[coreboot] New Defects reported by Coverity Scan for coreboot
Paul Menzel
paulepanter at users.sourceforge.net
Sun Sep 28 09:12:49 CEST 2014
Am Samstag, den 27.09.2014, 15:28 -0700 schrieb scan-admin at coverity.com:
> Hi,
>
>
> Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
>
> Defect(s) Reported-by: Coverity Scan
> Showing 20 of 253 defect(s)
>
>
> ** CID 1229561: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/nehalem/raminit.c: 656 in calculate_timings()
>
> ** CID 1229556: Bad bit shift operation (BAD_SHIFT)
> /src/mainboard/lenovo/x60/dock.c: 263 in dock_present()
>
> ** CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS)
> /src/console/vtxprintf.c: 204 in vtxprintf()
>
> ** CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> /src/device/device.c: 709 in avoid_fixed_resources()
> /src/device/device.c: 731 in avoid_fixed_resources()
>
> ** CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON)
> /src/lib/selfboot.c: 233 in build_self_segment_list()
> /src/lib/selfboot.c: 293 in build_self_segment_list()
>
> ** CID 1129164: Logically dead code (DEADCODE)
> /src/device/device.c: 650 in constrain_resources()
>
> ** CID 1129163: Logically dead code (DEADCODE)
> /src/device/device.c: 709 in avoid_fixed_resources()
> /src/device/device.c: 732 in avoid_fixed_resources()
>
> ** CID 1129161: Logically dead code (DEADCODE)
> /src/lib/ramtest.c: 130 in ram_bitset_nodie()
>
> ** CID 1129159: 'Constant' variable guards dead code (DEADCODE)
> /src/drivers/pc80/mc146818rtc.c: 110 in rtc_init()
>
> ** CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> /src/device/device.c: 649 in constrain_resources()
>
> ** CID 1229568: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/via/vx900/chrome9hd.c: 132 in chrome9hd_fb_size()
>
> ** CID 1229567: Bad bit shift operation (BAD_SHIFT)
> /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt()
> /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt()
> /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt()
> /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt()
> /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt()
> /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt()
>
> ** CID 1229566: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/i82830/raminit.c: 334 in set_dram_row_attributes()
>
> ** CID 1229565: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
>
> ** CID 1229563: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
>
> ** CID 1229564: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma()
> /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma()
> /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma()
> /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma()
>
> ** CID 1229562: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/nehalem/raminit.c: 1507 in program_total_memory_map()
>
> ** CID 1229560: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/i3100/raminit.c: 772 in set_receive_enable()
>
> ** CID 1229559: Bad bit shift operation (BAD_SHIFT)
> /src/mainboard/google/butterfly/chromeos.c: 120 in get_pch_gpio()
> /src/mainboard/google/butterfly/chromeos.c: 123 in get_pch_gpio()
>
> ** CID 1229558: Bad bit shift operation (BAD_SHIFT)
> /src/southbridge/sis/sis966/sis966.c: 79 in sis966_enable()
>
>
> ________________________________________________________________________________________________________
> *** CID 1229561: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/nehalem/raminit.c: 656 in calculate_timings()
> 650 min_cas_latency = CEIL_DIV(cas_latency_time, cycletime);
> 651 cas_latency = 0;
> 652 while (supported_cas_latencies) {
> 653 cas_latency = find_highest_bit_set(supported_cas_latencies) + 3;
> 654 if (cas_latency <= min_cas_latency)
> 655 break;
> >>> CID 1229561: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "1 << find_highest_bit_set(supported_cas_latencies)", shifting by a negative amount has undefined behavior. The shift amount, "find_highest_bit_set(supported_cas_latencies)", is -1.
> 656 supported_cas_latencies &=
> 657 ~(1 << find_highest_bit_set(supported_cas_latencies));
> 658 }
> 659
> 660 if (cas_latency != min_cas_latency && clock_speed_index)
> 661 clock_speed_index--;
>
> ________________________________________________________________________________________________________
> *** CID 1229556: Bad bit shift operation (BAD_SHIFT)
> /src/mainboard/lenovo/x60/dock.c: 263 in dock_present()
> 257
> 258 printk(BIOS_DEBUG, "%s finish\n", __func__);
> 259 }
> 260
> 261 int dock_present(void)
> 262 {
> >>> CID 1229556: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "inb(1164) >> 13", right shifting "inb(1164)" by more than 7 bits always yields zero. The shift amount is 13.
> 263 return !((inb(DEFAULT_GPIOBASE + 0x0c) >> 13) & 1);
> 264 }
> 265
> 266 int dock_ultrabay_device_present(void)
> 267 {
> 268 return inb(0x1621) & 0x02 ? 0 : 1;
>
> ________________________________________________________________________________________________________
> *** CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS)
> /src/console/vtxprintf.c: 204 in vtxprintf()
> 198
> 199 case 's':
> 200 s = va_arg(args, char *);
> 201 if (!s)
> 202 s = "<NULL>";
> 203
> >>> CID 1129133: Argument cannot be negative (NEGATIVE_RETURNS)
> >>> "precision" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
> 204 len = strnlen(s, precision);
> 205
> 206 if (!(flags & LEFT))
> 207 while (len < field_width--)
> 208 call_tx(' '), count++;
> 209 for (i = 0; i < len; ++i)
>
> ________________________________________________________________________________________________________
> *** CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> /src/device/device.c: 709 in avoid_fixed_resources()
> 703 /* Constrain the limits to dev's initial resources. */
> 704 for (res = dev->resource_list; res; res = res->next) {
> 705 if ((res->flags & IORESOURCE_FIXED))
> 706 continue;
> 707 printk(BIOS_SPEW, "%s:@%s %02lx limit %08llx\n", __func__,
> 708 dev_path(dev), res->index, res->limit);
> >>> CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> >>> "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false regardless of the values of its operands. This occurs as the logical first operand of '&&'.
> 709 if ((res->flags & MEM_MASK) == PREF_TYPE &&
> 710 (res->limit < limits.pref.limit))
> 711 limits.pref.limit = res->limit;
> 712 if ((res->flags & MEM_MASK) == MEM_TYPE &&
> 713 (res->limit < limits.mem.limit))
> 714 limits.mem.limit = res->limit;
> /src/device/device.c: 731 in avoid_fixed_resources()
> 725 struct resource *lim;
> 726
> 727 if ((res->flags & IORESOURCE_FIXED))
> 728 continue;
> 729
> 730 /* PREFETCH, MEM, or I/O - skip any others. */
> >>> CID 1129176: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> >>> "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false regardless of the values of its operands. This occurs as the logical operand of if.
> 731 if ((res->flags & MEM_MASK) == PREF_TYPE)
> 732 lim = &limits.pref;
> 733 else if ((res->flags & MEM_MASK) == MEM_TYPE)
> 734 lim = &limits.mem;
> 735 else if ((res->flags & IO_MASK) == IO_TYPE)
> 736 lim = &limits.io;
>
> ________________________________________________________________________________________________________
> *** CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON)
> /src/lib/selfboot.c: 233 in build_self_segment_list()
> 227
> 228 while(1) {
> 229 printk(BIOS_DEBUG, "Loading segment from rom address 0x%p\n", segment);
> 230 switch(segment->type) {
> 231 case PAYLOAD_SEGMENT_PARAMS:
> 232 printk(BIOS_DEBUG, " parameter section (skipped)\n");
> >>> CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON)
> >>> Using "segment" as an array. This might corrupt or misinterpret adjacent memory locations.
> 233 segment++;
> 234 continue;
> 235
> 236 case PAYLOAD_SEGMENT_CODE:
> 237 case PAYLOAD_SEGMENT_DATA:
> 238 printk(BIOS_DEBUG, " %s (compression=%x)\n",
> /src/lib/selfboot.c: 293 in build_self_segment_list()
> 287 */
> 288 printk(BIOS_EMERG, "Bad segment type %x\n", segment->type);
> 289 return -1;
> 290 }
> 291
> 292 /* We have found another CODE, DATA or BSS segment */
> >>> CID 1129184: Out-of-bounds access (ARRAY_VS_SINGLETON)
> >>> Using "segment" as an array. This might corrupt or misinterpret adjacent memory locations.
> 293 segment++;
> 294
> 295 /* Find place where to insert our segment */
> 296 for(ptr = head->next; ptr != head; ptr = ptr->next) {
> 297 if (new->s_srcaddr < ntohll(segment->load_addr))
> 298 break;
>
> ________________________________________________________________________________________________________
> *** CID 1129164: Logically dead code (DEADCODE)
> /src/device/device.c: 650 in constrain_resources()
> 644 "size=0!\n", dev_path(dev), res->index);
> 645 continue;
> 646 }
> 647
> 648 /* PREFETCH, MEM, or I/O - skip any others. */
> 649 if ((res->flags & MEM_MASK) == PREF_TYPE)
> >>> CID 1129164: Logically dead code (DEADCODE)
> >>> Execution cannot reach this statement: "lim = &limits->pref;".
> 650 lim = &limits->pref;
> 651 else if ((res->flags & MEM_MASK) == MEM_TYPE)
> 652 lim = &limits->mem;
> 653 else if ((res->flags & IO_MASK) == IO_TYPE)
> 654 lim = &limits->io;
> 655 else
>
> ________________________________________________________________________________________________________
> *** CID 1129163: Logically dead code (DEADCODE)
> /src/device/device.c: 709 in avoid_fixed_resources()
> 703 /* Constrain the limits to dev's initial resources. */
> 704 for (res = dev->resource_list; res; res = res->next) {
> 705 if ((res->flags & IORESOURCE_FIXED))
> 706 continue;
> 707 printk(BIOS_SPEW, "%s:@%s %02lx limit %08llx\n", __func__,
> 708 dev_path(dev), res->index, res->limit);
> >>> CID 1129163: Logically dead code (DEADCODE)
> >>> Execution cannot reach the expression "res->limit < limits.pref.limit" inside this statement: "if ((res->flags & 0x200UL) ...".
> 709 if ((res->flags & MEM_MASK) == PREF_TYPE &&
> 710 (res->limit < limits.pref.limit))
> 711 limits.pref.limit = res->limit;
> 712 if ((res->flags & MEM_MASK) == MEM_TYPE &&
> 713 (res->limit < limits.mem.limit))
> 714 limits.mem.limit = res->limit;
> /src/device/device.c: 732 in avoid_fixed_resources()
> 726
> 727 if ((res->flags & IORESOURCE_FIXED))
> 728 continue;
> 729
> 730 /* PREFETCH, MEM, or I/O - skip any others. */
> 731 if ((res->flags & MEM_MASK) == PREF_TYPE)
> >>> CID 1129163: Logically dead code (DEADCODE)
> >>> Execution cannot reach this statement: "lim = &limits.pref;".
> 732 lim = &limits.pref;
> 733 else if ((res->flags & MEM_MASK) == MEM_TYPE)
> 734 lim = &limits.mem;
> 735 else if ((res->flags & IO_MASK) == IO_TYPE)
> 736 lim = &limits.io;
> 737 else
>
> ________________________________________________________________________________________________________
> *** CID 1129161: Logically dead code (DEADCODE)
> /src/lib/ramtest.c: 130 in ram_bitset_nodie()
> 124 print_err_hex32(value2);
> 125 print_err(" FAIL\n");
> 126 #endif
> 127 }
> 128 if (verbose) {
> 129 #if !defined(__ROMCC__)
> >>> CID 1129161: Logically dead code (DEADCODE)
> >>> Execution cannot reach this statement: "if ((addr & 0xfUL) == 0UL)
> ...".
> 130 if ((addr & 0x0f) == 0)
> 131 printk(BIOS_DEBUG, "%08lx wr: %08lx rd:",
> 132 start + addr, value);
> 133 if (failed)
> 134 printk(BIOS_DEBUG, " %08lx!", value2);
> 135 else
>
> ________________________________________________________________________________________________________
> *** CID 1129159: 'Constant' variable guards dead code (DEADCODE)
> /src/drivers/pc80/mc146818rtc.c: 110 in rtc_init()
> 104 cmos_write(0, 0x05);
> 105 for(i = 10; i < 128; i++) {
> 106 cmos_write(0, i);
> 107 }
> 108 #endif
> 109 if (cmos_invalid) {
> >>> CID 1129159: 'Constant' variable guards dead code (DEADCODE)
> >>> Execution cannot reach this statement: "rtc_update_cmos_date(0);".
> 110 rtc_update_cmos_date(RTC_HAS_NO_ALTCENTURY);
> 111 }
> 112
> 113 printk(BIOS_WARNING, "RTC:%s%s%s%s\n",
> 114 invalid?" Clear requested":"",
> 115 cmos_invalid?" Power Problem":"",
>
> ________________________________________________________________________________________________________
> *** CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> /src/device/device.c: 649 in constrain_resources()
> 643 printk(BIOS_ERR, "skipping %s@%lx fixed resource, "
> 644 "size=0!\n", dev_path(dev), res->index);
> 645 continue;
> 646 }
> 647
> 648 /* PREFETCH, MEM, or I/O - skip any others. */
> >>> CID 1129177: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
> >>> "(res->flags & 512) == (4608UL /* 0x1000 | 0x200 */)" is always false regardless of the values of its operands. This occurs as the logical operand of if.
> 649 if ((res->flags & MEM_MASK) == PREF_TYPE)
> 650 lim = &limits->pref;
> 651 else if ((res->flags & MEM_MASK) == MEM_TYPE)
> 652 lim = &limits->mem;
> 653 else if ((res->flags & IO_MASK) == IO_TYPE)
> 654 lim = &limits->io;
>
> ________________________________________________________________________________________________________
> *** CID 1229568: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/via/vx900/chrome9hd.c: 132 in chrome9hd_fb_size()
> 126
> 127 /* Now round the framebuffer size to the closest power of 2 */
> 128 u8 fb_pow = 0;
> 129 while (size_mb >> fb_pow)
> 130 fb_pow++;
> 131 fb_pow--;
> >>> CID 1229568: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "1 << fb_pow", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow", is 255.
> 132 size_mb = (1 << fb_pow);
> 133 /* We store the framebuffer size in bytes, for simplicity */
> 134 fb_size = size_mb << 20;
> 135 return fb_size;
> 136 }
> 137
>
> ________________________________________________________________________________________________________
> *** CID 1229567: Bad bit shift operation (BAD_SHIFT)
> /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt()
> 105
> 106 /* fifo_on<<6 */
> 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6;
> 108
> 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
> 110 dsp_on = fifo_on>>dsp_precision;
> >>> CID 1229567: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "fifo_off >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967291.
> 111 dsp_off = fifo_off>>dsp_precision;
> 112
> 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) |
> 114 ((dsp_loop_latency & 0xf)<<16) |
> 115 ((dsp_precision & 7)<<20);
> 116 pll->dsp_on_off = (dsp_off & 0x7ff) | ((dsp_on & 0x7ff)<<16);
> /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt()
> 104 t_rcc = max(t_rp + t_ras, t_pfc + n);
> 105
> 106 /* fifo_on<<6 */
> 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6;
> 108
> 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
> >>> CID 1229567: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "fifo_on >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967291.
> 110 dsp_on = fifo_on>>dsp_precision;
> 111 dsp_off = fifo_off>>dsp_precision;
> 112
> 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) |
> 114 ((dsp_loop_latency & 0xf)<<16) |
> 115 ((dsp_precision & 7)<<20);
> /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt()
> 103
> 104 t_rcc = max(t_rp + t_ras, t_pfc + n);
> 105
> 106 /* fifo_on<<6 */
> 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6;
> 108
> >>> CID 1229567: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "xclks_per_row >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967291.
> 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
> 110 dsp_on = fifo_on>>dsp_precision;
> 111 dsp_off = fifo_off>>dsp_precision;
> 112
> 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) |
> 114 ((dsp_loop_latency & 0xf)<<16) |
> /src/drivers/ati/ragexl/mach64_ct.c: 111 in aty_dsp_gt()
> 105
> 106 /* fifo_on<<6 */
> 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6;
> 108
> 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
> 110 dsp_on = fifo_on>>dsp_precision;
> >>> CID 1229567: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "fifo_off >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967292.
> 111 dsp_off = fifo_off>>dsp_precision;
> 112
> 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) |
> 114 ((dsp_loop_latency & 0xf)<<16) |
> 115 ((dsp_precision & 7)<<20);
> 116 pll->dsp_on_off = (dsp_off & 0x7ff) | ((dsp_on & 0x7ff)<<16);
> /src/drivers/ati/ragexl/mach64_ct.c: 110 in aty_dsp_gt()
> 104 t_rcc = max(t_rp + t_ras, t_pfc + n);
> 105
> 106 /* fifo_on<<6 */
> 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6;
> 108
> 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
> >>> CID 1229567: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "fifo_on >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967292.
> 110 dsp_on = fifo_on>>dsp_precision;
> 111 dsp_off = fifo_off>>dsp_precision;
> 112
> 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) |
> 114 ((dsp_loop_latency & 0xf)<<16) |
> 115 ((dsp_precision & 7)<<20);
> /src/drivers/ati/ragexl/mach64_ct.c: 109 in aty_dsp_gt()
> 103
> 104 t_rcc = max(t_rp + t_ras, t_pfc + n);
> 105
> 106 /* fifo_on<<6 */
> 107 fifo_on = (2 * t_rcc + t_pfc + n - 1) << 6;
> 108
> >>> CID 1229567: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "xclks_per_row >> dsp_precision", right shifting by more than 31 bits has undefined behavior. The shift amount, "dsp_precision", is 4294967292.
> 109 dsp_xclks_per_row = xclks_per_row>>dsp_precision;
> 110 dsp_on = fifo_on>>dsp_precision;
> 111 dsp_off = fifo_off>>dsp_precision;
> 112
> 113 pll->dsp_config = (dsp_xclks_per_row & 0x3fff) |
> 114 ((dsp_loop_latency & 0xf)<<16) |
>
> ________________________________________________________________________________________________________
> *** CID 1229566: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/i82830/raminit.c: 334 in set_dram_row_attributes()
> 328 col = spd_read_byte(device, SPD_NUM_COLUMNS);
> 329
> 330 /* data width */
> 331 width = spd_read_byte(device, SPD_MODULE_DATA_WIDTH_LSB);
> 332
> 333 /* calculate page size in bits */
> >>> CID 1229566: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "1 << col", shifting by a negative amount has undefined behavior. The shift amount, "col", is -1.
> 334 value = ((1 << col) * width);
> 335
> 336 /* convert to Kilobytes */
> 337 dra = ((value / 8) >> 10);
> 338
> 339 /* # of banks of DIMM (single or double sided) */
>
> ________________________________________________________________________________________________________
> *** CID 1229565: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> 49 ~(ch ? 0 : CxDRC2_NOTPOP(0));
> 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT))
> 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/
> 52
> 53 /* Program rank boundaries (CxDRBy). */
> 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
> >>> CID 1229565: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.
> 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) =
> 56 CxDRBy_BOUND_MB(r, 128) |
> 57 CxDRBy_BOUND_MB(r+1, 128);
> 58 }
> 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */
> 60 MCHBAR32(DCC_MCHBAR) =
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> 49 ~(ch ? 0 : CxDRC2_NOTPOP(0));
> 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT))
> 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/
> 52
> 53 /* Program rank boundaries (CxDRBy). */
> 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
> >>> CID 1229565: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "4 << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.
> 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) =
> 56 CxDRBy_BOUND_MB(r, 128) |
> 57 CxDRBy_BOUND_MB(r+1, 128);
> 58 }
> 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */
> 60 MCHBAR32(DCC_MCHBAR) =
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> 49 ~(ch ? 0 : CxDRC2_NOTPOP(0));
> 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT))
> 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/
> 52
> 53 /* Program rank boundaries (CxDRBy). */
> 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
> >>> CID 1229565: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.
> 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) =
> 56 CxDRBy_BOUND_MB(r, 128) |
> 57 CxDRBy_BOUND_MB(r+1, 128);
> 58 }
> 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */
> 60 MCHBAR32(DCC_MCHBAR) =
> /src/northbridge/intel/gm45/early_reset.c: 55 in gm45_early_reset()
> 49 ~(ch ? 0 : CxDRC2_NOTPOP(0));
> 50 /*if (timings && (timings->mem_clock == MEM_CLOCK_1067MT))
> 51 MCHBAR32(CxDRC2_MCHBAR(ch)) |= CxDRC2_CLK1067MT;*/
> 52
> 53 /* Program rank boundaries (CxDRBy). */
> 54 for (r = 0; r < RANKS_PER_CHANNEL; r += 2)
> >>> CID 1229565: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "4 << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.
> 55 MCHBAR32(CxDRBy_MCHBAR(ch, r)) =
> 56 CxDRBy_BOUND_MB(r, 128) |
> 57 CxDRBy_BOUND_MB(r+1, 128);
> 58 }
> 59 /* Set DCC mode to no operation and do magic 0xf0 thing. */
> 60 MCHBAR32(DCC_MCHBAR) =
>
> ________________________________________________________________________________________________________
> *** CID 1229563: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> 1187 }
> 1188 reg |= CxDRBy_BOUND_MB(r, base);
> 1189 IF_RANK_POPULATED(dimms, ch, r+1) {
> 1190 base += rank_capacity_mb;
> 1191 total_mb[ch] += rank_capacity_mb;
> 1192 }
> >>> CID 1229563: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "(base >> 5) << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.
> 1193 reg |= CxDRBy_BOUND_MB(r+1, base);
> 1194
> 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg;
> 1196 }
> 1197 }
> 1198
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> 1187 }
> 1188 reg |= CxDRBy_BOUND_MB(r, base);
> 1189 IF_RANK_POPULATED(dimms, ch, r+1) {
> 1190 base += rank_capacity_mb;
> 1191 total_mb[ch] += rank_capacity_mb;
> 1192 }
> >>> CID 1229563: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is 48.
> 1193 reg |= CxDRBy_BOUND_MB(r+1, base);
> 1194
> 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg;
> 1196 }
> 1197 }
> 1198
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> 1187 }
> 1188 reg |= CxDRBy_BOUND_MB(r, base);
> 1189 IF_RANK_POPULATED(dimms, ch, r+1) {
> 1190 base += rank_capacity_mb;
> 1191 total_mb[ch] += rank_capacity_mb;
> 1192 }
> >>> CID 1229563: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "(base >> 5) << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.
> 1193 reg |= CxDRBy_BOUND_MB(r+1, base);
> 1194
> 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg;
> 1196 }
> 1197 }
> 1198
> /src/northbridge/intel/gm45/raminit.c: 1193 in program_memory_map()
> 1187 }
> 1188 reg |= CxDRBy_BOUND_MB(r, base);
> 1189 IF_RANK_POPULATED(dimms, ch, r+1) {
> 1190 base += rank_capacity_mb;
> 1191 total_mb[ch] += rank_capacity_mb;
> 1192 }
> >>> CID 1229563: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0x1fc << (r + 1) * 16", left shifting by more than 31 bits has undefined behavior. The shift amount, "(r + 1) * 16", is as much as 48.
> 1193 reg |= CxDRBy_BOUND_MB(r+1, base);
> 1194
> 1195 MCHBAR32(CxDRBy_MCHBAR(ch, r)) = reg;
> 1196 }
> 1197 }
> 1198
>
> ________________________________________________________________________________________________________
> *** CID 1229564: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma()
> 232
> 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL)
> 234 * The size we set here affects the behavior of BAR2, and the amount of
> 235 * MMIO space it requests. The default is 512MB, so if we don't set this
> 236 * before reading the resources, we could waste space below 4G */
> 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7)));
> >>> CID 1229564: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0xff << fb_pow - 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow - 1", is 254.
> 238 vga_sr_write(0x68, (0xff << (fb_pow - 1)));
> 239 /* And also that the framebuffer is in the system, RAM */
> 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0);
> 241 }
> 242
> 243 /**
> /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma()
> 231 pci_mod_config8(mcu, 0xa1, 7 << 4, (fb_pow - 2) << 4);
> 232
> 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL)
> 234 * The size we set here affects the behavior of BAR2, and the amount of
> 235 * MMIO space it requests. The default is 512MB, so if we don't set this
> 236 * before reading the resources, we could waste space below 4G */
> >>> CID 1229564: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0xff << fb_pow - 2", left shifting by more than 31 bits has undefined behavior. The shift amount, "fb_pow - 2", is 253.
> 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7)));
> 238 vga_sr_write(0x68, (0xff << (fb_pow - 1)));
> 239 /* And also that the framebuffer is in the system, RAM */
> 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0);
> 241 }
> 242
> /src/northbridge/via/vx900/chrome9hd.c: 238 in chrome9hd_handle_uma()
> 232
> 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL)
> 234 * The size we set here affects the behavior of BAR2, and the amount of
> 235 * MMIO space it requests. The default is 512MB, so if we don't set this
> 236 * before reading the resources, we could waste space below 4G */
> 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7)));
> >>> CID 1229564: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0xff << fb_pow - 1", shifting by a negative amount has undefined behavior. The shift amount, "fb_pow - 1", is -1.
> 238 vga_sr_write(0x68, (0xff << (fb_pow - 1)));
> 239 /* And also that the framebuffer is in the system, RAM */
> 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0);
> 241 }
> 242
> 243 /**
> /src/northbridge/via/vx900/chrome9hd.c: 237 in chrome9hd_handle_uma()
> 231 pci_mod_config8(mcu, 0xa1, 7 << 4, (fb_pow - 2) << 4);
> 232
> 233 /* Step 7 - Let GFX know the framebuffer size (through PCI and IOCTL)
> 234 * The size we set here affects the behavior of BAR2, and the amount of
> 235 * MMIO space it requests. The default is 512MB, so if we don't set this
> 236 * before reading the resources, we could waste space below 4G */
> >>> CID 1229564: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "0xff << fb_pow - 2", shifting by a negative amount has undefined behavior. The shift amount, "fb_pow - 2", is -2.
> 237 pci_write_config8(dev, 0xb2, ((0xff << (fb_pow - 2)) & ~(1 << 7)));
> 238 vga_sr_write(0x68, (0xff << (fb_pow - 1)));
> 239 /* And also that the framebuffer is in the system, RAM */
> 240 pci_mod_config8(dev, 0xb0, 0, 1 << 0);
> 241 }
> 242
>
> ________________________________________________________________________________________________________
> *** CID 1229562: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/nehalem/raminit.c: 1507 in program_total_memory_map()
> 1501
> 1502 {
> 1503 u32 t;
> 1504
> 1505 gav(t = pcie_read_config32(PCI_DEV(QUICKPATH_BUS, 0, 1), 0x68));
> 1506 if (t & 0x800)
> >>> CID 1229562: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "1 << find_lowest_bit_set32(t >> 20)", shifting by a negative amount has undefined behavior. The shift amount, "find_lowest_bit_set32(t >> 20)", is -1.
> 1507 quickpath_reserved =
> 1508 (1 << find_lowest_bit_set32(t >> 20));
> 1509 }
> 1510 if (memory_remap)
> 1511 TOUUD -= quickpath_reserved;
> 1512
>
> ________________________________________________________________________________________________________
> *** CID 1229560: Bad bit shift operation (BAD_SHIFT)
> /src/northbridge/intel/i3100/raminit.c: 772 in set_receive_enable()
> 766 work32h = dcal_data32_2;
> 767 cnt = 32;
> 768 }
> 769 if(!bit) break;
> 770 }
> 771 for(;;bit--,cnt--) {
> >>> CID 1229560: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "1 << cnt", left shifting by more than 31 bits has undefined behavior. The shift amount, "cnt", is 32.
> 772 if(!(work32l & (1<<cnt)))
> 773 break;
> 774 if(!cnt) {
> 775 work32l = dcal_data32_0;
> 776 work32h = dcal_data32_2;
> 777 cnt = 32;
>
> ________________________________________________________________________________________________________
> *** CID 1229559: Bad bit shift operation (BAD_SHIFT)
> /src/mainboard/google/butterfly/chromeos.c: 120 in get_pch_gpio()
> 114
> 115 if (gpio_num > 64){
> 116 u32 gp_lvl3 = inl(gpio_base + GP_LVL3);
> 117 retval = ((gp_lvl3 >> (gpio_num - 64)) & 1);
> 118 } else if (gpio_num > 32){
> 119 u32 gp_lvl2 = inl(gpio_base + GP_LVL2);
> >>> CID 1229559: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "gp_lvl2 >> gpio_num - 32", right shifting by more than 31 bits has undefined behavior. The shift amount, "gpio_num - 32", is as much as 32.
> 120 retval = ((gp_lvl2 >> (gpio_num - 32)) & 1);
> 121 } else {
> 122 u32 gp_lvl = inl(gpio_base + GP_LVL);
> 123 retval = ((gp_lvl >> gpio_num) & 1);
> 124 }
> 125
> /src/mainboard/google/butterfly/chromeos.c: 123 in get_pch_gpio()
> 117 retval = ((gp_lvl3 >> (gpio_num - 64)) & 1);
> 118 } else if (gpio_num > 32){
> 119 u32 gp_lvl2 = inl(gpio_base + GP_LVL2);
> 120 retval = ((gp_lvl2 >> (gpio_num - 32)) & 1);
> 121 } else {
> 122 u32 gp_lvl = inl(gpio_base + GP_LVL);
> >>> CID 1229559: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "gp_lvl >> gpio_num", right shifting by more than 31 bits has undefined behavior. The shift amount, "gpio_num", is as much as 32.
> 123 retval = ((gp_lvl >> gpio_num) & 1);
> 124 }
> 125
> 126 return retval;
> 127 }
> 128
>
> ________________________________________________________________________________________________________
> *** CID 1229558: Bad bit shift operation (BAD_SHIFT)
> /src/southbridge/sis/sis966/sis966.c: 79 in sis966_enable()
> 73 struct southbridge_sis_sis966_config *conf;
> 74 conf = dev->chip_info;
> 75 int i;
> 76
> 77 if(dev->device==0x0000) {
> 78 vendorid = pci_read_config32(dev, PCI_VENDOR_ID);
> >>> CID 1229558: Bad bit shift operation (BAD_SHIFT)
> >>> In expression "vendorid >> 16", right shifting "vendorid" by more than 15 bits always yields zero. The shift amount is 16.
> 79 deviceid = (vendorid>>16) & 0xffff;
> 80 // vendorid &= 0xffff;
> 81 } else {
> 82 // vendorid = dev->vendor;
> 83 deviceid = dev->device;
> 84 }
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
>
> To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20140928/ac5dc3d5/attachment-0001.asc>
More information about the coreboot
mailing list