[scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 25 Apr 2022 23:38:10 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
21 new defect(s) introduced to Das U-Boot found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 21 defect(s)
** CID 352464: Memory - illegal accesses (NO_EFFECT) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4291 in _wrap_fdt_property_data_set()
________________________________________________________________________________________________________ *** CID 352464: Memory - illegal accesses (NO_EFFECT) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4291 in _wrap_fdt_property_data_set() 4285 res2 = SWIG_AsCharArray(swig_obj[1], temp2, 0); 4286 if (!SWIG_IsOK(res2)) { 4287 SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fdt_property_data_set" "', argument " "2"" of type '" "char [0]""'"); 4288 } 4289 arg2 = (char *)(temp2); 4290 if (arg2) memcpy(arg1->data,arg2,0*sizeof(char));
CID 352464: Memory - illegal accesses (NO_EFFECT) Calling "memset" with size 0: "memset(arg1->data, 0, 0UL)" does nothing.
4291 else memset(arg1->data,0,0*sizeof(char)); 4292 resultobj = SWIG_Py_Void(); 4293 return resultobj; 4294 fail: 4295 return NULL; 4296 }
** CID 352463: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4030 in _wrap_fdt_node_header_name_set()
________________________________________________________________________________________________________ *** CID 352463: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4030 in _wrap_fdt_node_header_name_set() 4024 res2 = SWIG_AsCharArray(swig_obj[1], temp2, 0); 4025 if (!SWIG_IsOK(res2)) { 4026 SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fdt_node_header_name_set" "', argument " "2"" of type '" "char [0]""'"); 4027 } 4028 arg2 = (char *)(temp2); 4029 if (arg2) memcpy(arg1->name,arg2,0*sizeof(char));
CID 352463: Control flow issues (DEADCODE) Execution cannot reach this statement: "memset(arg1->name, 0, 0UL);".
4030 else memset(arg1->name,0,0*sizeof(char)); 4031 resultobj = SWIG_Py_Void(); 4032 return resultobj; 4033 fail: 4034 return NULL; 4035 }
** CID 352462: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 352462: Insecure data handling (TAINTED_SCALAR) /drivers/gpio/gpio-uclass.c: 1203 in gpio_request_by_line_name() 1197 return ret; 1198 1199 desc->dev = dev; 1200 desc->offset = ret; 1201 desc->flags = 0; 1202
CID 352462: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "desc->offset" to "dm_gpio_request", which uses it as an offset.
1203 ret = dm_gpio_request(desc, line_name); 1204 if (ret) { 1205 debug("%s: dm_gpio_requestf failed\n", __func__); 1206 return ret; 1207 } 1208
** CID 352461: Control flow issues (UNREACHABLE) /drivers/block/blk-uclass.c: 568 in blk_find_first()
________________________________________________________________________________________________________ *** CID 352461: Control flow issues (UNREACHABLE) /drivers/block/blk-uclass.c: 568 in blk_find_first() 562 int blk_find_first(enum blk_flag_t flags, struct udevice **devp) 563 { 564 int ret; 565 566 for (ret = uclass_find_first_device(UCLASS_BLK, devp); 567 *devp && !blk_flags_check(*devp, flags);
CID 352461: Control flow issues (UNREACHABLE) Since the loop increment "ret = uclass_find_next_devi..." is unreachable, the loop body will never execute more than once.
568 ret = uclass_find_next_device(devp)) 569 return 0; 570 571 return -ENODEV; 572 } 573
** CID 352460: Memory - illegal accesses (RETURN_LOCAL) /drivers/clk/clk_scmi.c: 56 in scmi_clk_get_attibute()
________________________________________________________________________________________________________ *** CID 352460: Memory - illegal accesses (RETURN_LOCAL) /drivers/clk/clk_scmi.c: 56 in scmi_clk_get_attibute() 50 int ret; 51 52 ret = devm_scmi_process_msg(dev, &msg); 53 if (ret) 54 return ret; 55
CID 352460: Memory - illegal accesses (RETURN_LOCAL) Returning, through "*name", the address of stack variable "out".
56 *name = out.clock_name; 57 58 return 0; 59 } 60 61 static int scmi_clk_gate(struct clk *clk, int enable)
** CID 352459: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 5877 in _wrap_fdt_get_name()
________________________________________________________________________________________________________ *** CID 352459: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 5877 in _wrap_fdt_get_name() 5871 arg2 = (int)(val2); 5872 result = (char *)fdt_get_name((void const *)arg1,arg2,arg3); 5873 resultobj = SWIG_FromCharPtr((const char *)result); 5874 if (SWIG_IsTmpObj(res3)) { 5875 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3))); 5876 } else {
CID 352459: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res3 >= 0 && ...".
5877 int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 5878 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags)); 5879 } 5880 return resultobj; 5881 fail: 5882 return NULL;
** CID 352458: Control flow issues (UNREACHABLE) /drivers/block/blk-uclass.c: 580 in blk_find_next()
________________________________________________________________________________________________________ *** CID 352458: Control flow issues (UNREACHABLE) /drivers/block/blk-uclass.c: 580 in blk_find_next() 574 int blk_find_next(enum blk_flag_t flags, struct udevice **devp) 575 { 576 int ret; 577 578 for (ret = uclass_find_next_device(devp); 579 *devp && !blk_flags_check(*devp, flags);
CID 352458: Control flow issues (UNREACHABLE) Since the loop increment "ret = uclass_find_next_devi..." is unreachable, the loop body will never execute more than once.
580 ret = uclass_find_next_device(devp)) 581 return 0; 582 583 return -ENODEV; 584 } 585
** CID 352457: Null pointer dereferences (FORWARD_NULL) /drivers/net/phy/phy.c: 990 in fixed_phy_create()
________________________________________________________________________________________________________ *** CID 352457: Null pointer dereferences (FORWARD_NULL) /drivers/net/phy/phy.c: 990 in fixed_phy_create() 984 } 985 986 phydev = phy_device_create(NULL, 0, PHY_FIXED_ID, false); 987 if (phydev) 988 phydev->node = subnode; 989
CID 352457: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "phydev".
990 phydev->interface = ofnode_read_phy_mode(node); 991 992 return phydev; 993 } 994 995 static struct phy_device *phy_connect_fixed(struct mii_dev *bus,
** CID 352456: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 5996 in _wrap_fdt_get_property_by_offset()
________________________________________________________________________________________________________ *** CID 352456: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 5996 in _wrap_fdt_get_property_by_offset() 5990 resultobj = SWIG_Python_AppendOutput(resultobj, buff); 5991 } 5992 } 5993 if (SWIG_IsTmpObj(res3)) { 5994 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3))); 5995 } else {
CID 352456: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res3 >= 0 && ...".
5996 int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 5997 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags)); 5998 } 5999 return resultobj; 6000 fail: 6001 return NULL;
** CID 352455: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6058 in _wrap_fdt_get_property()
________________________________________________________________________________________________________ *** CID 352455: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6058 in _wrap_fdt_get_property() 6052 resultobj = SWIG_Python_AppendOutput(resultobj, buff); 6053 } 6054 } 6055 if (SWIG_IsTmpObj(res4)) { 6056 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg4))); 6057 } else {
CID 352455: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res4 >= 0 && ...".
6058 int new_flags = SWIG_IsNewObj(res4) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 6059 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg4), SWIGTYPE_p_int, new_flags)); 6060 } 6061 if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); 6062 return resultobj; 6063 fail:
** CID 352454: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6239 in _wrap_fdt_getprop_w()
________________________________________________________________________________________________________ *** CID 352454: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6239 in _wrap_fdt_getprop_w() 6233 arg3 = (char *)(buf3); 6234 result = (void *)fdt_getprop_w(arg1,arg2,(char const *)arg3,arg4); 6235 resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_void, 0 | 0 ); 6236 if (SWIG_IsTmpObj(res4)) { 6237 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg4))); 6238 } else {
CID 352454: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res4 >= 0 && ...".
6239 int new_flags = SWIG_IsNewObj(res4) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 6240 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg4), SWIGTYPE_p_int, new_flags)); 6241 } 6242 if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); 6243 return resultobj; 6244 fail:
** CID 352453: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6122 in _wrap_fdt_get_property_w()
________________________________________________________________________________________________________ *** CID 352453: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6122 in _wrap_fdt_get_property_w() 6116 resultobj = SWIG_Python_AppendOutput(resultobj, buff); 6117 } 6118 } 6119 if (SWIG_IsTmpObj(res4)) { 6120 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg4))); 6121 } else {
CID 352453: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res4 >= 0 && ...".
6122 int new_flags = SWIG_IsNewObj(res4) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 6123 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg4), SWIGTYPE_p_int, new_flags)); 6124 } 6125 if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); 6126 return resultobj; 6127 fail:
** CID 352452: Memory - corruptions (OVERRUN) /fs/erofs/fs.c: 151 in erofs_readdir()
________________________________________________________________________________________________________ *** CID 352452: Memory - corruptions (OVERRUN) /fs/erofs/fs.c: 151 in erofs_readdir() 145 146 de = (struct erofs_dirent *)(dirs->dblk + erofs_blkoff(pos)); 147 nameoff = le16_to_cpu(de->nameoff); 148 de_name = (char *)dirs->dblk + nameoff; 149 150 /* the last dirent in the block? */
CID 352452: Memory - corruptions (OVERRUN) "de + 1" evaluates to an address that is at byte offset 4107 of an array of 4096 bytes.
151 if (de + 1 >= (struct erofs_dirent *)(dirs->dblk + dirs->de_end)) 152 de_namelen = strnlen(de_name, dirs->maxsize - nameoff); 153 else 154 de_namelen = le16_to_cpu(de[1].nameoff) - nameoff; 155 156 /* a corrupted entry is found */
** CID 352451: Control flow issues (DEADCODE) /boot/bootflow.c: 226 in bootflow_check()
________________________________________________________________________________________________________ *** CID 352451: Control flow issues (DEADCODE) /boot/bootflow.c: 226 in bootflow_check() 220 if (iter->flags & BOOTFLOWF_ALL) 221 return log_msg_ret("all", ret); 222 } 223 if (ret) 224 return log_msg_ret("check", ret); 225
CID 352451: Control flow issues (DEADCODE) Execution cannot reach this statement: "return 0;".
226 return 0; 227 } 228 229 int bootflow_scan_bootdev(struct udevice *dev, struct bootflow_iter *iter, 230 int flags, struct bootflow *bflow) 231 {
** CID 352450: (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 352450: (TAINTED_SCALAR) /net/eth_common.c: 129 in eth_set_current() 123 char *ethprime = env_get("ethprime"); 124 void *dev = NULL; 125 126 if (ethprime) 127 dev = eth_get_dev_by_name(ethprime); 128 if (dev)
CID 352450: (TAINTED_SCALAR) Passing tainted expression "*dev->priv_" to "eth_set_dev", which uses it as an offset.
129 eth_set_dev(dev); 130 else 131 eth_set_dev(NULL); 132 } else { 133 eth_set_dev(eth_get_dev_by_name(act)); 134 } /net/eth_common.c: 129 in eth_set_current() 123 char *ethprime = env_get("ethprime"); 124 void *dev = NULL; 125 126 if (ethprime) 127 dev = eth_get_dev_by_name(ethprime); 128 if (dev)
CID 352450: (TAINTED_SCALAR) Passing tainted expression "*dev->parent_priv_" to "eth_set_dev", which uses it as an offset.
129 eth_set_dev(dev); 130 else 131 eth_set_dev(NULL); 132 } else { 133 eth_set_dev(eth_get_dev_by_name(act)); 134 } /net/eth_common.c: 129 in eth_set_current() 123 char *ethprime = env_get("ethprime"); 124 void *dev = NULL; 125 126 if (ethprime) 127 dev = eth_get_dev_by_name(ethprime); 128 if (dev)
CID 352450: (TAINTED_SCALAR) Passing tainted expression "*dev->uclass_priv_" to "eth_set_dev", which uses it as an offset.
129 eth_set_dev(dev); 130 else 131 eth_set_dev(NULL); 132 } else { 133 eth_set_dev(eth_get_dev_by_name(act)); 134 }
** CID 352449: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 5542 in _wrap_fdt_get_string()
________________________________________________________________________________________________________ *** CID 352449: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 5542 in _wrap_fdt_get_string() 5536 arg2 = (int)(val2); 5537 result = (char *)fdt_get_string((void const *)arg1,arg2,arg3); 5538 resultobj = SWIG_FromCharPtr((const char *)result); 5539 if (SWIG_IsTmpObj(res3)) { 5540 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg3))); 5541 } else {
CID 352449: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res3 >= 0 && ...".
5542 int new_flags = SWIG_IsNewObj(res3) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 5543 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg3), SWIGTYPE_p_int, new_flags)); 5544 } 5545 return resultobj; 5546 fail: 5547 return NULL;
** CID 352448: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4291 in _wrap_fdt_property_data_set()
________________________________________________________________________________________________________ *** CID 352448: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4291 in _wrap_fdt_property_data_set() 4285 res2 = SWIG_AsCharArray(swig_obj[1], temp2, 0); 4286 if (!SWIG_IsOK(res2)) { 4287 SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fdt_property_data_set" "', argument " "2"" of type '" "char [0]""'"); 4288 } 4289 arg2 = (char *)(temp2); 4290 if (arg2) memcpy(arg1->data,arg2,0*sizeof(char));
CID 352448: Control flow issues (DEADCODE) Execution cannot reach this statement: "memset(arg1->data, 0, 0UL);".
4291 else memset(arg1->data,0,0*sizeof(char)); 4292 resultobj = SWIG_Py_Void(); 4293 return resultobj; 4294 fail: 4295 return NULL; 4296 }
** CID 352447: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6864 in _wrap_fdt_stringlist_get()
________________________________________________________________________________________________________ *** CID 352447: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6864 in _wrap_fdt_stringlist_get() 6858 arg4 = (int)(val4); 6859 result = (char *)fdt_stringlist_get((void const *)arg1,arg2,(char const *)arg3,arg4,arg5); 6860 resultobj = SWIG_FromCharPtr((const char *)result); 6861 if (SWIG_IsTmpObj(res5)) { 6862 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg5))); 6863 } else {
CID 352447: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res5 >= 0 && ...".
6864 int new_flags = SWIG_IsNewObj(res5) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 6865 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg5), SWIGTYPE_p_int, new_flags)); 6866 } 6867 if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); 6868 return resultobj; 6869 fail:
** CID 352446: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6185 in _wrap_fdt_getprop()
________________________________________________________________________________________________________ *** CID 352446: Control flow issues (DEADCODE) /scripts/dtc/pylibfdt/libfdt_wrap.c: 6185 in _wrap_fdt_getprop() 6179 resultobj = Py_BuildValue("s#", result, *arg4); 6180 #endif 6181 } 6182 if (SWIG_IsTmpObj(res4)) { 6183 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg4))); 6184 } else {
CID 352446: Control flow issues (DEADCODE) Execution cannot reach the expression "new_flags" inside this statement: "new_flags = ((res4 >= 0 && ...".
6185 int new_flags = SWIG_IsNewObj(res4) ? (SWIG_POINTER_OWN | 0 ) : 0 ; 6186 resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg4), SWIGTYPE_p_int, new_flags)); 6187 } 6188 if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); 6189 return resultobj; 6190 fail:
** CID 352445: Memory - illegal accesses (NO_EFFECT) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4030 in _wrap_fdt_node_header_name_set()
________________________________________________________________________________________________________ *** CID 352445: Memory - illegal accesses (NO_EFFECT) /scripts/dtc/pylibfdt/libfdt_wrap.c: 4030 in _wrap_fdt_node_header_name_set() 4024 res2 = SWIG_AsCharArray(swig_obj[1], temp2, 0); 4025 if (!SWIG_IsOK(res2)) { 4026 SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fdt_node_header_name_set" "', argument " "2"" of type '" "char [0]""'"); 4027 } 4028 arg2 = (char *)(temp2); 4029 if (arg2) memcpy(arg1->name,arg2,0*sizeof(char));
CID 352445: Memory - illegal accesses (NO_EFFECT) Calling "memset" with size 0: "memset(arg1->name, 0, 0UL)" does nothing.
4030 else memset(arg1->name,0,0*sizeof(char)); 4031 resultobj = SWIG_Py_Void(); 4032 return resultobj; 4033 fail: 4034 return NULL; 4035 }
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----
participants (1)
-
Tom Rini