[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Wed Feb 4 20:10:09 CET 2015
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
11 new defect(s) introduced to coreboot found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1268177: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/cpu/x86/car.c: 137 in do_car_migrate_hooks()
** CID 1268176: Unchecked return value (CHECKED_RETURN)
/src/lib/hardwaremain.c: 470 in main()
** CID 1268175: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 215 in pstates_algorithm()
** CID 1268174: Same on both sides (CONSTANT_EXPRESSION_RESULT)
/src/mainboard/asus/kfsn4-dre/romstage.c: 234 in cache_as_ram_main()
** CID 1268173: Out-of-bounds read (OVERRUN)
/src/northbridge/intel/i440bx/raminit.c: 612 in spd_enable_refresh()
** CID 1268172: Out-of-bounds access (OVERRUN)
/src/northbridge/intel/e7505/debug.c: 99 in dump_spd_registers()
/src/northbridge/intel/e7505/debug.c: 117 in dump_spd_registers()
** CID 1268171: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 82 in pstates_algorithm()
** CID 1268170: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 215 in pstates_algorithm()
** CID 1268169: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 83 in pstates_algorithm()
** CID 1268168: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 208 in pstates_algorithm()
** CID 1268167: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 81 in pstates_algorithm()
________________________________________________________________________________________________________
*** CID 1268177: Out-of-bounds access (ARRAY_VS_SINGLETON)
/src/cpu/x86/car.c: 137 in do_car_migrate_hooks()
131 {
132 car_migration_func_t *migrate_func;
133 /* Call all the migration functions. */
134 migrate_func = &_car_migrate_start;
135 while (*migrate_func != NULL) {
136 (*migrate_func)();
>>> CID 1268177: Out-of-bounds access (ARRAY_VS_SINGLETON)
>>> Using "migrate_func" as an array. This might corrupt or misinterpret adjacent memory locations.
137 migrate_func++;
138 }
139 }
140
141 void car_migrate_variables(void)
142 {
________________________________________________________________________________________________________
*** CID 1268176: Unchecked return value (CHECKED_RETURN)
/src/lib/hardwaremain.c: 470 in main()
464 coreboot_version, coreboot_extra_version, coreboot_build);
465
466 post_code(POST_CONSOLE_BOOT_MSG);
467
468 /* Handoff sleep type from romstage. */
469 #if CONFIG_HAVE_ACPI_RESUME
>>> CID 1268176: Unchecked return value (CHECKED_RETURN)
>>> Calling "acpi_is_wakeup" without checking return value (as is done elsewhere 4 out of 5 times).
470 acpi_is_wakeup();
471 #endif
472
473 exception_init();
474 threads_initialize();
475
________________________________________________________________________________________________________
*** CID 1268175: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 215 in pstates_algorithm()
209
210 /* Calculate transition latency */
211 dtemp = pci_read_config32(dev_find_slot(0, PCI_DEVFN(0x18, 3)), 0xD4);
212 power_step_up = (dtemp & 0xf000000) >> 24;
213 power_step_down = (dtemp & 0xf00000) >> 20;
214 dtemp = pci_read_config32(dev_find_slot(0, PCI_DEVFN(0x18, 3)), 0xA0);
>>> CID 1268175: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
>>> "pll_lock_time & 0x3800" is always 0 regardless of the values of its operands. This occurs as a value.
215 pll_lock_time = (pll_lock_time & 0x3800) >> 11;
216 if (all_enabled_cores_have_same_cpufid)
217 core_latency = ((12 * power_step_down) + power_step_up) / 1000;
218 else
219 core_latency = (12 * (power_step_down + power_step_up) / 1000)
220 + pll_lock_time;
________________________________________________________________________________________________________
*** CID 1268174: Same on both sides (CONSTANT_EXPRESSION_RESULT)
/src/mainboard/asus/kfsn4-dre/romstage.c: 234 in cache_as_ram_main()
228
229 post_code(0x32);
230
231 winbond_enable_serial(SERIAL_DEV, CONFIG_TTYS0_BASE);
232 console_init();
233
>>> CID 1268174: Same on both sides (CONSTANT_EXPRESSION_RESULT)
>>> "2 != 2" is always false regardless of the values of its operands because those operands are identical. This occurs as the logical operand of if.
234 if (CONFIG_MAX_PHYSICAL_CPUS != 2)
235 printk(BIOS_WARNING, "CONFIG_MAX_PHYSICAL_CPUS is %d, but this is a dual socket board!\n", CONFIG_MAX_PHYSICAL_CPUS);
236
237 /* Halt if there was a built in self test failure */
238 report_bist_failure(bist);
239
________________________________________________________________________________________________________
*** CID 1268173: Out-of-bounds read (OVERRUN)
/src/northbridge/intel/i440bx/raminit.c: 612 in spd_enable_refresh()
606 reg = pci_read_config8(NB, DRAMC);
607
608 for (i = 0; i < DIMM_SOCKETS; i++) {
609 value = spd_read_byte(DIMM0 + i, SPD_REFRESH);
610 if (value < 0)
611 continue;
>>> CID 1268173: Out-of-bounds read (OVERRUN)
>>> Overrunning array "refresh_rate_map" of 6 4-byte elements at element index 127 (byte offset 508) using index "value & 0x7f" (which evaluates to 127).
612 reg = (reg & 0xf8) | refresh_rate_map[(value & 0x7f)];
613
614 PRINT_DEBUG(" Enabling refresh (DRAMC = 0x%02x) for DIMM %02x\n", reg, i);
615 }
616
617 pci_write_config8(NB, DRAMC, reg);
________________________________________________________________________________________________________
*** CID 1268172: Out-of-bounds access (OVERRUN)
/src/northbridge/intel/e7505/debug.c: 99 in dump_spd_registers()
93 for(i = 0; i < 4; i++) {
94 unsigned device;
95 device = ctrl->channel0[i];
96 if (device) {
97 int j;
98 printk(BIOS_DEBUG, "dimm: %02x.0: %02x", i, device);
>>> CID 1268172: Out-of-bounds access (OVERRUN)
>>> Checking "j < 128" implies that "j" has the value which may be up to 127 on the true branch.
99 for(j = 0; j < 128; j++) {
100 int status;
101 unsigned char byte;
102 if ((j & 0xf) == 0)
103 printk(BIOS_DEBUG, "\n%02x: ", j);
104 status = spd_read_byte(device, j);
/src/northbridge/intel/e7505/debug.c: 117 in dump_spd_registers()
111 printk(BIOS_DEBUG, "\n");
112 }
113 device = ctrl->channel1[i];
114 if (device) {
115 int j;
116 printk(BIOS_DEBUG, "dimm: %02x.1: %02x", i, device);
>>> CID 1268172: Out-of-bounds access (OVERRUN)
>>> Checking "j < 128" implies that "j" has the value which may be up to 127 on the true branch.
117 for(j = 0; j < 128; j++) {
118 int status;
119 unsigned char byte;
120 if ((j & 0xf) == 0)
121 printk(BIOS_DEBUG, "\n%02x: ", j);
122 status = spd_read_byte(device, j);
________________________________________________________________________________________________________
*** CID 1268171: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 82 in pstates_algorithm()
76 u32 *v;
77 struct cpuid_result cpuid1;
78
79 u16 Pstate_feq[10];
80 u32 Pstate_power[10];
81 u32 Pstate_latency[10];
>>> CID 1268171: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "Pstate_control" without initializer.
82 u32 Pstate_control[10];
83 u32 Pstate_status[10];
84 u8 Pstate_num;
85 u8 cmp_cap;
86 u8 index;
87 msr_t msr;
________________________________________________________________________________________________________
*** CID 1268170: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 215 in pstates_algorithm()
209
210 /* Calculate transition latency */
211 dtemp = pci_read_config32(dev_find_slot(0, PCI_DEVFN(0x18, 3)), 0xD4);
212 power_step_up = (dtemp & 0xf000000) >> 24;
213 power_step_down = (dtemp & 0xf00000) >> 20;
214 dtemp = pci_read_config32(dev_find_slot(0, PCI_DEVFN(0x18, 3)), 0xA0);
>>> CID 1268170: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "pll_lock_time".
215 pll_lock_time = (pll_lock_time & 0x3800) >> 11;
216 if (all_enabled_cores_have_same_cpufid)
217 core_latency = ((12 * power_step_down) + power_step_up) / 1000;
218 else
219 core_latency = (12 * (power_step_down + power_step_up) / 1000)
220 + pll_lock_time;
________________________________________________________________________________________________________
*** CID 1268169: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 83 in pstates_algorithm()
77 struct cpuid_result cpuid1;
78
79 u16 Pstate_feq[10];
80 u32 Pstate_power[10];
81 u32 Pstate_latency[10];
82 u32 Pstate_control[10];
>>> CID 1268169: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "Pstate_status" without initializer.
83 u32 Pstate_status[10];
84 u8 Pstate_num;
85 u8 cmp_cap;
86 u8 index;
87 msr_t msr;
88
________________________________________________________________________________________________________
*** CID 1268168: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 208 in pstates_algorithm()
202 expanded_cpuidv = 100;
203 break;
204 case 0x3:
205 expanded_cpuidv = 1000;
206 break;
207 }
>>> CID 1268168: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "expanded_cpuidv".
208 core_power = (core_voltage * cpuidd) / (expanded_cpuidv * 10);
209
210 /* Calculate transition latency */
211 dtemp = pci_read_config32(dev_find_slot(0, PCI_DEVFN(0x18, 3)), 0xD4);
212 power_step_up = (dtemp & 0xf000000) >> 24;
213 power_step_down = (dtemp & 0xf00000) >> 20;
________________________________________________________________________________________________________
*** CID 1268167: Uninitialized scalar variable (UNINIT)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 81 in pstates_algorithm()
75 u8 processor_brand[49];
76 u32 *v;
77 struct cpuid_result cpuid1;
78
79 u16 Pstate_feq[10];
80 u32 Pstate_power[10];
>>> CID 1268167: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "Pstate_latency" without initializer.
81 u32 Pstate_latency[10];
82 u32 Pstate_control[10];
83 u32 Pstate_status[10];
84 u8 Pstate_num;
85 u8 cmp_cap;
86 u8 index;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/1016?tab=overview
To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=8ddd1fe26945626880b796e94d465567 .
More information about the coreboot
mailing list