[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Mon Nov 7 04:00:13 CET 2016
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
19 new defect(s) introduced to coreboot found with Coverity Scan.
32 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 19 of 19 defect(s)
** CID 1365395: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_bdb.c: 470 in do_verify()
________________________________________________________________________________________________________
*** CID 1365395: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_bdb.c: 470 in do_verify()
464 {
465 uint8_t *bdb = NULL;
466 uint8_t *key_digest = NULL;
467 uint32_t bdb_size, key_digest_size;
468 int rv = -1;
469
>>> CID 1365395: Insecure data handling (TAINTED_SCALAR)
>>> Assigning: "bdb" = "read_file", which taints "bdb".
470 bdb = read_file(bdb_filename, &bdb_size);
471 if (!bdb) {
472 fprintf(stderr, "Unable to load BDB\n");
473 goto exit;
474 }
475
** CID 1365394: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_vbutil_key.c: 122 in do_unpack()
________________________________________________________________________________________________________
*** CID 1365394: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_vbutil_key.c: 122 in do_unpack()
116
117 if (!infile) {
118 fprintf(stderr, "Need file to unpack\n");
119 return 1;
120 }
121
>>> CID 1365394: Insecure data handling (TAINTED_SCALAR)
>>> Assigning: "pubkey" = "vb2_read_packed_key", which taints "pubkey".
122 pubkey = vb2_read_packed_key(infile);
123 if (pubkey) {
124 printf("Public Key file: %s\n", infile);
125 printf("Algorithm: %u %s\n", pubkey->algorithm,
126 vb1_crypto_name(pubkey->algorithm));
127 printf("Key Version: %u\n", pubkey->key_version);
** CID 1365393: (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
________________________________________________________________________________________________________
*** CID 1365393: (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
334
335 if (!bdb_filename) {
336 fprintf(stderr, "BDB file must be specified\n");
337 goto exit;
338 }
339
>>> CID 1365393: (TAINTED_SCALAR)
>>> Assigning: "bdb" = "read_file", which taints "bdb".
340 bdb = read_file(bdb_filename, &bdb_size);
341 if (!bdb) {
342 fprintf(stderr, "Unable to read %s\n", bdb_filename);
343 goto exit;
344 }
345
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
334
335 if (!bdb_filename) {
336 fprintf(stderr, "BDB file must be specified\n");
337 goto exit;
338 }
339
>>> CID 1365393: (TAINTED_SCALAR)
>>> Assigning: "bdb" = "read_file", which taints "bdb".
340 bdb = read_file(bdb_filename, &bdb_size);
341 if (!bdb) {
342 fprintf(stderr, "Unable to read %s\n", bdb_filename);
343 goto exit;
344 }
345
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
334
335 if (!bdb_filename) {
336 fprintf(stderr, "BDB file must be specified\n");
337 goto exit;
338 }
339
>>> CID 1365393: (TAINTED_SCALAR)
>>> Assigning: "bdb" = "read_file", which taints "bdb".
340 bdb = read_file(bdb_filename, &bdb_size);
341 if (!bdb) {
342 fprintf(stderr, "Unable to read %s\n", bdb_filename);
343 goto exit;
344 }
345
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
334
335 if (!bdb_filename) {
336 fprintf(stderr, "BDB file must be specified\n");
337 goto exit;
338 }
339
>>> CID 1365393: (TAINTED_SCALAR)
>>> Assigning: "bdb" = "read_file", which taints "bdb".
340 bdb = read_file(bdb_filename, &bdb_size);
341 if (!bdb) {
342 fprintf(stderr, "Unable to read %s\n", bdb_filename);
343 goto exit;
344 }
345
/3rdparty/vboot/futility/cmd_bdb.c: 340 in do_resign()
334
335 if (!bdb_filename) {
336 fprintf(stderr, "BDB file must be specified\n");
337 goto exit;
338 }
339
>>> CID 1365393: (TAINTED_SCALAR)
>>> Assigning: "bdb" = "read_file", which taints "bdb".
340 bdb = read_file(bdb_filename, &bdb_size);
341 if (!bdb) {
342 fprintf(stderr, "Unable to read %s\n", bdb_filename);
343 goto exit;
344 }
345
** CID 1365392: (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_vbutil_keyblock.c: 106 in Pack()
/3rdparty/vboot/futility/cmd_vbutil_keyblock.c: 106 in Pack()
/3rdparty/vboot/futility/cmd_vbutil_keyblock.c: 106 in Pack()
________________________________________________________________________________________________________
*** CID 1365392: (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_vbutil_keyblock.c: 106 in Pack()
100 if (!datapubkey) {
101 fprintf(stderr,
102 "vbutil_keyblock: Must specify data public key.\n");
103 return 1;
104 }
105
>>> CID 1365392: (TAINTED_SCALAR)
>>> Assigning: "data_key" = "vb2_read_packed_key", which taints "data_key".
106 struct vb2_packed_key *data_key = vb2_read_packed_key(datapubkey);
107 if (!data_key) {
108 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n");
109 return 1;
110 }
111
/3rdparty/vboot/futility/cmd_vbutil_keyblock.c: 106 in Pack()
100 if (!datapubkey) {
101 fprintf(stderr,
102 "vbutil_keyblock: Must specify data public key.\n");
103 return 1;
104 }
105
>>> CID 1365392: (TAINTED_SCALAR)
>>> Assigning: "data_key" = "vb2_read_packed_key", which taints "data_key".
106 struct vb2_packed_key *data_key = vb2_read_packed_key(datapubkey);
107 if (!data_key) {
108 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n");
109 return 1;
110 }
111
/3rdparty/vboot/futility/cmd_vbutil_keyblock.c: 106 in Pack()
100 if (!datapubkey) {
101 fprintf(stderr,
102 "vbutil_keyblock: Must specify data public key.\n");
103 return 1;
104 }
105
>>> CID 1365392: (TAINTED_SCALAR)
>>> Assigning: "data_key" = "vb2_read_packed_key", which taints "data_key".
106 struct vb2_packed_key *data_key = vb2_read_packed_key(datapubkey);
107 if (!data_key) {
108 fprintf(stderr, "vbutil_keyblock: Error reading data key.\n");
109 return 1;
110 }
111
** CID 1365391: (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_vbutil_firmware.c: 160 in do_vblock()
/3rdparty/vboot/futility/cmd_vbutil_firmware.c: 126 in do_vblock()
________________________________________________________________________________________________________
*** CID 1365391: (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_vbutil_firmware.c: 160 in do_vblock()
154 /* Write the output file */
155 FILE *f = fopen(outfile, "wb");
156 if (!f) {
157 VbExError("Can't open output file %s\n", outfile);
158 goto vblock_cleanup;
159 }
>>> CID 1365391: (TAINTED_SCALAR)
>>> Passing tainted variable "keyblock->keyblock_size" to a tainted sink.
160 int i = ((1 != fwrite(keyblock, keyblock->keyblock_size, 1, f)) ||
161 (1 != fwrite(preamble, preamble->preamble_size, 1, f)));
162 fclose(f);
163 if (i) {
164 VbExError("Can't write output file %s\n", outfile);
165 unlink(outfile);
/3rdparty/vboot/futility/cmd_vbutil_firmware.c: 126 in do_vblock()
120 signing_key = vb2_read_private_key(signprivate);
121 if (!signing_key) {
122 VbExError("Error reading signing key.\n");
123 goto vblock_cleanup;
124 }
125
>>> CID 1365391: (TAINTED_SCALAR)
>>> Assigning: "kernel_subkey" = "vb2_read_packed_key", which taints "kernel_subkey".
126 kernel_subkey = vb2_read_packed_key(kernelkey_file);
127 if (!kernel_subkey) {
128 VbExError("Error reading kernel subkey.\n");
129 goto vblock_cleanup;
130 }
131
** CID 1365390: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_bdb.c: 110 in do_add()
________________________________________________________________________________________________________
*** CID 1365390: Insecure data handling (TAINTED_SCALAR)
/3rdparty/vboot/futility/cmd_bdb.c: 110 in do_add()
104 }
105 /* Copy up to the end of hashes. This implicitly clears the data
106 * sig because it's not copied. */
107 memcpy(new_bdb, bdb, vb2_offset_of(bdb, bdb_get_data_sig(bdb)));
108
109 /* Update new BDB header */
>>> CID 1365390: Insecure data handling (TAINTED_SCALAR)
>>> Assigning: "bdb_header" = "bdb_get_header", which taints "bdb_header".
110 bdb_header = (struct bdb_header *)bdb_get_header(new_bdb);
111 bdb_header->bdb_size += sizeof(*new_hash);
112
113 data_header = (struct bdb_data *)bdb_get_data(new_bdb);
114
115 /* Update new hash. We're overwriting the data signature, which
** CID 1365389: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1365389: Memory - corruptions (OVERRUN)
/src/mainboard/intel/kblrvp/romstage.c: 32 in mainboard_memory_init_params()
26
27 void mainboard_memory_init_params(FSPM_UPD *mupd)
28 {
29 FSP_M_CONFIG *mem_cfg;
30 mem_cfg = &mupd->FspmConfig;
31
>>> CID 1365389: Memory - corruptions (OVERRUN)
>>> Overrunning array "mem_cfg->DqByteMapCh0" of 12 bytes by passing it to a function which accesses it at byte offset 23.
32 mainboard_fill_dq_map_data(&mem_cfg->DqByteMapCh0);
33 mainboard_fill_dqs_map_data(&mem_cfg->DqsMapCpu2DramCh0);
34 mainboard_fill_rcomp_res_data(&mem_cfg->RcompResistor);
35 mainboard_fill_rcomp_strength_data(&mem_cfg->RcompTarget);
36
37 mem_cfg->DqPinsInterleaved = 0;
** CID 1365388: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1365388: Memory - corruptions (OVERRUN)
/src/mainboard/intel/kblrvp/romstage.c: 33 in mainboard_memory_init_params()
27 void mainboard_memory_init_params(FSPM_UPD *mupd)
28 {
29 FSP_M_CONFIG *mem_cfg;
30 mem_cfg = &mupd->FspmConfig;
31
32 mainboard_fill_dq_map_data(&mem_cfg->DqByteMapCh0);
>>> CID 1365388: Memory - corruptions (OVERRUN)
>>> Overrunning array "mem_cfg->DqsMapCpu2DramCh0" of 8 bytes by passing it to a function which accesses it at byte offset 15.
33 mainboard_fill_dqs_map_data(&mem_cfg->DqsMapCpu2DramCh0);
34 mainboard_fill_rcomp_res_data(&mem_cfg->RcompResistor);
35 mainboard_fill_rcomp_strength_data(&mem_cfg->RcompTarget);
36
37 mem_cfg->DqPinsInterleaved = 0;
38 mem_cfg->MemorySpdPtr00 = mainboard_get_spd_data();
39 if (mainboard_has_dual_channel_mem())
40 mem_cfg->MemorySpdPtr10 = mem_cfg->MemorySpdPtr00;
41 mem_cfg->MemorySpdDataLen = SPD_LEN;
** CID 1365387: (RESOURCE_LEAK)
/3rdparty/vboot/futility/cmd_bdb.c: 360 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 362 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 373 in do_resign()
/3rdparty/vboot/futility/cmd_bdb.c: 375 in do_resign()
________________________________________________________________________________________________________
*** CID 1365387: (RESOURCE_LEAK)
/3rdparty/vboot/futility/cmd_bdb.c: 360 in do_resign()
354 if (!key) {
355 fprintf(stderr, "Unable to read BDB key\n");
356 goto exit;
357 }
358 if (install_bdbkey(&bdb, key)) {
359 fprintf(stderr, "Unable to install new BDB key\n");
>>> CID 1365387: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
360 goto exit;
361 }
362 }
363
364 if (datakey_pub_filename) {
365 struct bdb_key *key = bdb_create_key(datakey_pub_filename,
/3rdparty/vboot/futility/cmd_bdb.c: 362 in do_resign()
356 goto exit;
357 }
358 if (install_bdbkey(&bdb, key)) {
359 fprintf(stderr, "Unable to install new BDB key\n");
360 goto exit;
361 }
>>> CID 1365387: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
362 }
363
364 if (datakey_pub_filename) {
365 struct bdb_key *key = bdb_create_key(datakey_pub_filename,
366 datakey_version, NULL);
367 if (!key) {
/3rdparty/vboot/futility/cmd_bdb.c: 373 in do_resign()
367 if (!key) {
368 fprintf(stderr, "Unable to read data key\n");
369 goto exit;
370 }
371 if (install_datakey(&bdb, key)) {
372 fprintf(stderr, "Unable to install new data key\n");
>>> CID 1365387: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
373 goto exit;
374 }
375 }
376
377 /* Check validity for the new bdb key */
378 rv = bdb_verify(bdb, bdb_size_of(bdb), NULL);
/3rdparty/vboot/futility/cmd_bdb.c: 375 in do_resign()
369 goto exit;
370 }
371 if (install_datakey(&bdb, key)) {
372 fprintf(stderr, "Unable to install new data key\n");
373 goto exit;
374 }
>>> CID 1365387: (RESOURCE_LEAK)
>>> Variable "key" going out of scope leaks the storage it points to.
375 }
376
377 /* Check validity for the new bdb key */
378 rv = bdb_verify(bdb, bdb_size_of(bdb), NULL);
379 if (rv == BDB_ERROR_HEADER_SIG) {
380 /* This is expected failure if we installed a new BDB key.
** CID 1365386: Memory - corruptions (OVERRUN)
/src/soc/intel/skylake/chip_fsp20.c: 148 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________
*** CID 1365386: Memory - corruptions (OVERRUN)
/src/soc/intel/skylake/chip_fsp20.c: 148 in platform_fsp_silicon_init_params_cb()
142 memcpy(params->SataPortsEnable, config->SataPortsEnable,
143 sizeof(params->SataPortsEnable));
144 memcpy(params->SataPortsDevSlp, config->SataPortsDevSlp,
145 sizeof(params->SataPortsDevSlp));
146 memcpy(params->PcieRpClkReqSupport, config->PcieRpClkReqSupport,
147 sizeof(params->PcieRpClkReqSupport));
>>> CID 1365386: Memory - corruptions (OVERRUN)
>>> Overrunning array "config->PcieRpClkReqNumber" of 20 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
148 memcpy(params->PcieRpClkReqNumber, config->PcieRpClkReqNumber,
149 sizeof(params->PcieRpClkReqNumber));
150
151 memcpy(params->SerialIoDevMode, config->SerialIoDevMode,
152 sizeof(params->SerialIoDevMode));
153
** CID 1365385: Memory - corruptions (OVERRUN)
/src/soc/intel/skylake/chip_fsp20.c: 146 in platform_fsp_silicon_init_params_cb()
________________________________________________________________________________________________________
*** CID 1365385: Memory - corruptions (OVERRUN)
/src/soc/intel/skylake/chip_fsp20.c: 146 in platform_fsp_silicon_init_params_cb()
140 }
141
142 memcpy(params->SataPortsEnable, config->SataPortsEnable,
143 sizeof(params->SataPortsEnable));
144 memcpy(params->SataPortsDevSlp, config->SataPortsDevSlp,
145 sizeof(params->SataPortsDevSlp));
>>> CID 1365385: Memory - corruptions (OVERRUN)
>>> Overrunning array "config->PcieRpClkReqSupport" of 20 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
146 memcpy(params->PcieRpClkReqSupport, config->PcieRpClkReqSupport,
147 sizeof(params->PcieRpClkReqSupport));
148 memcpy(params->PcieRpClkReqNumber, config->PcieRpClkReqNumber,
149 sizeof(params->PcieRpClkReqNumber));
150
151 memcpy(params->SerialIoDevMode, config->SerialIoDevMode,
** CID 1353028: Error handling issues (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 284 in integrate_psp_firmwares()
________________________________________________________________________________________________________
*** CID 1353028: Error handling issues (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 284 in integrate_psp_firmwares()
278 pspdir[4+4*i+2] = 1;
279 pspdir[4+4*i+3] = 0;
280 } else if (fw_table[i].filename != NULL) {
281 pspdir[4+4*i+0] = fw_table[i].type;
282
283 fd = open (fw_table[i].filename, O_RDONLY);
>>> CID 1353028: Error handling issues (NEGATIVE_RETURNS)
>>> "fd" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
284 fstat(fd, &fd_stat);
285 pspdir[4+4*i+1] = fd_stat.st_size;
286
287 pspdir[4+4*i+2] = pos + ROM_BASE_ADDRESS;
288 pspdir[4+4*i+3] = 0;
289
** CID 1353027: Error handling issues (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 239 in integrate_firmwares()
________________________________________________________________________________________________________
*** CID 1353027: Error handling issues (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 239 in integrate_firmwares()
233 struct stat fd_stat;
234 int i;
235
236 for (i = 0; fw_table[i].type != AMD_FW_INVALID; i ++) {
237 if (fw_table[i].filename != NULL) {
238 fd = open (fw_table[i].filename, O_RDONLY);
>>> CID 1353027: Error handling issues (NEGATIVE_RETURNS)
>>> "fd" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
239 fstat(fd, &fd_stat);
240
241 switch (fw_table[i].type) {
242 case AMD_FW_IMC:
243 pos = ALIGN(pos, 0x10000);
244 romsig[1] = pos + ROM_BASE_ADDRESS;
** CID 1353021: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 290 in integrate_psp_firmwares()
________________________________________________________________________________________________________
*** CID 1353021: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 290 in integrate_psp_firmwares()
284 fstat(fd, &fd_stat);
285 pspdir[4+4*i+1] = fd_stat.st_size;
286
287 pspdir[4+4*i+2] = pos + ROM_BASE_ADDRESS;
288 pspdir[4+4*i+3] = 0;
289
>>> CID 1353021: Error handling issues (CHECKED_RETURN)
>>> "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.
290 read (fd, base+pos, fd_stat.st_size);
291
292 pos += fd_stat.st_size;
293 pos = ALIGN(pos, 0x100);
294 close (fd);
295 } else {
** CID 1353020: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 284 in integrate_psp_firmwares()
________________________________________________________________________________________________________
*** CID 1353020: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 284 in integrate_psp_firmwares()
278 pspdir[4+4*i+2] = 1;
279 pspdir[4+4*i+3] = 0;
280 } else if (fw_table[i].filename != NULL) {
281 pspdir[4+4*i+0] = fw_table[i].type;
282
283 fd = open (fw_table[i].filename, O_RDONLY);
>>> CID 1353020: Error handling issues (CHECKED_RETURN)
>>> Calling "fstat(fd, &fd_stat)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
284 fstat(fd, &fd_stat);
285 pspdir[4+4*i+1] = fd_stat.st_size;
286
287 pspdir[4+4*i+2] = pos + ROM_BASE_ADDRESS;
288 pspdir[4+4*i+3] = 0;
289
** CID 1353019: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 257 in integrate_firmwares()
________________________________________________________________________________________________________
*** CID 1353019: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 257 in integrate_firmwares()
251 break;
252 default:
253 /* Error */
254 break;
255 }
256
>>> CID 1353019: Error handling issues (CHECKED_RETURN)
>>> "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.
257 read (fd, base+pos, fd_stat.st_size);
258
259 pos += fd_stat.st_size;
260 pos = ALIGN(pos, 0x100);
261 close (fd);
262 }
** CID 1353018: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 239 in integrate_firmwares()
________________________________________________________________________________________________________
*** CID 1353018: Error handling issues (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 239 in integrate_firmwares()
233 struct stat fd_stat;
234 int i;
235
236 for (i = 0; fw_table[i].type != AMD_FW_INVALID; i ++) {
237 if (fw_table[i].filename != NULL) {
238 fd = open (fw_table[i].filename, O_RDONLY);
>>> CID 1353018: Error handling issues (CHECKED_RETURN)
>>> Calling "fstat(fd, &fd_stat)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
239 fstat(fd, &fd_stat);
240
241 switch (fw_table[i].type) {
242 case AMD_FW_IMC:
243 pos = ALIGN(pos, 0x10000);
244 romsig[1] = pos + ROM_BASE_ADDRESS;
** CID 1347358: Error handling issues (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 586 in main()
________________________________________________________________________________________________________
*** CID 1347358: Error handling issues (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 586 in main()
580 current = integrate_psp_firmwares(rom, current, psp2dir, amd_psp2_fw_table);
581 #endif
582 }
583 #endif
584
585 targetfd = open(output, O_RDWR | O_CREAT | O_TRUNC, 0666);
>>> CID 1347358: Error handling issues (NEGATIVE_RETURNS)
>>> "targetfd" is passed to a parameter that cannot be negative.
586 write(targetfd, amd_romsig, current - AMD_ROMSIG_OFFSET);
587 close(targetfd);
588 free(rom);
589
590 return 0;
** CID 1347333: Memory - illegal accesses (UNINIT)
/util/amdfwtool/amdfwtool.c: 585 in main()
________________________________________________________________________________________________________
*** CID 1347333: Memory - illegal accesses (UNINIT)
/util/amdfwtool/amdfwtool.c: 585 in main()
579 #else
580 current = integrate_psp_firmwares(rom, current, psp2dir, amd_psp2_fw_table);
581 #endif
582 }
583 #endif
584
>>> CID 1347333: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "output" when calling "open".
585 targetfd = open(output, O_RDWR | O_CREAT | O_TRUNC, 0666);
586 write(targetfd, amd_romsig, current - AMD_ROMSIG_OFFSET);
587 close(targetfd);
588 free(rom);
589
590 return 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5bTj6WnkaIx2UT-2FAJo6rSor-2F8eoo2dM7ZnxKVlRgzZ7rzglw3k-2FawdbNddErkCmQVYXL6wrLoMTk5FpuC-2FPDn55jrIQjZw3y1sw-2B1omWnem6akmO-2BAnaRqutGLeIaV-2FAgo5jk9ppiG-2BC9YMmbmLgLnipUWcf3E5-2Fog5g4z4HX94U-2FkHZ366k2putLQDy1gEyc4-3D
To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqyeem8IVKvTxSaOFkteZFcnohwvb2rnYNjswGryEWCURnUk6WHU42sbOmtOjD-2Bx5c-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5bTj6WnkaIx2UT-2FAJo6rSorbu3QyHXn0yLG0hBpraYpgI2OZiX8YHdl-2F-2Bm9Un2T-2BquyKJWIr9EwkTqCrHpyuSQpo8sMihhRIUIY5dVa2CVD1CHREG3ITeRRfPPg76HC3DB61Eixhmt5dWQm94QzLQktHrPKCBSkPt1n7SESaCKheDjr6aN65YB7nlnCO4iGVmE-3D
More information about the coreboot
mailing list