[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Fri Jan 22 22:41:07 CET 2016


Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

7 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1349857:  Uninitialized variables  (UNINIT)
/src/soc/intel/skylake/smihandler.c: 355 in southbridge_smi_gpi()


________________________________________________________________________________________________________
*** CID 1349857:  Uninitialized variables  (UNINIT)
/src/soc/intel/skylake/smihandler.c: 355 in southbridge_smi_gpi()
349     
350     void __attribute__((weak))
351     mainboard_smi_gpi_handler(const struct gpi_status *sts) { }
352     
353     static void southbridge_smi_gpi(void)
354     {
>>>     CID 1349857:  Uninitialized variables  (UNINIT)
>>>     Declaring variable "smi_sts" without initializer.
355     	struct gpi_status smi_sts;
356     
357     	gpi_clear_get_smi_status(&smi_sts);
358     	mainboard_smi_gpi_handler(&smi_sts);
359     
360     	/* Clear again after mainboard handler */

** CID 1349856:  Uninitialized variables  (UNINIT)
/src/mainboard/google/cyan/spd/spd.c: 166 in set_dimm_info()


________________________________________________________________________________________________________
*** CID 1349856:  Uninitialized variables  (UNINIT)
/src/mainboard/google/cyan/spd/spd.c: 166 in set_dimm_info()
160     		break;
161     
162     	case 8:
163     		log2_chips = 3;
164     		break;
165     	}
>>>     CID 1349856:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "log2_chips".
166     	dimm->bus_width = (uint8_t)(log2_chips + (spd[7] & 7) + 2 - 3);
167     }
168     
169     void mainboard_save_dimm_info(struct romstage_params *params)
170     {
171     	struct dimm_info *dimm;

** CID 1349855:  Control flow issues  (UNREACHABLE)
/src/drivers/intel/fsp1_1/fsp_util.c: 44 in find_fsp()


________________________________________________________________________________________________________
*** CID 1349855:  Control flow issues  (UNREACHABLE)
/src/drivers/intel/fsp1_1/fsp_util.c: 44 in find_fsp()
38     	} fsp_id = {
39     		.str_id = CONFIG_FSP_IMAGE_ID_STRING
40     	};
41     
42     	u32 *image_id;
43     
>>>     CID 1349855:  Control flow issues  (UNREACHABLE)
>>>     Since the loop increment is unreachable, the loop body will never execute more than once.
44     	for (;;) {
45     		/* Get the FSP binary base address in CBFS */
46     		fsp_ptr.u32 = fsp_base_address;
47     
48     		/* Check the FV signature, _FVH */
49     		if (fsp_ptr.fvh->Signature != 0x4856465F) {

** CID 1349854:  Incorrect expression  (UNUSED_VALUE)
/src/drivers/intel/fsp1_1/fsp_util.c: 56 in find_fsp()


________________________________________________________________________________________________________
*** CID 1349854:  Incorrect expression  (UNUSED_VALUE)
/src/drivers/intel/fsp1_1/fsp_util.c: 56 in find_fsp()
50     			fsp_ptr.u8 = (u8 *)ERROR_NO_FV_SIG;
51     			break;
52     		}
53     
54     		/* Locate the file header which follows the FV header. */
55     		fsp_ptr.u8 += fsp_ptr.fvh->ExtHeaderOffset;
>>>     CID 1349854:  Incorrect expression  (UNUSED_VALUE)
>>>     Assigning value from "fsp_ptr.fveh->ExtHeaderSize" to "fsp_ptr.u8" here, but that stored value is overwritten before it can be used.
56     		fsp_ptr.u8 += fsp_ptr.fveh->ExtHeaderSize;
57     		fsp_ptr.u8 = (u8 *)ALIGN_UP(fsp_ptr.u32, 8);
58     
59     		/* Check the FFS GUID */
60     		if ((((u32 *)&fsp_ptr.ffh->Name)[0] != 0x912740BE)
61     			|| (((u32 *)&fsp_ptr.ffh->Name)[1] != 0x47342284)

** CID 1349860:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/src/soc/intel/skylake/romstage/spi.c: 34 in early_spi_read_wpsr()


________________________________________________________________________________________________________
*** CID 1349860:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/src/soc/intel/skylake/romstage/spi.c: 34 in early_spi_read_wpsr()
28     
29     	spi_init();
30     
31     	/* sending NULL for spiflash struct parameter since we are not
32     	 * calling HWSEQ read_status() call via Probe.
33     	 */
>>>     CID 1349860:  Memory - corruptions  (ARRAY_VS_SINGLETON)
>>>     Taking address with "&rdsr" yields a singleton pointer.
34     	ret = pch_hwseq_read_status(NULL, &rdsr);
35     	if (ret) {
36     		printk(BIOS_ERR, "SPI rdsr failed\n");
37     		return ret;
38     	}
39     	*sr = rdsr & WPSR_MASK_SRP0_BIT;
40     
41     	return 0;

** CID 1349859:  Control flow issues  (DEADCODE)
/src/soc/intel/braswell/spi.c: 258 in spi_regs()


________________________________________________________________________________________________________
*** CID 1349859:  Control flow issues  (DEADCODE)
/src/soc/intel/braswell/spi.c: 258 in spi_regs()
252     #if ENV_SMM
253     	dev = PCI_DEV(0, LPC_DEV, LPC_FUNC);
254     #else
255     	dev = dev_find_slot(0, PCI_DEVFN(LPC_DEV, LPC_FUNC));
256     #endif
257     	if (!dev) {
>>>     CID 1349859:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "printk(3, "%s: PCI device n...".
258     		printk(BIOS_ERR, "%s: PCI device not found", __func__);
259     		return NULL;
260     	}
261     
262     	pci_read_config_dword(dev, SBASE, &sbase);
263     	sbase &= ~0x1ff;

** CID 1349858:  Memory - illegal accesses  (OVERRUN)
/src/soc/mediatek/mt8173/spi.c: 85 in mtk_spi_init()


________________________________________________________________________________________________________
*** CID 1349858:  Memory - illegal accesses  (OVERRUN)
/src/soc/mediatek/mt8173/spi.c: 85 in mtk_spi_init()
79     		  unsigned int speed_hz)
80     {
81     	u32 div, sck_ticks, cs_ticks, reg_val;
82     	/* mtk spi HW just support bus 0 */
83     	assert(bus == 0);
84     	struct mtk_spi_bus *slave = &spi_bus[bus];
>>>     CID 1349858:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array of 1 48-byte elements at element index 1 (byte offset 48) by dereferencing pointer "slave".
85     	struct mtk_spi_regs *regs = slave->regs;
86     
87     	if (speed_hz < SPI_HZ / 2)
88     		div = div_round_up(SPI_HZ, speed_hz);
89     	else
90     		div = 1;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/coreboot?tab=overview

To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=49533df725f93b78361afb7b89ccde93




More information about the coreboot mailing list