[coreboot] New Defects reported by Coverity Scan for coreboot

Julius Werner jwerner at chromium.org
Mon Jan 25 23:40:59 CET 2016


I'm curious about this part:

> *** CID 1349858:  Memory - illegal accesses  (OVERRUN)
> /src/soc/mediatek/mt8173/spi.c: 85 in mtk_spi_init()
> 79                unsigned int speed_hz)
> 80     {
> 81      u32 div, sck_ticks, cs_ticks, reg_val;
> 82      /* mtk spi HW just support bus 0 */
> 83      assert(bus == 0);
> 84      struct mtk_spi_bus *slave = &spi_bus[bus];
>>>>     CID 1349858:  Memory - illegal accesses  (OVERRUN)
>>>>     Overrunning array of 1 48-byte elements at element index 1 (byte offset 48) by dereferencing pointer "slave".
> 85      struct mtk_spi_regs *regs = slave->regs;
> 86
> 87      if (speed_hz < SPI_HZ / 2)
> 88              div = div_round_up(SPI_HZ, speed_hz);
> 89      else
> 90              div = 1;

Clearly this seems to be a false positive since the 'spi_bus' array
has one element (as coverity seems to acknowledge itself) and we even
assert that the index 'bus' will always be 0 (although this assertion
may or may not actually generate code based on Kconfigs). Does
coverity just generally flag any function where you can pass in an
index that is then used to index a static array? That sounds a little
overzealous considering how it is otherwise often quite accurate...



More information about the coreboot mailing list