[SeaBIOS] Coverity detected issues in SeaBIOS

Ian Campbell Ian.Campbell at citrix.com
Wed Jul 16 17:27:18 CEST 2014


Hello,

We run Coverity on the Xen source code occasionally and it happens to
include SeaBIOS. The following new warnings have appeared since I pulled
in rel-1.7.5.

At least the MISSING_BREAK ones look likely to be valid to me. Not sure
about the other two...

Ian.

-------- Forwarded Message --------
From: scan-admin at coverity.com
Subject: New Defects reported by Coverity Scan for XenProject
Date: Wed, 16 Jul 2014 07:16:19 -0700
Message-id: <53c68933a9a35_6cda4073389495a at 209.249.196.67.mail>

Hi,


Please find the latest report on new defect(s) introduced to XenProject found with Coverity Scan.

Defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1226281:  Unchecked return value  (CHECKED_RETURN)
/tools/firmware/seabios-dir-remote/src/fw/smbios.c: 578 in smbios_legacy_setup()

** CID 1226282:  Missing break in switch  (MISSING_BREAK)
/tools/firmware/seabios-dir-remote/src/hw/blockcmd.c: 49 in cdb_cmd_data()

** CID 1226283:  Missing break in switch  (MISSING_BREAK)
/tools/firmware/seabios-dir-remote/src/hw/blockcmd.c: 52 in cdb_cmd_data()

** CID 1226284:  Missing break in switch  (MISSING_BREAK)
/tools/firmware/seabios-dir-remote/src/hw/blockcmd.c: 55 in cdb_cmd_data()

** CID 1226285:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
/tools/firmware/seabios-dir-remote/src/hw/usb-xhci.c: 698 in configure_xhci()


________________________________________________________________________________________________________
*** CID 1226281:  Unchecked return value  (CHECKED_RETURN)
/tools/firmware/seabios-dir-remote/src/fw/smbios.c: 578 in smbios_legacy_setup()
572             }
573         }
574     
575         add_struct(32, p);
576         /* Add any remaining provided entries before the end marker */
577         for (i = 0; i < 256; i++)
>>>     CID 1226281:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "get_external" without checking return value (as is done elsewhere 12 out of 13 times).
578             get_external(i, &p, &nr_structs, &max_struct_size, end);
579         add_struct(127, p);
580     
581     #undef add_struct
582     
583         smbios_entry_point_setup(max_struct_size, p - start, start, nr_structs);
584         free(start);

________________________________________________________________________________________________________
*** CID 1226282:  Missing break in switch  (MISSING_BREAK)
/tools/firmware/seabios-dir-remote/src/hw/blockcmd.c: 49 in cdb_cmd_data()
43             return esp_scsi_cmd_data(op, cdbcmd, blocksize);
44         case DTYPE_MEGASAS:
45             return megasas_cmd_data(op, cdbcmd, blocksize);
46         case DTYPE_USB_32:
47             if (!MODESEGMENT)
48                 return usb_cmd_data(op, cdbcmd, blocksize);
>>>     CID 1226282:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
49         case DTYPE_UAS_32:
50             if (!MODESEGMENT)
51                 return uas_cmd_data(op, cdbcmd, blocksize);
52         case DTYPE_PVSCSI:
53             if (!MODESEGMENT)
54                 return pvscsi_cmd_data(op, cdbcmd, blocksize);

________________________________________________________________________________________________________
*** CID 1226283:  Missing break in switch  (MISSING_BREAK)
/tools/firmware/seabios-dir-remote/src/hw/blockcmd.c: 52 in cdb_cmd_data()
46         case DTYPE_USB_32:
47             if (!MODESEGMENT)
48                 return usb_cmd_data(op, cdbcmd, blocksize);
49         case DTYPE_UAS_32:
50             if (!MODESEGMENT)
51                 return uas_cmd_data(op, cdbcmd, blocksize);
>>>     CID 1226283:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
52         case DTYPE_PVSCSI:
53             if (!MODESEGMENT)
54                 return pvscsi_cmd_data(op, cdbcmd, blocksize);
55         case DTYPE_AHCI_ATAPI:
56             if (!MODESEGMENT)
57                 return ahci_cmd_data(op, cdbcmd, blocksize);

________________________________________________________________________________________________________
*** CID 1226284:  Missing break in switch  (MISSING_BREAK)
/tools/firmware/seabios-dir-remote/src/hw/blockcmd.c: 55 in cdb_cmd_data()
49         case DTYPE_UAS_32:
50             if (!MODESEGMENT)
51                 return uas_cmd_data(op, cdbcmd, blocksize);
52         case DTYPE_PVSCSI:
53             if (!MODESEGMENT)
54                 return pvscsi_cmd_data(op, cdbcmd, blocksize);
>>>     CID 1226284:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
55         case DTYPE_AHCI_ATAPI:
56             if (!MODESEGMENT)
57                 return ahci_cmd_data(op, cdbcmd, blocksize);
58         default:
59             return DISK_RET_EPARAM;
60         }

________________________________________________________________________________________________________
*** CID 1226285:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
/tools/firmware/seabios-dir-remote/src/hw/usb-xhci.c: 698 in configure_xhci()
692                 free(spba);
693                 free(pad);
694                 goto fail;
695             }
696             int i;
697             for (i = 0; i < spb; i++)
>>>     CID 1226285:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "i * 4096" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic before being used in a context which expects an expression of type "u64" (64 bits, unsigned). To avoid overflow, cast either operand to "u64" before performing the multiplication.
698                 spba[i] = (u32)pad + (i * PAGE_SIZE);
699             xhci->devs[0].ptr_low = (u32)spba;
700             xhci->devs[0].ptr_high = 0;
701         }
702     
703         reg = readl(&xhci->op->usbcmd);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/606?tab=overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py








More information about the SeaBIOS mailing list