expression "modules" which may be zero has undefined behavior.
1067     			u32 apic_id = (lapicid_start * (i/modules + 1)) + ((i % modules) ? (j + (siblings + 1)) : j);
1068     			printk(BIOS_SPEW, "node 0x%x core 0x%x apicid=0x%x\n",
1069     					i, j, apic_id);
1070     
1071     			device_t cpu = add_cpu_device(cpu_bus, apic_id, enable_node);
1072     			if (cpu)

________________________________________________________________________________________________________
*** CID 1254656:  Missing break in switch  (MISSING_BREAK)
/src/soc/nvidia/tegra124/sor.c: 768 in tegra_dc_sor_power_down_unused_lanes()
762     		drive_current = 0x13131313;
763     		pre_emphasis = 0;
764     		break;
765     	case SOR_LINK_SPEED_G5_4:
766     		drive_current = 0x19191919;
767     		pre_emphasis = 0x09090909;
>>>     CID 1254656:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
768     	default:
769     		printk(BIOS_ERR, "Invalid sor link bandwidth: %d\n",
770     			sor->link_cfg->link_bw);
771     		return;
772     	}
773     
774     	tegra_sor_writel(sor, NV_SOR_LANE_DRIVE_CURRENT(sor->portnum),
775     				drive_current);
776     	tegra_sor_writel(sor, NV_SOR_PR(sor->portnum), pre_emphasis);

________________________________________________________________________________________________________
*** CID 1254653:  Out-of-bounds read  (OVERRUN)
/coreboot-builds/amd_olivehillplus/agesa/amdlib.c: 1407 in IdsErrorStop()
1401     	} post = {0xDEAD, FileCode, 0xDEAD, FileCode};
1402     	UINT16 offset = 0;
1403     	UINT16 j;
1404     
1405     	while(1) {
1406     		offset %= sizeof(struct POST) / 2;
>>>     CID 1254653:  Out-of-bounds read  (OVERRUN)
>>>     Overrunning array of 3 4-byte elements at element index 15 (byte offset 60) by dereferencing pointer "(UINT32 *)(&post + offset)".
1407     		WriteIo32(80, *((UINT32*)(&post+offset)));
1408     		++offset;
1409     		for (j=0; j<250; ++j) {
1410     			ReadIo8(80);
1411     		}
1412     	}

________________________________________________________________________________________________________
*** CID 1254646:  Uninitialized pointer read  (UNINIT)
/src/ec/google/chromeec/ec.c: 104 in google_chromeec_check_ec_image()
98     	return google_chromeec_get_mask(EC_CMD_HOST_EVENT_GET_B);
99     }
100     
101     #ifndef __SMM__
102     void google_chromeec_check_ec_image(int expected_type)
103     {
>>>     CID 1254646:  Uninitialized pointer read  (UNINIT)
>>>     Declaring variable "cec_cmd" without initializer.
104     	struct chromeec_command cec_cmd;
105     	struct ec_response_get_version cec_resp = {{0}};
106     
107     	cec_cmd.cmd_code = EC_CMD_GET_VERSION;
108     	cec_cmd.cmd_version = 0;
109     	cec_cmd.cmd_data_out = &cec_resp;

________________________________________________________________________________________________________
*** CID 1254655:  Uninitialized pointer read  (UNINIT)
/src/ec/google/chromeec/ec.c: 143 in google_chromeec_get_board_version()
137     		google_chromeec_check_ec_image(EC_IMAGE_RO);
138     	}
139     }
140     
141     u16 google_chromeec_get_board_version(void)
142     {
>>>     CID 1254655:  Uninitialized pointer read  (UNINIT)
>>>     Declaring variable "cmd" without initializer.
143     	struct chromeec_command cmd;
144     	struct ec_response_board_version board_v;
145     
146     	cmd.cmd_code = EC_CMD_GET_BOARD_VERSION;
147     	cmd.cmd_version = 0;
148     	cmd.cmd_size_in = 0;

________________________________________________________________________________________________________
*** CID 1254654:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 554 in ImcDisableSurebootTimer()
548       )
549     {
550     	MODULE_ENTRY Dispatcher = NULL;
551     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
552     	((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
553     	return;
>>>     CID 1254654:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
554     	if (!module) return;
555     	Dispatcher = module->ModuleDispatcher;
556     	Dispatcher(FchDataPtr);
557     }
558     
559     /**

________________________________________________________________________________________________________
*** CID 1254649:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 491 in ImcSleep()
485       )
486     {
487     	MODULE_ENTRY Dispatcher = NULL;
488     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
489     	((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
490     	return;
>>>     CID 1254649:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
491     	if (!module) return;
492     	Dispatcher = module->ModuleDispatcher;
493     	Dispatcher(FchDataPtr);
494     }
495     
496     /**

________________________________________________________________________________________________________
*** CID 1254645:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 575 in ImcWakeup()
569       )
570     {
571     	MODULE_ENTRY Dispatcher = NULL;
572     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
573     	((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
574     	return;
>>>     CID 1254645:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
575     	if (!module) return;
576     	Dispatcher = module->ModuleDispatcher;
577     	Dispatcher(FchDataPtr);
578     }
579     
580     /**

________________________________________________________________________________________________________
*** CID 1254648:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 470 in WaitForEcLDN9MailboxCmdAck()
464       )
465     {
466     	MODULE_ENTRY Dispatcher = NULL;
467     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
468     	StdHeader->Func = 0;
469     	return;
>>>     CID 1254648:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
470     	if (!module) return;
471     	Dispatcher = module->ModuleDispatcher;
472     	Dispatcher(StdHeader);
473     }
474     
475     /**

________________________________________________________________________________________________________
*** CID 1254651:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 400 in AmdIdsRunApTaskLate()
394       )
395     {
396     	MODULE_ENTRY Dispatcher = NULL;
397     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
398     	AmdApExeParams->StdHeader.Func = -1;
399     	return AGESA_UNSUPPORTED;
>>>     CID 1254651:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return AGESA...".
400     	if (!module) return AGESA_UNSUPPORTED;
401     	Dispatcher = module->ModuleDispatcher;
402     	return Dispatcher(AmdApExeParams);
403     }
404     
405     /**********************************************************************

________________________________________________________________________________________________________
*** CID 1254644:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 533 in ImcEnableSurebootTimer()
527       )
528     {
529     	MODULE_ENTRY Dispatcher = NULL;
530     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
531     	((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
532     	return;
>>>     CID 1254644:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
533     	if (!module) return;
534     	Dispatcher = module->ModuleDispatcher;
535     	Dispatcher(FchDataPtr);
536     }
537     
538     /**

________________________________________________________________________________________________________
*** CID 1254643:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 512 in SoftwareDisableImc()
506       )
507     {
508     	MODULE_ENTRY Dispatcher = NULL;
509     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
510     	((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
511     	return;
>>>     CID 1254643:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
512     	if (!module) return;
513     	Dispatcher = module->ModuleDispatcher;
514     	Dispatcher(FchDataPtr);
515     }
516     
517     /**

________________________________________________________________________________________________________
*** CID 1254647:  Structurally dead code  (UNREACHABLE)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 596 in ImcIdle()
590       )
591     {
592     	MODULE_ENTRY Dispatcher = NULL;
593     	const AMD_MODULE_HEADER* module = LocateModule(ModuleIdentifier);
594     	((FCH_DATA_BLOCK*)FchDataPtr)->StdHeader->Func = 0;
595     	return;
>>>     CID 1254647:  Structurally dead code  (UNREACHABLE)
>>>     This code cannot be reached: "if (!module)
  return;".
596     	if (!module) return;
597     	Dispatcher = module->ModuleDispatcher;
598     	Dispatcher(FchDataPtr);
599     }
600     
601     // TODO This has to be removed


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py






More information about the coreboot mailing list