[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Mon Nov 24 19:58:58 CET 2014
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
5 new defect(s) introduced to coreboot found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in ConfigureDefaultUpdData()
** CID 1255945: Dereference null return value (NULL_RETURNS)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
** CID 1255944: Dereference null return value (NULL_RETURNS)
/src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
** CID 1255943: Dereference null return value (NULL_RETURNS)
/src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
** CID 1255942: Unused value (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_()
________________________________________________________________________________________________________
*** CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/soc/intel/fsp_baytrail/fsp/chipset_fsp_util.c: 155 in ConfigureDefaultUpdData()
149 case MIPI_DEV_FUNC: /* Camera / Image Signal Processing */
150 if (FspInfo->ImageRevision >= FSP_GOLD3_REV_ID) {
151 UpdData->ISPEnable = dev->enabled;
152 } else {
153 /* Gold2 and earlier FSP: ISPEnable is the filed */
154 /* next to PcdGttSize in UPD_DATA_REGION struct */
>>> CID 1255946: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Using "&UpdData->PcdGttSize" as an array. This might corrupt or misinterpret adjacent memory locations.
155 *(&(UpdData->PcdGttSize)+sizeof(UINT8)) = dev->enabled;
156 printk (BIOS_DEBUG,
157 "Baytrail Gold2 or earlier FSP, adjust ISPEnable offset.\n");
158 }
159 printk(BIOS_DEBUG, "MIPI/ISP:\t\t%s\n",
160 UpdData->PcdEnableSdio?"Enabled":"Disabled");
________________________________________________________________________________________________________
*** CID 1255945: Dereference null return value (NULL_RETURNS)
/coreboot-builds/amd_olivehillplus/agesa/AGESA.c: 98 in LocateModule()
92 file = cbfs_get_file(&media, (const char*)CONFIG_CBFS_AGESA_NAME);
93 if (!file) return NULL;
94 agesa = cbfs_get_file_content(&media, (const char*)CONFIG_CBFS_AGESA_NAME, ntohl(file->type), &file_size);
95 if (!agesa) return NULL;
96
97 image = LibAmdLocateImage(agesa, agesa + ntohl(file->len) - 1, 4096, name);
>>> CID 1255945: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "image".
98 module = (AMD_MODULE_HEADER*)image->ModuleInfoOffset;
99
100 return module;
101 }
102
103 /**********************************************************************
________________________________________________________________________________________________________
*** CID 1255944: Dereference null return value (NULL_RETURNS)
/src/northbridge/amd/pi/00730F01/dimmSpd.c: 37 in AmdMemoryReadSPD()
31 #define DIMENSION(array)(sizeof (array)/ sizeof (array [0]))
32
33 AGESA_STATUS AmdMemoryReadSPD (UINT32 unused1, UINT32 unused2, AGESA_READ_SPD_PARAMS *info)
34 {
35 int spdAddress;
36 ROMSTAGE_CONST struct device *dev = dev_find_slot(0, PCI_DEVFN(0x18, 2));
>>> CID 1255944: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "dev".
37 ROMSTAGE_CONST struct northbridge_amd_pi_00730F01_config *config = dev->chip_info;
38
39 if ((dev == 0) || (config == 0))
40 return AGESA_ERROR;
41
42 if (info->SocketId >= DIMENSION(config->spdAddrLookup ))
________________________________________________________________________________________________________
*** CID 1255943: Dereference null return value (NULL_RETURNS)
/src/cpu/amd/pi/s3_resume.c: 164 in move_stack_high_mem()
158
159 static void move_stack_high_mem(void)
160 {
161 void *high_stack;
162
163 high_stack = cbmem_find(CBMEM_ID_RESUME_SCRATCH);
>>> CID 1255943: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "high_stack" when calling "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
164 memcpy(high_stack, (void *)BSP_STACK_BASE_ADDR,
165 (CONFIG_HIGH_SCRATCH_MEMORY_SIZE - BIOS_HEAP_SIZE));
166
167 __asm__
168 volatile ("add %0, %%esp; add %0, %%ebp; invd"::"g"
169 (high_stack - BSP_STACK_BASE_ADDR)
________________________________________________________________________________________________________
*** CID 1255942: Unused value (UNUSED_VALUE)
/src/drivers/usb/ehci_debug.c: 573 in usbdebug_init_()
567
568 dbgp_mdelay(100);
569
570 ret = dbgp_probe_gadget(info->ehci_debug, &info->ep_pipe[0]);
571 if (ret < 0) {
572 dprintk(BIOS_INFO, "Could not probe gadget on debug port.\n");
>>> CID 1255942: Unused value (UNUSED_VALUE)
>>> Value "-6" is assigned to "ret" here, but that stored value is not used before it is overwritten.
573 ret = -6;
574 goto err;
575 }
576
577 return 0;
578 err:
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
More information about the coreboot
mailing list