[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Tue Nov 22 13:20:46 CET 2016 

Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

6 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1353028:  Error handling issues  (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 341 in integrate_psp_firmwares()


________________________________________________________________________________________________________
*** CID 1353028:  Error handling issues  (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 341 in integrate_psp_firmwares()
335     			pspdir[4+4*i+2] = 1;
336     			pspdir[4+4*i+3] = 0;
337     		} else if (fw_table[i].filename != NULL) {
338     			pspdir[4+4*i+0] = fw_table[i].type;
339     
340     			fd = open(fw_table[i].filename, O_RDONLY);
>>>     CID 1353028:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "fd" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
341     			fstat(fd, &fd_stat);
342     			pspdir[4+4*i+1] = (uint32_t)fd_stat.st_size;
343     
344     			pspdir[4+4*i+2] = pos + rom_base_address;
345     			pspdir[4+4*i+3] = 0;
346     

** CID 1353027:  Error handling issues  (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 284 in integrate_firmwares()


________________________________________________________________________________________________________
*** CID 1353027:  Error handling issues  (NEGATIVE_RETURNS)
/util/amdfwtool/amdfwtool.c: 284 in integrate_firmwares()
278     	int i;
279     	uint32_t rom_base_address = 0xFFFFFFFF - rom_size + 1;
280     
281     	for (i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
282     		if (fw_table[i].filename != NULL) {
283     			fd = open(fw_table[i].filename, O_RDONLY);
>>>     CID 1353027:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "fd" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
284     			fstat(fd, &fd_stat);
285     
286     			switch (fw_table[i].type) {
287     			case AMD_FW_IMC:
288     				pos = ALIGN(pos, 0x10000U);
289     				romsig[1] = pos + rom_base_address;

** CID 1353021:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 355 in integrate_psp_firmwares()


________________________________________________________________________________________________________
*** CID 1353021:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 355 in integrate_psp_firmwares()
349     					" will not fit %s.  Exiting.\n",
350     					rom_size, fw_table[i].filename);
351     				free(base);
352     				exit(1);
353     			}
354     
>>>     CID 1353021:  Error handling issues  (CHECKED_RETURN)
>>>     "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.
355     			read(fd, (void *)(base + pos), (size_t)fd_stat.st_size);
356     
357     			pos += fd_stat.st_size;
358     			close(fd);
359     			pos = ALIGN(pos, 0x100U);
360     		} else {

** CID 1353020:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 341 in integrate_psp_firmwares()


________________________________________________________________________________________________________
*** CID 1353020:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 341 in integrate_psp_firmwares()
335     			pspdir[4+4*i+2] = 1;
336     			pspdir[4+4*i+3] = 0;
337     		} else if (fw_table[i].filename != NULL) {
338     			pspdir[4+4*i+0] = fw_table[i].type;
339     
340     			fd = open(fw_table[i].filename, O_RDONLY);
>>>     CID 1353020:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "fstat(fd, &fd_stat)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
341     			fstat(fd, &fd_stat);
342     			pspdir[4+4*i+1] = (uint32_t)fd_stat.st_size;
343     
344     			pspdir[4+4*i+2] = pos + rom_base_address;
345     			pspdir[4+4*i+3] = 0;
346     

** CID 1353019:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 310 in integrate_firmwares()


________________________________________________________________________________________________________
*** CID 1353019:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 310 in integrate_firmwares()
304     					" will not fit %s.  Exiting.\n",
305     					rom_size, fw_table[i].filename);
306     				free(base);
307     				exit(1);
308     			}
309     
>>>     CID 1353019:  Error handling issues  (CHECKED_RETURN)
>>>     "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.
310     			read(fd, (void *)(base + pos), (size_t)fd_stat.st_size);
311     
312     			pos += fd_stat.st_size;
313     			close(fd);
314     			pos = ALIGN(pos, 0x100U);
315     		}

** CID 1353018:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 284 in integrate_firmwares()


________________________________________________________________________________________________________
*** CID 1353018:  Error handling issues  (CHECKED_RETURN)
/util/amdfwtool/amdfwtool.c: 284 in integrate_firmwares()
278     	int i;
279     	uint32_t rom_base_address = 0xFFFFFFFF - rom_size + 1;
280     
281     	for (i = 0; fw_table[i].type != AMD_FW_INVALID; i++) {
282     		if (fw_table[i].filename != NULL) {
283     			fd = open(fw_table[i].filename, O_RDONLY);
>>>     CID 1353018:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "fstat(fd, &fd_stat)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
284     			fstat(fd, &fd_stat);
285     
286     			switch (fw_table[i].type) {
287     			case AMD_FW_IMC:
288     				pos = ALIGN(pos, 0x10000U);
289     				romsig[1] = pos + rom_base_address;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZwZpuheJv2EMls-2FJhbIj69mFVa2D-2FIAcJt6Xbtjlnz0ugTWtCDdwgsNCRQm7d7VdqLuGbq8OAJYN81taJvxzU-2BV-2FoicJ7jAGBFKNPzVfJ44DgaMvMgoraOu2pywBXZdzwOJ9Zn9erRPxBVNB8iw-2FLQbGJnIufGHjKuRlm-2BhyeCcjKeqROvDVHrpMNk9hvWF9U-3D

To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqyeem8IVKvTxSaOFkteZFcnohwvb2rnYNjswGryEWCURnUk6WHU42sbOmtOjD-2Bx5c-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZwZpuheJv2EMls-2FJhbIj69VAXt7d-2F-2FFtt6bkQ7TxECfPAozISTCtX4xQRJZvKs7RiMU56pBZSZASSo4NLRlxF8Kdp0rdljw7Cl-2Fp690yW8TWutY8tlxIUoI5XS2TITIPqyidD6iSZPZSUIh5lPrujI9OANWvquGdIZgaza922Zc3-2BuAEi4GzByxTYdhIW2WSQ-3D

More information about the coreboot mailing list