[coreboot] New Defects reported by Coverity Scan for coreboot

Tue Aug 21 16:19:37 CEST 2018

Hi,

Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.

2 new defect(s) introduced to coreboot found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 1395106:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/apollolake/chip.c: 681 in configure_xhci_host_mode_port0()

________________________________________________________________________________________________________
*** CID 1395106:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/src/soc/intel/apollolake/chip.c: 681 in configure_xhci_host_mode_port0()
675     
676     	printk(BIOS_INFO, "Putting xHCI port 0 into host mode.\n");
677     	res = find_resource(xhci_dev, PCI_BASE_ADDRESS_0);
678     	cfg0 = (void *)(uintptr_t)(res->base + DUAL_ROLE_CFG0);
679     	cfg1 = (void *)(uintptr_t)(res->base + DUAL_ROLE_CFG1);
680     	reg = read32(cfg0);
>>>     CID 1395106:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     The expression "reg && 1 /* 1 << 21 */" is suspicious because it performs a Boolean operation on a constant other than 0 or 1.
681     	if (!(reg && SW_IDPIN_EN_MASK))
682     		return;
683     
684     	reg &= ~(SW_IDPIN_MASK | SW_VBUS_VALID_MASK);
685     	write32(cfg0, reg);
686     

** CID 1395105:  Insecure data handling  (TAINTED_SCALAR)

________________________________________________________________________________________________________
*** CID 1395105:  Insecure data handling  (TAINTED_SCALAR)
/src/lib/fit.c: 400 in fit_update_compat()
394     	struct fdt_header *fdt_header = (struct fdt_header *)fdt_blob;
395     	uint32_t fdt_offset = be32_to_cpu(fdt_header->structure_offset);
396     	size_t i = 0;
397     
398     	if (!fdt_find_compat(fdt_blob, fdt_offset, &config->compat)) {
399     		list_for_each(compat_node, compat_strings, list_node) {
>>>     CID 1395105:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "config->compat.size" to a tainted sink.
400     			int pos = fit_check_compat(&config->compat,
401     						   compat_node->compat_string);
402     			if (pos >= 0) {
403     				config->compat_pos = pos;
404     				config->compat_rank = i;
405     				config->compat_string =

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbLuoVetFLSjdonCi1EjfHRqWGQvojmmkYaBE-2BPJiTQvQ-3D-3D_q4bX76XMySz3BXBlWr5fXXJ4cvAsgEXEqC7dBPM7O5Z-2FeTetzNLgpALD7ckK4B74lShlyq84RmkKW3UYi61SAJvip2BeoQjbbMgwJAfv8EPOPhTOet2E5u0dm9CL-2BbFeQg0P0vEdkDPP3pp3vkA2tfAJqTdLjx-2FeHdH-2BpOW24AFYwkxHFI5mWdZ6u5LQ9rjAfIuuNC84rn9xU4I9cBDWWoT6dqXXXDXFo2egFbwP6h4-3D