[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Fri Oct 9 19:13:40 CEST 2015


Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

250 new defect(s) introduced to coreboot found with Coverity Scan.
42 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 250 defect(s)


** CID 1325829:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 148 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 151 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 166 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 167 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 171 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 173 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 177 in htif_interrupt()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 179 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 148 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 151 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 166 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 167 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 171 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 173 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 177 in htif_interrupt()
/src/mainboard/emulation/spike-riscv/spike_util.c: 179 in htif_interrupt()


________________________________________________________________________________________________________
*** CID 1325829:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 148 in htif_interrupt()
142     	return 0;
143     
144     	uintptr_t dev = FROMHOST_DEV(fromhost);
145     	uintptr_t cmd = FROMHOST_CMD(fromhost);
146     	uintptr_t data = FROMHOST_DATA(fromhost);
147     
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
148     	sbi_device_message* m = HLS()->device_request_queue_head;
149     	sbi_device_message* prev = 0x0;
150     	unsigned long i, n;
151     	for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152     		/*
153     		if (!supervisor_paddr_valid(m, sizeof(*m))
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 151 in htif_interrupt()
145     	uintptr_t cmd = FROMHOST_CMD(fromhost);
146     	uintptr_t data = FROMHOST_DATA(fromhost);
147     
148     	sbi_device_message* m = HLS()->device_request_queue_head;
149     	sbi_device_message* prev = 0x0;
150     	unsigned long i, n;
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
151     	for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152     		/*
153     		if (!supervisor_paddr_valid(m, sizeof(*m))
154     		&& EXTRACT_FIELD(read_csr(mstatus), MSTATUS_PRV1) != PRV_M)
155     		panic("htif: page fault");
156     		*/
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 166 in htif_interrupt()
160     			m->data = data;
161     
162     			// dequeue from request queue
163     			if (prev)
164     			prev->sbi_private_data = (uintptr_t)next;
165     			else
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
166     			HLS()->device_request_queue_head = next;
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
171     			if (HLS()->device_response_queue_tail)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 167 in htif_interrupt()
161     
162     			// dequeue from request queue
163     			if (prev)
164     			prev->sbi_private_data = (uintptr_t)next;
165     			else
166     			HLS()->device_request_queue_head = next;
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
171     			if (HLS()->device_response_queue_tail)
172     			{
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 171 in htif_interrupt()
165     			else
166     			HLS()->device_request_queue_head = next;
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
171     			if (HLS()->device_response_queue_tail)
172     			{
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 173 in htif_interrupt()
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
171     			if (HLS()->device_response_queue_tail)
172     			{
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
177     				HLS()->device_response_queue_head = m;
178     			}
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 177 in htif_interrupt()
171     			if (HLS()->device_response_queue_tail)
172     			{
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
177     				HLS()->device_response_queue_head = m;
178     			}
179     			HLS()->device_response_queue_tail = m;
180     
181     			// signal software interrupt
182     			set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 179 in htif_interrupt()
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
177     				HLS()->device_response_queue_head = m;
178     			}
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
179     			HLS()->device_response_queue_tail = m;
180     
181     			// signal software interrupt
182     			set_csr(mip, MIP_SSIP);
183     			return 0;
184     		}
/src/mainboard/emulation/spike-riscv/spike_util.c: 148 in htif_interrupt()
142     	return 0;
143     
144     	uintptr_t dev = FROMHOST_DEV(fromhost);
145     	uintptr_t cmd = FROMHOST_CMD(fromhost);
146     	uintptr_t data = FROMHOST_DATA(fromhost);
147     
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
148     	sbi_device_message* m = HLS()->device_request_queue_head;
149     	sbi_device_message* prev = 0x0;
150     	unsigned long i, n;
151     	for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152     		/*
153     		if (!supervisor_paddr_valid(m, sizeof(*m))
/src/mainboard/emulation/spike-riscv/spike_util.c: 151 in htif_interrupt()
145     	uintptr_t cmd = FROMHOST_CMD(fromhost);
146     	uintptr_t data = FROMHOST_DATA(fromhost);
147     
148     	sbi_device_message* m = HLS()->device_request_queue_head;
149     	sbi_device_message* prev = 0x0;
150     	unsigned long i, n;
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
151     	for (i = 0, n = HLS()->device_request_queue_size; i < n; i++) {
152     		/*
153     		if (!supervisor_paddr_valid(m, sizeof(*m))
154     		&& EXTRACT_FIELD(read_csr(mstatus), MSTATUS_PRV1) != PRV_M)
155     		panic("htif: page fault");
156     		*/
/src/mainboard/emulation/spike-riscv/spike_util.c: 166 in htif_interrupt()
160     			m->data = data;
161     
162     			// dequeue from request queue
163     			if (prev)
164     			prev->sbi_private_data = (uintptr_t)next;
165     			else
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
166     			HLS()->device_request_queue_head = next;
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
171     			if (HLS()->device_response_queue_tail)
/src/mainboard/emulation/spike-riscv/spike_util.c: 167 in htif_interrupt()
161     
162     			// dequeue from request queue
163     			if (prev)
164     			prev->sbi_private_data = (uintptr_t)next;
165     			else
166     			HLS()->device_request_queue_head = next;
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
171     			if (HLS()->device_response_queue_tail)
172     			{
/src/mainboard/emulation/spike-riscv/spike_util.c: 171 in htif_interrupt()
165     			else
166     			HLS()->device_request_queue_head = next;
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
171     			if (HLS()->device_response_queue_tail)
172     			{
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
/src/mainboard/emulation/spike-riscv/spike_util.c: 173 in htif_interrupt()
167     			HLS()->device_request_queue_size = n-1;
168     			m->sbi_private_data = 0;
169     
170     			// enqueue to response queue
171     			if (HLS()->device_response_queue_tail)
172     			{
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
177     				HLS()->device_response_queue_head = m;
178     			}
/src/mainboard/emulation/spike-riscv/spike_util.c: 177 in htif_interrupt()
171     			if (HLS()->device_response_queue_tail)
172     			{
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
177     				HLS()->device_response_queue_head = m;
178     			}
179     			HLS()->device_response_queue_tail = m;
180     
181     			// signal software interrupt
182     			set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/spike-riscv/spike_util.c: 179 in htif_interrupt()
173     				HLS()->device_response_queue_tail->sbi_private_data = (uintptr_t)m;
174     			}
175     			else
176     			{
177     				HLS()->device_response_queue_head = m;
178     			}
>>>     CID 1325829:    (UNINIT)
>>>     Using uninitialized value "sp".
179     			HLS()->device_response_queue_tail = m;
180     
181     			// signal software interrupt
182     			set_csr(mip, MIP_SSIP);
183     			return 0;
184     		}

** CID 1325828:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 111 in mcall_dev_resp()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 115 in mcall_dev_resp()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 117 in mcall_dev_resp()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 122 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 111 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 115 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 117 in mcall_dev_resp()
/src/mainboard/emulation/spike-riscv/spike_util.c: 122 in mcall_dev_resp()


________________________________________________________________________________________________________
*** CID 1325828:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 111 in mcall_dev_resp()
105     }
106     
107     uintptr_t mcall_dev_resp(void)
108     {
109     	htif_interrupt(0, 0);
110     
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
111     	sbi_device_message* m = HLS()->device_response_queue_head;
112     	if (m) {
113     		//printm("resp %p\n", m);
114     		sbi_device_message* next = (void*)atomic_read(&m->sbi_private_data);
115     		HLS()->device_response_queue_head = next;
116     		if (!next) {
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 115 in mcall_dev_resp()
109     	htif_interrupt(0, 0);
110     
111     	sbi_device_message* m = HLS()->device_response_queue_head;
112     	if (m) {
113     		//printm("resp %p\n", m);
114     		sbi_device_message* next = (void*)atomic_read(&m->sbi_private_data);
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
115     		HLS()->device_response_queue_head = next;
116     		if (!next) {
117     			HLS()->device_response_queue_tail = 0;
118     
119     			// only clear SSIP if no other events are pending
120     			clear_csr(mip, MIP_SSIP);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 117 in mcall_dev_resp()
111     	sbi_device_message* m = HLS()->device_response_queue_head;
112     	if (m) {
113     		//printm("resp %p\n", m);
114     		sbi_device_message* next = (void*)atomic_read(&m->sbi_private_data);
115     		HLS()->device_response_queue_head = next;
116     		if (!next) {
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
117     			HLS()->device_response_queue_tail = 0;
118     
119     			// only clear SSIP if no other events are pending
120     			clear_csr(mip, MIP_SSIP);
121     			mb();
122     			if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 122 in mcall_dev_resp()
116     		if (!next) {
117     			HLS()->device_response_queue_tail = 0;
118     
119     			// only clear SSIP if no other events are pending
120     			clear_csr(mip, MIP_SSIP);
121     			mb();
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
122     			if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
123     		}
124     	}
125     	return (uintptr_t)m;
126     }
127     
/src/mainboard/emulation/spike-riscv/spike_util.c: 111 in mcall_dev_resp()
105     }
106     
107     uintptr_t mcall_dev_resp(void)
108     {
109     	htif_interrupt(0, 0);
110     
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
111     	sbi_device_message* m = HLS()->device_response_queue_head;
112     	if (m) {
113     		//printm("resp %p\n", m);
114     		sbi_device_message* next = (void*)atomic_read(&m->sbi_private_data);
115     		HLS()->device_response_queue_head = next;
116     		if (!next) {
/src/mainboard/emulation/spike-riscv/spike_util.c: 115 in mcall_dev_resp()
109     	htif_interrupt(0, 0);
110     
111     	sbi_device_message* m = HLS()->device_response_queue_head;
112     	if (m) {
113     		//printm("resp %p\n", m);
114     		sbi_device_message* next = (void*)atomic_read(&m->sbi_private_data);
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
115     		HLS()->device_response_queue_head = next;
116     		if (!next) {
117     			HLS()->device_response_queue_tail = 0;
118     
119     			// only clear SSIP if no other events are pending
120     			clear_csr(mip, MIP_SSIP);
/src/mainboard/emulation/spike-riscv/spike_util.c: 117 in mcall_dev_resp()
111     	sbi_device_message* m = HLS()->device_response_queue_head;
112     	if (m) {
113     		//printm("resp %p\n", m);
114     		sbi_device_message* next = (void*)atomic_read(&m->sbi_private_data);
115     		HLS()->device_response_queue_head = next;
116     		if (!next) {
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
117     			HLS()->device_response_queue_tail = 0;
118     
119     			// only clear SSIP if no other events are pending
120     			clear_csr(mip, MIP_SSIP);
121     			mb();
122     			if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
/src/mainboard/emulation/spike-riscv/spike_util.c: 122 in mcall_dev_resp()
116     		if (!next) {
117     			HLS()->device_response_queue_tail = 0;
118     
119     			// only clear SSIP if no other events are pending
120     			clear_csr(mip, MIP_SSIP);
121     			mb();
>>>     CID 1325828:    (UNINIT)
>>>     Using uninitialized value "sp".
122     			if (HLS()->ipi_pending) set_csr(mip, MIP_SSIP);
123     		}
124     	}
125     	return (uintptr_t)m;
126     }
127     

** CID 1325827:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 130 in mcall_hart_id()
/src/mainboard/emulation/spike-riscv/spike_util.c: 130 in mcall_hart_id()


________________________________________________________________________________________________________
*** CID 1325827:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 130 in mcall_hart_id()
124     	}
125     	return (uintptr_t)m;
126     }
127     
128     uintptr_t mcall_hart_id(void)
129     {
>>>     CID 1325827:    (UNINIT)
>>>     Using uninitialized value "sp".
130     	return HLS()->hart_id;
131     }
132     
133     void hls_init(uint32_t hart_id)
134     {
135     	memset(HLS(), 0, sizeof(*HLS()));
/src/mainboard/emulation/spike-riscv/spike_util.c: 130 in mcall_hart_id()
124     	}
125     	return (uintptr_t)m;
126     }
127     
128     uintptr_t mcall_hart_id(void)
129     {
>>>     CID 1325827:    (UNINIT)
>>>     Using uninitialized value "sp".
130     	return HLS()->hart_id;
131     }
132     
133     void hls_init(uint32_t hart_id)
134     {
135     	memset(HLS(), 0, sizeof(*HLS()));

** CID 1325826:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 61 in mcall_send_ipi()
/src/mainboard/emulation/spike-riscv/spike_util.c: 61 in mcall_send_ipi()


________________________________________________________________________________________________________
*** CID 1325826:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 61 in mcall_send_ipi()
55     
56     uintptr_t mcall_send_ipi(uintptr_t recipient)
57     {
58     	//if (recipient >= num_harts)
59     	//return -1;
60     
>>>     CID 1325826:    (UNINIT)
>>>     Using uninitialized value "sp".
61     	if (atomic_swap(&OTHER_HLS(recipient)->ipi_pending, 1) == 0) {
62     		mb();
63     		write_csr(send_ipi, recipient);
64     	}
65     
66     	return 0;
/src/mainboard/emulation/spike-riscv/spike_util.c: 61 in mcall_send_ipi()
55     
56     uintptr_t mcall_send_ipi(uintptr_t recipient)
57     {
58     	//if (recipient >= num_harts)
59     	//return -1;
60     
>>>     CID 1325826:    (UNINIT)
>>>     Using uninitialized value "sp".
61     	if (atomic_swap(&OTHER_HLS(recipient)->ipi_pending, 1) == 0) {
62     		mb();
63     		write_csr(send_ipi, recipient);
64     	}
65     
66     	return 0;

** CID 1325825:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 135 in hls_init()
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 136 in hls_init()
/src/mainboard/emulation/spike-riscv/spike_util.c: 135 in hls_init()
/src/mainboard/emulation/spike-riscv/spike_util.c: 136 in hls_init()


________________________________________________________________________________________________________
*** CID 1325825:    (UNINIT)
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 135 in hls_init()
129     {
130     	return HLS()->hart_id;
131     }
132     
133     void hls_init(uint32_t hart_id)
134     {
>>>     CID 1325825:    (UNINIT)
>>>     Using uninitialized value "sp".
135     	memset(HLS(), 0, sizeof(*HLS()));
136     	HLS()->hart_id = hart_id;
137     }
138     
139     uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140     	uintptr_t fromhost = swap_csr(mfromhost, 0);
/src/mainboard/emulation/qemu-riscv/qemu_util.c: 136 in hls_init()
130     	return HLS()->hart_id;
131     }
132     
133     void hls_init(uint32_t hart_id)
134     {
135     	memset(HLS(), 0, sizeof(*HLS()));
>>>     CID 1325825:    (UNINIT)
>>>     Using uninitialized value "sp".
136     	HLS()->hart_id = hart_id;
137     }
138     
139     uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140     	uintptr_t fromhost = swap_csr(mfromhost, 0);
141     	if (!fromhost)
/src/mainboard/emulation/spike-riscv/spike_util.c: 135 in hls_init()
129     {
130     	return HLS()->hart_id;
131     }
132     
133     void hls_init(uint32_t hart_id)
134     {
>>>     CID 1325825:    (UNINIT)
>>>     Using uninitialized value "sp".
135     	memset(HLS(), 0, sizeof(*HLS()));
136     	HLS()->hart_id = hart_id;
137     }
138     
139     uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140     	uintptr_t fromhost = swap_csr(mfromhost, 0);
/src/mainboard/emulation/spike-riscv/spike_util.c: 136 in hls_init()
130     	return HLS()->hart_id;
131     }
132     
133     void hls_init(uint32_t hart_id)
134     {
135     	memset(HLS(), 0, sizeof(*HLS()));
>>>     CID 1325825:    (UNINIT)
>>>     Using uninitialized value "sp".
136     	HLS()->hart_id = hart_id;
137     }
138     
139     uintptr_t htif_interrupt(uintptr_t mcause, uintptr_t* regs) {
140     	uintptr_t fromhost = swap_csr(mfromhost, 0);
141     	if (!fromhost)

** CID 1302458:  Control flow issues  (DEADCODE)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 75 in write_pstates_for_core()


________________________________________________________________________________________________________
*** CID 1302458:  Control flow issues  (DEADCODE)
/src/cpu/amd/model_10xxx/powernow_acpi.c: 75 in write_pstates_for_core()
69     	/* Write PPC object */
70     	acpigen_write_PPC(pstate_num);
71     
72     	/* Write PSD indicating coordination type */
73     	if ((single_link) && (mctGetLogicalCPUID(0) & AMD_DR_GT_Bx)) {
74     		/* Revision C or greater single-link processor */
>>>     CID 1302458:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "cpuid1 = cpuid(-2147483640);".
75     		cpuid1 = cpuid(0x80000008);
76     		acpigen_write_PSD_package(0, (cpuid1.ecx & 0xff) + 1, SW_ALL);
77     	}
78     	else {
79     		/* Find the local APIC ID for the specified core ID */
80     		struct device* cpu;

** CID 1302450:  Security best practices violations  (STRING_OVERFLOW)
/src/drivers/intel/gma/acpi.c: 50 in drivers_intel_gma_displays_ssdt_generate()


________________________________________________________________________________________________________
*** CID 1302450:  Security best practices violations  (STRING_OVERFLOW)
/src/drivers/intel/gma/acpi.c: 50 in drivers_intel_gma_displays_ssdt_generate()
44     		char *ptr;
45     		int kind;
46     		kind = (conf->did[i] >> 8) & 0xf;
47     		if (kind >= ARRAY_SIZE(names)) {
48     			kind = 0;
49     		}
>>>     CID 1302450:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 10 byte fixed-size string "name" by copying "names[kind]" without checking the length.
50     		strcpy(name, names[kind]);
51     		for (ptr = name; *ptr; ptr++);
52     		*ptr++ = counters[kind] + '0';
53     		*ptr++ = '\0';
54     		counters[kind]++;
55     		acpigen_write_device(name);

** CID 1300288:  Incorrect expression  (IDENTICAL_BRANCHES)
/src/drivers/xgi/common/vb_setmode.c: 2608 in XGI_GetCRT2Data()


________________________________________________________________________________________________________
*** CID 1300288:  Incorrect expression  (IDENTICAL_BRANCHES)
/src/drivers/xgi/common/vb_setmode.c: 2608 in XGI_GetCRT2Data()
2602     		} else if (pVBInfo->LCDResInfo == Panel_1280x960) {
2603     			tempax = 1280;
2604     			if (pVBInfo->VGAVDE == 350)
2605     				tempbx = 700;
2606     			else if (pVBInfo->VGAVDE == 400)
2607     				tempbx = 800;
>>>     CID 1300288:  Incorrect expression  (IDENTICAL_BRANCHES)
>>>     The same code is executed regardless of whether "pVBInfo->VGAVDE == 1024" is true, because the 'then' and 'else' branches are identical. Should one of the branches be modified, or the entire 'if' statement replaced?
2608     			else if (pVBInfo->VGAVDE == 1024)
2609     				tempbx = 960;
2610     			else
2611     				tempbx = 960;
2612     		} else if (pVBInfo->LCDResInfo == Panel_1400x1050) {
2613     			tempax = 1400;

** CID 1295501:  Null pointer dereferences  (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 464 in gpio_get()


________________________________________________________________________________________________________
*** CID 1295501:  Null pointer dereferences  (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 464 in gpio_get()
458     {
459     	struct cygnus_gpio *chip;
460     	unsigned gpio_num;
461     
462     	chip = cygnus_get_gpio_core(gpio, &gpio_num);
463     	if (chip == NULL) {
>>>     CID 1295501:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "chip".
464     		dev_dbg(chip, "unable to find chip for gpio %d", gpio);
465     		return -1;
466     	}
467     
468     	return cygnus_gpio_get(chip, gpio_num);
469     }

** CID 1295500:  Control flow issues  (DEADCODE)
/src/soc/broadcom/cygnus/shmoo_and28.c: 4278 in soc_and28_shmoo_ctl()


________________________________________________________________________________________________________
*** CID 1295500:  Control flow issues  (DEADCODE)
/src/soc/broadcom/cygnus/shmoo_and28.c: 4278 in soc_and28_shmoo_ctl()
4272     
4273         if(!stat)
4274         {
4275             scPtr = &shmoo_container;
4276             if(scPtr == NULL)
4277             {
>>>     CID 1295500:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "return 4;".
4278                 return SOC_E_MEMORY;
4279             }
4280             sal_memset(scPtr, 0, sizeof(and28_shmoo_container_t));
4281     
4282             if(phy_ndx != SHMOO_AND28_INTERFACE_RSVP)
4283             {

** CID 1295499:  Control flow issues  (DEADCODE)
/src/soc/intel/common/nvm.c: 113 in nvm_is_write_protected()


________________________________________________________________________________________________________
*** CID 1295499:  Control flow issues  (DEADCODE)
/src/soc/intel/common/nvm.c: 113 in nvm_is_write_protected()
107     	}
108     	wp_spi = !!(sr1 & 0x80);
109     
110     	printk(BIOS_DEBUG, "SPI flash protection: WPSW=%d SRP0=%d\n",
111     	       wp_gpio, wp_spi);
112     
>>>     CID 1295499:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "wp_spi" inside this statement: "return wp_gpio && wp_spi;".
113     	return wp_gpio && wp_spi;
114     }
115     
116     /* Apply protection to a range of flash */
117     int nvm_protect(void *start, size_t size)
118     {

** CID 1295498:  Null pointer dereferences  (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 404 in gpio_free()


________________________________________________________________________________________________________
*** CID 1295498:  Null pointer dereferences  (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 404 in gpio_free()
398     {
399     	struct cygnus_gpio *chip;
400     	unsigned gpio_num;
401     
402     	chip = cygnus_get_gpio_core(gpio, &gpio_num);
403     	if (chip == NULL) {
>>>     CID 1295498:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "chip".
404     		dev_dbg(chip, "unable to find chip for gpio %d", gpio);
405     		return;
406     	}
407     
408     	cygnus_gpio_free(chip, gpio_num);
409     }

** CID 1295497:  Integer handling issues  (NO_EFFECT)
/src/soc/broadcom/cygnus/i2c.c: 240 in i2c_init()


________________________________________________________________________________________________________
*** CID 1295497:  Integer handling issues  (NO_EFFECT)
/src/soc/broadcom/cygnus/i2c.c: 240 in i2c_init()
234     }
235     
236     void i2c_init(unsigned int bus, unsigned int hz)
237     {
238     	struct cygnus_i2c_regs *regs = i2c_bus[bus];
239     
>>>     CID 1295497:  Integer handling issues  (NO_EFFECT)
>>>     This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "bus >= 0U".
240     	assert(bus >= 0 && bus <= 1);
241     
242     	setbits_le32(&regs->i2c_con, I2C_SMB_RESET);
243     	udelay(100); /* wait 100 usec per spec */
244     	clrbits_le32(&regs->i2c_con, I2C_SMB_RESET);
245     

** CID 1295496:  Null pointer dereferences  (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 436 in gpio_input_pulldown()


________________________________________________________________________________________________________
*** CID 1295496:  Null pointer dereferences  (FORWARD_NULL)
/src/soc/broadcom/cygnus/gpio.c: 436 in gpio_input_pulldown()
430     {
431     	struct cygnus_gpio *chip;
432     	unsigned gpio_num;
433     
434     	chip = cygnus_get_gpio_core(gpio, &gpio_num);
435     	if (chip == NULL) {
>>>     CID 1295496:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "chip".
436     		dev_dbg(chip, "unable to find chip for gpio %d", gpio);
437     		return;
438     	}
439     
440     	cygnus_gpio_set_pull(chip, gpio_num, 0, 0);
441     }

** CID 1241910:    (OVERRUN)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Nb/Family/LN/F12NbServices.c: 223 in NbFmFuseAdjustFuseTablePatch()
/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c: 218 in NbFmFuseAdjustFuseTablePatch()


________________________________________________________________________________________________________
*** CID 1241910:    (OVERRUN)
/src/vendorcode/amd/agesa/f12/Proc/GNB/Nb/Family/LN/F12NbServices.c: 223 in NbFmFuseAdjustFuseTablePatch()
217             if (PpFuseArray->PolicyLabel[SwSatateIndex] == POLICY_LABEL_PERFORMANCE) {
218               break;
219             }
220           }
221           MaxSclkIndex = 0;
222           CurrentSclkDpmDid = 0xff;
>>>     CID 1241910:    (OVERRUN)
>>>     Overrunning array "PpFuseArray->SclkDpmValid" of 6 bytes at byte offset 6 using index "SwSatateIndex" (which evaluates to 6).
223           ASSERT (PpFuseArray->SclkDpmValid[SwSatateIndex] != 0);
224           for (DpmStateIndex = 0; DpmStateIndex < PP_FUSE_MAX_NUM_DPM_STATE; DpmStateIndex++) {
225             if ((PpFuseArray->SclkDpmValid[SwSatateIndex] & (1 << DpmStateIndex)) != 0) {
226               if (PpFuseArray->SclkDpmDid[DpmStateIndex] < CurrentSclkDpmDid) {
227                 CurrentSclkDpmDid = PpFuseArray->SclkDpmDid[DpmStateIndex];
228                 MaxSclkIndex = DpmStateIndex;
/src/vendorcode/amd/agesa/f14/Proc/GNB/Nb/Family/0x14/F14NbServices.c: 218 in NbFmFuseAdjustFuseTablePatch()
212             if (PpFuseArray->PolicyLabel[SwSatateIndex] == POLICY_LABEL_PERFORMANCE) {
213               break;
214             }
215           }
216           MaxSclkIndex = 0;
217           CurrentSclkDpmDid = 0xff;
>>>     CID 1241910:    (OVERRUN)
>>>     Overrunning array "PpFuseArray->SclkDpmValid" of 6 bytes at byte offset 6 using index "SwSatateIndex" (which evaluates to 6).
218           ASSERT (PpFuseArray->SclkDpmValid[SwSatateIndex] != 0);
219           for (DpmStateIndex = 0; DpmStateIndex < PP_FUSE_MAX_NUM_DPM_STATE; DpmStateIndex++) {
220             if ((PpFuseArray->SclkDpmValid[SwSatateIndex] & (1 << DpmStateIndex)) != 0) {
221               if (PpFuseArray->SclkDpmDid[DpmStateIndex] < CurrentSclkDpmDid) {
222                 CurrentSclkDpmDid = PpFuseArray->SclkDpmDid[DpmStateIndex];
223                 MaxSclkIndex = DpmStateIndex;

** CID 1241909:  Null pointer dereferences  (FORWARD_NULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GfxIntegratedInfoTableTN.c: 812 in GfxIntInfoTableInitTN()


________________________________________________________________________________________________________
*** CID 1241909:  Null pointer dereferences  (FORWARD_NULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/GfxIntegratedInfoTableTN.c: 812 in GfxIntInfoTableInitTN()
806       AGESA_STATUS_UPDATE (Status, AgesaStatus);
807       // Assign usFormatID to 0x000B to represent Trinity
808       PpTable->usFormatID = 0xB;
809       // Build info from fuses
810       PpFuseArray = GnbLocateHeapBuffer (AMD_PP_FUSE_TABLE_HANDLE, GnbLibGetHeader (Gfx));
811       ASSERT (PpFuseArray != NULL);
>>>     CID 1241909:  Null pointer dereferences  (FORWARD_NULL)
>>>     Comparing "PpFuseArray" to null implies that "PpFuseArray" might be null.
812       if (PpFuseArray != NULL) {
813         // Build Display clock info
814         GfxIntInfoTableInitDispclkTable (PpFuseArray, &SystemInfoTableV2.sIntegratedSysInfo, Gfx);
815         // Build Sclk info table
816         GfxIntInfoTableInitSclkTable (PpFuseArray, &SystemInfoTableV2.sIntegratedSysInfo, Gfx);
817       } else {

** CID 1241908:    (DEADCODE)
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuMicrocodePatch.c: 151 in LoadMicrocodePatch()
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuMicrocodePatch.c: 150 in LoadMicrocodePatch()


________________________________________________________________________________________________________
*** CID 1241908:    (DEADCODE)
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuMicrocodePatch.c: 151 in LoadMicrocodePatch()
145                   }
146                   break; // Once we find a microcode patch that matches the processor, exit the for loop
147                 }
148               }
149             }
150           } else {
>>>     CID 1241908:    (DEADCODE)
>>>     Execution cannot reach the expression "1" inside this statement: "1 ? (VOID)0 : AmdIdsDebugPr...".
151             IDS_HDT_CONSOLE (CPU_TRACE, "  Force Ucode loaded from offset %x\n", ForceLoadMicrocodePatchPtr);
152             if (LoadMicrocode (ForceLoadMicrocodePatchPtr, StdHeader)) {
153               Status = TRUE;
154             } else {
155               PutEventLog (AGESA_ERROR,
156                            CPU_ERROR_MICRO_CODE_PATCH_IS_NOT_LOADED,
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuMicrocodePatch.c: 150 in LoadMicrocodePatch()
144                   }
145                   break; // Once we find a microcode patch that matches the processor, exit the for loop
146                 }
147               }
148             }
149           } else {
>>>     CID 1241908:    (DEADCODE)
>>>     Execution cannot reach this statement: "if (LoadMicrocode(ForceLoad...".
150             if (LoadMicrocode (ForceLoadMicrocodePatchPtr, StdHeader)) {
151               Status = TRUE;
152             } else {
153               PutEventLog (AGESA_ERROR,
154                            CPU_ERROR_MICRO_CODE_PATCH_IS_NOT_LOADED,
155                            0, 0, 0, 0, StdHeader);

** CID 1241907:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbSmuLibV7/GnbSmuInitLibV7.c: 258 in GnbSmuFirmwareLoadV7()


________________________________________________________________________________________________________
*** CID 1241907:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbSmuLibV7/GnbSmuInitLibV7.c: 258 in GnbSmuFirmwareLoadV7()
252     
253       // Step5, 12, Load firmware
254       IDS_HDT_CONSOLE (GNB_TRACE, "Step5, 12, Load firmware\n");
255       // 4 means byte length of next address during firmware download
256       UraTuple.StepLength = 4;
257       UraTuple.Value = (UINT32) ((UINTN) (Firmware));
>>>     CID 1241907:  Memory - corruptions  (ARRAY_VS_SINGLETON)
>>>     Taking address with "&UraTuple" yields a singleton pointer.
258       GnbUraCombinedSet (&DevObject, TRxSmuRamStartAddr | GNB_URA_STREAM_SET, &UraTuple, (Firmware->ImageSize >> 2));
259     
260       if (BfxSmuProtectedMode == 0) {
261         IDS_HDT_CONSOLE (GNB_TRACE, "Step6, write jmp to RAM firmware\n");
262         //Step 6, Write jmp to RAM firmware
263         RxSmuRamStartAddr = 0xE0000000 + ((SMC_RAM_START_ADDR + Firmware->HeaderSize) >> 2);

** CID 1241906:    (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f14/Proc/CPU/cpuApicUtilities.c: 1010 in ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f12/Proc/CPU/cpuApicUtilities.c: 961 in ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuApicUtilities.c: 966 in ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuApicUtilities.c: 966 in ApUtilTransmitBuffer()
/src/vendorcode/amd/agesa/f15/Proc/CPU/cpuApicUtilities.c: 967 in ApUtilTransmitBuffer()


________________________________________________________________________________________________________
*** CID 1241906:    (ARRAY_VS_SINGLETON)
/src/vendorcode/amd/agesa/f14/Proc/CPU/cpuApicUtilities.c: 1010 in ApUtilTransmitBuffer()
1004       ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
1005     
1006       ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
1007       WaitForStatus.WaitForStatusFlags = 0;
1008       ApUtilWaitForCoreStatus (Socket, Core, &WaitForStatus, StdHeader);
1009       if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>>     CID 1241906:    (ARRAY_VS_SINGLETON)
>>>     Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
1010         ApUtilTransmitPointer (Socket, Core, (VOID **) &BufferInfo->DataPtr, StdHeader);
1011       } else {
1012         ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
1013         CurrentStatus = CORE_STS_DATA_READY_0;
1014         WaitForStatus.Status = &CurrentStatus;
1015         WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f12/Proc/CPU/cpuApicUtilities.c: 961 in ApUtilTransmitBuffer()
955       ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
956     
957       ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
958       WaitForStatus.WaitForStatusFlags = 0;
959       ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
960       if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>>     CID 1241906:    (ARRAY_VS_SINGLETON)
>>>     Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
961         ApUtilTransmitPointer (TargetApicId, (VOID **) &BufferInfo->DataPtr, StdHeader);
962       } else {
963         ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
964         CurrentStatus = CORE_STS_DATA_READY_0;
965         WaitForStatus.Status = &CurrentStatus;
966         WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f16kb/Proc/CPU/cpuApicUtilities.c: 966 in ApUtilTransmitBuffer()
960       ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
961     
962       ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
963       WaitForStatus.WaitForStatusFlags = 0;
964       ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
965       if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>>     CID 1241906:    (ARRAY_VS_SINGLETON)
>>>     Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
966         ApUtilTransmitPointer (TargetApicId, (VOID **) &BufferInfo->DataPtr, StdHeader);
967       } else {
968         ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
969         CurrentStatus = CORE_STS_DATA_READY_0;
970         WaitForStatus.Status = &CurrentStatus;
971         WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f15tn/Proc/CPU/cpuApicUtilities.c: 966 in ApUtilTransmitBuffer()
960       ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
961     
962       ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
963       WaitForStatus.WaitForStatusFlags = 0;
964       ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
965       if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>>     CID 1241906:    (ARRAY_VS_SINGLETON)
>>>     Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
966         ApUtilTransmitPointer (TargetApicId, (VOID **) &BufferInfo->DataPtr, StdHeader);
967       } else {
968         ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
969         CurrentStatus = CORE_STS_DATA_READY_0;
970         WaitForStatus.Status = &CurrentStatus;
971         WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;
/src/vendorcode/amd/agesa/f15/Proc/CPU/cpuApicUtilities.c: 967 in ApUtilTransmitBuffer()
961       ApUtilWriteDataDword (BufferInfo->DataTransferFlags, StdHeader);
962     
963       ApUtilWriteControlByte (CORE_DATA_FLAGS_READY, StdHeader);
964       WaitForStatus.WaitForStatusFlags = 0;
965       ApUtilWaitForCoreStatus (TargetApicId, &WaitForStatus, StdHeader);
966       if ((BufferInfo->DataTransferFlags & DATA_IN_MEMORY) != 0) {
>>>     CID 1241906:    (ARRAY_VS_SINGLETON)
>>>     Taking address with "&BufferInfo->DataPtr" yields a singleton pointer.
967         ApUtilTransmitPointer (TargetApicId, (VOID **) &BufferInfo->DataPtr, StdHeader);
968       } else {
969         ApUtilWriteControlByte (CORE_STS_DATA_READY_1, StdHeader);
970         CurrentStatus = CORE_STS_DATA_READY_0;
971         WaitForStatus.Status = &CurrentStatus;
972         WaitForStatus.WaitForStatusFlags = WAIT_STATUS_EQUALITY;

** CID 1241905:    (BAD_SHIFT)
/src/vendorcode/amd/agesa/f15/Proc/Mem/Ps/mp.c: 1149 in MemPCheckTblDrvOverrideConfig()
/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mp.c: 1143 in MemPCheckTblDrvOverrideConfig()
/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Ps/mp.c: 1154 in MemPCheckTblDrvOverrideConfig()


________________________________________________________________________________________________________
*** CID 1241905:    (BAD_SHIFT)
/src/vendorcode/amd/agesa/f15/Proc/Mem/Ps/mp.c: 1149 in MemPCheckTblDrvOverrideConfig()
1143     
1144       CurrentChannel = NBPtr->ChannelPtr;
1145     
1146       // Get platform configuration.
1147       MaxDimmPerCh = GetMaxDimmsPerChannel (NBPtr->RefPtr->PlatformMemoryConfiguration, NBPtr->MCTPtr->SocketId, CurrentChannel->ChannelID);
1148       CurDDRrate = (UINT32) (1 << (CurrentChannel->DCTPtr->Timings.Speed / 66));
>>>     CID 1241905:    (BAD_SHIFT)
>>>     In expression "1 << ((NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255)))", left shifting by more than 31 bits has undefined behavior.  The shift amount, "(NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255))", is 255.
1149       DDR3Voltage = (UINT8) (1 << CONVERT_VDDIO_TO_ENCODED (NBPtr->RefPtr->DDR3Voltage));
1150       RankTypeOfPopulatedDimm = MemAGetPsRankType (CurrentChannel);
1151     
1152       if ((MaxDimmPerCh == Buffer[0]) && ((DDR3Voltage & Buffer[1]) != 0) &&
1153         ((CurDDRrate & *(UINT32 *)&Buffer[2]) != 0) && ((RankTypeOfPopulatedDimm & *(UINT16 *)&Buffer[6]) != 0)) {
1154         return TRUE;
/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mp.c: 1143 in MemPCheckTblDrvOverrideConfig()
1137     
1138       CurrentChannel = NBPtr->ChannelPtr;
1139     
1140       // Get platform configuration.
1141       MaxDimmPerCh = GetMaxDimmsPerChannel (NBPtr->RefPtr->PlatformMemoryConfiguration, NBPtr->MCTPtr->SocketId, CurrentChannel->ChannelID);
1142       CurDDRrate = (UINT32) (1 << (CurrentChannel->DCTPtr->Timings.Speed / 66));
>>>     CID 1241905:    (BAD_SHIFT)
>>>     In expression "1 << ((NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255)))", left shifting by more than 31 bits has undefined behavior.  The shift amount, "(NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255))", is 255.
1143       DDR3Voltage = (UINT8) (1 << CONVERT_VDDIO_TO_ENCODED (NBPtr->RefPtr->DDR3Voltage));
1144       RankTypeOfPopulatedDimm = MemAGetPsRankType (CurrentChannel);
1145     
1146       if ((MaxDimmPerCh == Buffer[0]) && ((DDR3Voltage & Buffer[1]) != 0) &&
1147         ((CurDDRrate & *(UINT32 *)&Buffer[2]) != 0) && ((RankTypeOfPopulatedDimm & *(UINT16 *)&Buffer[6]) != 0)) {
1148         return TRUE;
/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Ps/mp.c: 1154 in MemPCheckTblDrvOverrideConfig()
1148     
1149       CurrentChannel = NBPtr->ChannelPtr;
1150     
1151       // Get platform configuration.
1152       MaxDimmPerCh = GetMaxDimmsPerChannel (NBPtr->RefPtr->PlatformMemoryConfiguration, NBPtr->MCTPtr->SocketId, CurrentChannel->ChannelID);
1153       CurDDRrate = (UINT32) (1 << (CurrentChannel->DCTPtr->Timings.Speed / 66));
>>>     CID 1241905:    (BAD_SHIFT)
>>>     In expression "1 << ((NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255)))", left shifting by more than 31 bits has undefined behavior.  The shift amount, "(NBPtr->RefPtr->DDR3Voltage == VOLT1_5) ? 0 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_35) ? 1 : ((NBPtr->RefPtr->DDR3Voltage == VOLT1_25) ? 2 : 255))", is 255.
1154       DDR3Voltage = (UINT8) (1 << CONVERT_VDDIO_TO_ENCODED (NBPtr->RefPtr->DDR3Voltage));
1155       RankTypeOfPopulatedDimm = MemAGetPsRankType (CurrentChannel);
1156     
1157       if ((MaxDimmPerCh == Buffer[0]) && ((DDR3Voltage & Buffer[1]) != 0) &&
1158         ((CurDDRrate & *(UINT32 *)&Buffer[2]) != 0) && ((RankTypeOfPopulatedDimm & *(UINT16 *)&Buffer[6]) != 0)) {
1159         return TRUE;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/coreboot?tab=overview

To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=49533df725f93b78361afb7b89ccde93




More information about the coreboot mailing list