Fwd: New Defects reported by Coverity Scan for Das U-Boot
Here's the latest report.
---------- Forwarded message --------- From: scan-admin@coverity.com Date: Mon, Jan 29, 2024 at 6:51 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: tom.rini@gmail.com
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 new defect(s) introduced to Das U-Boot found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s)
** CID 480240: Insecure data handling (TAINTED_SCALAR) /cmd/efidebug.c: 192 in do_efi_capsule_esrt()
________________________________________________________________________________________________________ *** CID 480240: Insecure data handling (TAINTED_SCALAR) /cmd/efidebug.c: 192 in do_efi_capsule_esrt() 186 187 printf("========================================\n"); 188 printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count); 189 printf("ESRT: fw_resource_count_max=%d\n", esrt->fw_resource_count_max); 190 printf("ESRT: fw_resource_version=%lld\n", esrt->fw_resource_version); 191
CID 480240: Insecure data handling (TAINTED_SCALAR) Using tainted variable "esrt->fw_resource_count" as a loop boundary.
192 for (int idx = 0; idx < esrt->fw_resource_count; idx++) { 193 printf("[entry %d]==============================\n", idx); 194 printf("ESRT: fw_class=%pUL\n", &esrt->entries[idx].fw_class); 195 printf("ESRT: fw_type=%s\n", EFI_FW_TYPE_STR_GET(esrt->entries[idx].fw_type)); 196 printf("ESRT: fw_version=%d\n", esrt->entries[idx].fw_version); 197 printf("ESRT: lowest_supported_fw_version=%d\n",
----- End forwarded message -----
On 1/30/24 00:55, Tom Rini wrote:
Here's the latest report.
---------- Forwarded message --------- From: scan-admin@coverity.com Date: Mon, Jan 29, 2024 at 6:51 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: tom.rini@gmail.com
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 new defect(s) introduced to Das U-Boot found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s)
** CID 480240: Insecure data handling (TAINTED_SCALAR) /cmd/efidebug.c: 192 in do_efi_capsule_esrt()
*** CID 480240: Insecure data handling (TAINTED_SCALAR) /cmd/efidebug.c: 192 in do_efi_capsule_esrt() 186 187 printf("========================================\n"); 188 printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count); 189 printf("ESRT: fw_resource_count_max=%d\n", esrt->fw_resource_count_max); 190 printf("ESRT: fw_resource_version=%lld\n", esrt->fw_resource_version); 191
CID 480240: Insecure data handling (TAINTED_SCALAR) Using tainted variable "esrt->fw_resource_count" as a loop boundary.192 for (int idx = 0; idx < esrt->fw_resource_count; idx++) { 193 printf("[entry %d]==============================\n", idx); 194 printf("ESRT: fw_class=%pUL\n", &esrt->entries[idx].fw_class); 195 printf("ESRT: fw_type=%s\n", EFI_FW_TYPE_STR_GET(esrt->entries[idx].fw_type)); 196 printf("ESRT: fw_version=%d\n", esrt->entries[idx].fw_version); 197 printf("ESRT: lowest_supported_fw_version=%d\n",
----- End forwarded message -----
Coverity sees any conversion from void * as a hint to tainted data. The ESRT might be manipulated by some EFI app but we want to display it. So I marked this Coverity issue as intentional.
Best regards
Heinrich
participants (2)
-
Heinrich Schuchardt -
Tom Rini