[coreboot] New Defects reported by Coverity Scan for coreboot

scan-admin at coverity.com scan-admin at coverity.com
Fri Oct 20 16:55:21 CEST 2017 

Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

3 new defect(s) introduced to coreboot found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1381814:    (BUFFER_SIZE)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()


________________________________________________________________________________________________________
*** CID 1381814:    (BUFFER_SIZE)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
247     
248     	/* PCI Express */
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
>>>     CID 1381814:    (BUFFER_SIZE)
>>>     You might overrun the 16 byte destination string "params->PcieClkSrcUsage" by writing the maximum 24 bytes from "config->PcieClkSrcUsage".
253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
>>>     CID 1381814:    (BUFFER_SIZE)
>>>     You might overrun the 16 byte destination string "params->PcieClkSrcClkReq" by writing the maximum 24 bytes from "config->PcieClkSrcClkReq".
255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
259     	params->ScsEmmcEnabled = config->ScsEmmcEnabled;
260     	params->ScsEmmcHs400Enabled = config->ScsEmmcHs400Enabled;

** CID 1381813:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()


________________________________________________________________________________________________________
*** CID 1381813:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 253 in platform_fsp_silicon_init_params_cb()
247     
248     	/* PCI Express */
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
>>>     CID 1381813:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "params->PcieClkSrcUsage" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */

** CID 1381812:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()


________________________________________________________________________________________________________
*** CID 1381812:  Memory - corruptions  (OVERRUN)
/src/soc/intel/cannonlake/chip.c: 255 in platform_fsp_silicon_init_params_cb()
249     	for (i = 0; i < ARRAY_SIZE(config->PcieClkSrcUsage); i++) {
250     		if (config->PcieClkSrcUsage[i] == 0)
251     			config->PcieClkSrcUsage[i] = PCIE_CLK_NOTUSED;
252     	}
253     	memcpy(params->PcieClkSrcUsage, config->PcieClkSrcUsage,
254     	       sizeof(config->PcieClkSrcUsage));
>>>     CID 1381812:  Memory - corruptions  (OVERRUN)
>>>     Overrunning array "params->PcieClkSrcClkReq" of 16 bytes by passing it to a function which accesses it at byte offset 23 using argument "24UL". [Note: The source code implementation of the function has been overridden by a builtin model.]
255     	memcpy(params->PcieClkSrcClkReq, config->PcieClkSrcClkReq,
256     	       sizeof(config->PcieClkSrcClkReq));
257     
258     	/* eMMC and SD */
259     	params->ScsEmmcEnabled = config->ScsEmmcEnabled;
260     	params->ScsEmmcHs400Enabled = config->ScsEmmcHs400Enabled;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZzxlCC53biWvXCrHFNOQlnVOlrU4CVBR2RK94Xf-2FaRUCJHU4ZPJp4Bd4KN2smVQ6l345TAY3xv-2BI6hrkM6LgsM9D500rSvv9nWC7vi5ddEtVsZ4VsB-2BoVdgoRNyoMNw3pPqSdp6DjOwYWxAnvHzLionXz7CaNZ3E6K6gRdkfu-2FImNIo8kuH-2B-2F45t5m677Zjtk-3D

To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4e-2BpBzwOa5gzBZa9dWpDbzfofODnVj1enK2UkK0-2BgCCqfkfgGF5ECMwHI0-2FVznrU953Dvw3Ddjop950pccFQ-2Br0qaXkQSgAjbZsF6g7Yem3Y-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5ZzxlCC53biWvXCrHFNOQlnuW18TdHOYeUfiPDpGtbjTaoeLfx1Irou9uCLB6iXJe0P8QxuANZUBbNTCKujuURZYgH-2BstMeX41UFSyVrvLlJTrUphhvht9BCtUQllt7kNt5JbDXXdnfBAXOKmAYiK-2FpqFxwaozOw2p3dHre8d2X-2BoxkFBsBok278U7w6Cn6oa8-3D

More information about the coreboot mailing list