[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Fri Jun 23 14:26:42 CEST 2017 

Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

3 new defect(s) introduced to coreboot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1376473:  Code maintainability issues  (UNUSED_VALUE)
/src/soc/intel/quark/spi.c: 169 in xfer()


________________________________________________________________________________________________________
*** CID 1376473:  Code maintainability issues  (UNUSED_VALUE)
/src/soc/intel/quark/spi.c: 169 in xfer()
163     		}
164     
165     		/* Use chip select 0 */
166     		ctrlr->address = (data[0] << 16)
167     			       | (data[1] << 8)
168     			       |  data[2];
>>>     CID 1376473:  Code maintainability issues  (UNUSED_VALUE)
>>>     Assigning value from "ctrlr->address" to "status" here, but that stored value is overwritten before it can be used.
169     		status = ctrlr->address;
170     		data += 3;
171     		bytesout -= 3;
172     	}
173     
174     	/* Build the control value */

** CID 1376472:  Integer handling issues  (SIGN_EXTENSION)
/src/commonlib/storage/mmc.c: 436 in mmc_update_capacity()


________________________________________________________________________________________________________
*** CID 1376472:  Integer handling issues  (SIGN_EXTENSION)
/src/commonlib/storage/mmc.c: 436 in mmc_update_capacity()
430     	/* Determine the user partition size
431     	 *
432     	 * According to the JEDEC Standard, the value of
433     	 * ext_csd's capacity is valid if the value is
434     	 * more than 2GB
435     	 */
>>>     CID 1376472:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "ext_csd[215]" with type "unsigned char" (8 bits, unsigned) is promoted in "(ext_csd[212] << 0) | (ext_csd[213] << 8) | (ext_csd[214] << 16) | (ext_csd[215] << 24)" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned).  If "(ext_csd[212] << 0) | (ext_csd[213] << 8) | (ext_csd[214] << 16) | (ext_csd[215] << 24)" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
436     	capacity = (ext_csd[EXT_CSD_SEC_CNT + 0] << 0 |
437     		    ext_csd[EXT_CSD_SEC_CNT + 1] << 8 |
438     		    ext_csd[EXT_CSD_SEC_CNT + 2] << 16 |
439     		    ext_csd[EXT_CSD_SEC_CNT + 3] << 24);
440     	capacity *= 512;
441     	if ((capacity >> 20) > 2 * 1024)

** CID 1325831:  Insecure data handling  (TAINTED_SCALAR)
/src/lib/tlcl.c: 242 in tlcl_read()


________________________________________________________________________________________________________
*** CID 1325831:  Insecure data handling  (TAINTED_SCALAR)
/src/lib/tlcl.c: 242 in tlcl_read()
236     
237     	result = tlcl_send_receive(cmd.buffer, response, sizeof(response));
238     	if (result == TPM_SUCCESS && length > 0) {
239     		uint8_t *nv_read_cursor = response + kTpmResponseHeaderLength;
240     		from_tpm_uint32(nv_read_cursor, &result_length);
241     		nv_read_cursor += sizeof(uint32_t);
>>>     CID 1325831:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "result_length" to a tainted sink. [Note: The source code implementation of the function has been overridden by a builtin model.]
242     		memcpy(data, nv_read_cursor, result_length);
243     	}
244     
245     	return result;
246     }
247     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5agab1yH1fWih8lOzGDXMJ-2BzvFGoUuWpdw3H-2BV-2B-2FeekKYHK0IF7MnBY64iISlh-2FZYn-2BnS-2BYtBrVKnZMM7CODsB6Clj5b9f5etfO0OgVBRCj0DJ7W9mfdhxKsqDCwa2VO28Ii-2FFLhrSbJ6JJIXQ3bVFhihXrmZrNOb58wm9UYnQGI8jVpEkC4xHbF2BSZ2PLSkQ-3D

To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqyeem8IVKvTxSaOFkteZFcnohwvb2rnYNjswGryEWCURnUk6WHU42sbOmtOjD-2Bx5c-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5agab1yH1fWih8lOzGDXMJ-2BscuWVNvWufYOUYr2O9TPYlePBvIjgNhGZ3neDd0RYQIkISA1liNh89mR75xvLe1NRX9dVW4bOwLfuS9dPM6wEWeTJTv5GXSzLBFwzJwg2S659RqtNUl4QFtWvXM-2B8WAR8SzAVhpQBVK78EN4qTN-2B31pWK042CHmoZdU67sDKTIw-3D

More information about the coreboot mailing list