[tom.rini@gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]
A bit behind on forwarding these along.
----- Forwarded message from Tom Rini tom.rini@gmail.com -----
Date: Wed, 24 Aug 2022 07:38:46 -0400 From: Tom Rini tom.rini@gmail.com To: trini@konsulko.com Subject: Fwd: New Defects reported by Coverity Scan for Das U-Boot
---------- Forwarded message --------- From: scan-admin@coverity.com Date: Mon, Aug 8, 2022 at 8:51 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: tom.rini@gmail.com
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
6 new defect(s) introduced to Das U-Boot found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s)
** CID 355771: (PRINTF_ARGS)
________________________________________________________________________________________________________ *** CID 355771: (PRINTF_ARGS) /test/cmd/fdt.c: 72 in fdt_test_addr() 66 ut_assertok(run_command("fdt addr", 0)); 67 ut_assert_nextline("Working fdt: %08lx", (ulong)map_to_sysmem(fdt)); 68 ut_assertok(ut_check_console_end(uts)); 69 70 /* Set the working FDT */ 71 set_working_fdt_addr(0);
CID 355771: (PRINTF_ARGS) Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
72 ut_assertok(run_commandf("fdt addr %08x", addr)); 73 ut_asserteq(addr, map_to_sysmem(working_fdt)); 74 ut_assertok(ut_check_console_end(uts)); 75 set_working_fdt_addr(0); 76 77 /* Set the working FDT */ /test/cmd/fdt.c: 89 in fdt_test_addr() 83 ut_assertok(ret); 84 ut_asserteq(addr, map_to_sysmem(new_fdt)); 85 ut_assertok(ut_check_console_end(uts)); 86 87 /* Test setting an invalid FDT */ 88 fdt[0] = 123;
CID 355771: (PRINTF_ARGS) Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
89 ut_asserteq(1, run_commandf("fdt addr %08x", addr)); 90 ut_assert_nextline("libfdt fdt_check_header(): FDT_ERR_BADMAGIC"); 91 ut_assertok(ut_check_console_end(uts)); 92 93 /* Test detecting an invalid FDT */ 94 fdt[0] = 123; /test/cmd/fdt.c: 80 in fdt_test_addr() 74 ut_assertok(ut_check_console_end(uts)); 75 set_working_fdt_addr(0); 76 77 /* Set the working FDT */ 78 fdt_blob = gd->fdt_blob; 79 gd->fdt_blob = NULL;
CID 355771: (PRINTF_ARGS) Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
80 ret = run_commandf("fdt addr -c %08x", addr); 81 new_fdt = gd->fdt_blob; 82 gd->fdt_blob = fdt_blob; 83 ut_assertok(ret); 84 ut_asserteq(addr, map_to_sysmem(new_fdt)); 85 ut_assertok(ut_check_console_end(uts));
** CID 355770: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 355770: Insecure data handling (TAINTED_SCALAR) /test/cmd/fdt.c: 37 in make_test_fdt() 31 static int make_test_fdt(struct unit_test_state *uts, void *fdt, int size) 32 { 33 ut_assertok(fdt_create(fdt, size)); 34 ut_assertok(fdt_finish_reservemap(fdt)); 35 ut_assert(fdt_begin_node(fdt, "") >= 0); 36 ut_assertok(fdt_end_node(fdt));
CID 355770: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
37 ut_assertok(fdt_finish(fdt)); 38 39 return 0; 40 } 41 42 /* Test 'fdt addr' getting/setting address */
** CID 355769: (PRINTF_ARGS)
________________________________________________________________________________________________________ *** CID 355769: (PRINTF_ARGS) /test/cmd/fdt.c: 121 in fdt_test_resize() 115 /* Test setting and resizing the working FDT to a larger size */ 116 ut_assertok(console_record_reset_enable()); 117 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize)); 118 ut_assertok(ut_check_console_end(uts)); 119 120 /* Try shrinking it */
CID 355769: (PRINTF_ARGS) Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
121 ut_assertok(run_commandf("fdt addr %08x %x", addr, sizeof(fdt) / 4)); 122 ut_assert_nextline("New length %d < existing length %d, ignoring", 123 (int)sizeof(fdt) / 4, newsize); 124 ut_assertok(ut_check_console_end(uts)); 125 126 /* ...quietly */ /test/cmd/fdt.c: 127 in fdt_test_resize() 121 ut_assertok(run_commandf("fdt addr %08x %x", addr, sizeof(fdt) / 4)); 122 ut_assert_nextline("New length %d < existing length %d, ignoring", 123 (int)sizeof(fdt) / 4, newsize); 124 ut_assertok(ut_check_console_end(uts)); 125 126 /* ...quietly */
CID 355769: (PRINTF_ARGS) Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
127 ut_assertok(run_commandf("fdt addr -q %08x %x", addr, sizeof(fdt) / 4)); 128 ut_assertok(ut_check_console_end(uts)); 129 130 /* We cannot easily provoke errors in fdt_open_into(), so ignore that */ 131 132 return 0; /test/cmd/fdt.c: 117 in fdt_test_resize() 111 ut_assertok(make_test_fdt(uts, fdt, sizeof(fdt))); 112 addr = map_to_sysmem(fdt); 113 set_working_fdt_addr(addr); 114 115 /* Test setting and resizing the working FDT to a larger size */ 116 ut_assertok(console_record_reset_enable());
CID 355769: (PRINTF_ARGS) Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
117 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize)); 118 ut_assertok(ut_check_console_end(uts)); 119 120 /* Try shrinking it */ 121 ut_assertok(run_commandf("fdt addr %08x %x", addr, sizeof(fdt) / 4)); 122 ut_assert_nextline("New length %d < existing length %d, ignoring",
** CID 355768: Memory - illegal accesses (UNINIT) /drivers/core/lists.c: 252 in lists_bind_fdt()
________________________________________________________________________________________________________ *** CID 355768: Memory - illegal accesses (UNINIT) /drivers/core/lists.c: 252 in lists_bind_fdt() 246 } 247 248 if (entry->of_match) 249 log_debug(" - found match at '%s': '%s' matches '%s'\n", 250 entry->name, entry->of_match->compatible, 251 id->compatible);
CID 355768: Memory - illegal accesses (UNINIT) Using uninitialized value "id".
252 ret = device_bind_with_driver_data(parent, entry, name, 253 id->data, node, &dev); 254 if (ret == -ENODEV) { 255 log_debug("Driver '%s' refuses to bind\n", entry->name); 256 continue; 257 }
** CID 355767: (OVERRUN) /lib/addr_map.c: 66 in addrmap_set_entry() /lib/addr_map.c: 67 in addrmap_set_entry() /lib/addr_map.c: 65 in addrmap_set_entry()
________________________________________________________________________________________________________ *** CID 355767: (OVERRUN) /lib/addr_map.c: 66 in addrmap_set_entry() 60 phys_size_t size, int idx) 61 { 62 if (idx > CONFIG_SYS_NUM_ADDR_MAP) 63 return; 64 65 address_map[idx].vaddr = vaddr;
CID 355767: (OVERRUN) Overrunning array "address_map" of 16 16-byte elements at element index 16 (byte offset 271) using index "idx" (which evaluates to 16).
66 address_map[idx].paddr = paddr; 67 address_map[idx].size = size; /lib/addr_map.c: 67 in addrmap_set_entry() 61 { 62 if (idx > CONFIG_SYS_NUM_ADDR_MAP) 63 return; 64 65 address_map[idx].vaddr = vaddr; 66 address_map[idx].paddr = paddr;
CID 355767: (OVERRUN) Overrunning array "address_map" of 16 16-byte elements at element index 16 (byte offset 271) using index "idx" (which evaluates to 16).
67 address_map[idx].size = size; /lib/addr_map.c: 65 in addrmap_set_entry() 59 void addrmap_set_entry(unsigned long vaddr, phys_addr_t paddr, 60 phys_size_t size, int idx) 61 { 62 if (idx > CONFIG_SYS_NUM_ADDR_MAP) 63 return; 64
CID 355767: (OVERRUN) Overrunning array "address_map" of 16 16-byte elements at element index 16 (byte offset 271) using index "idx" (which evaluates to 16).
65 address_map[idx].vaddr = vaddr; 66 address_map[idx].paddr = paddr; 67 address_map[idx].size = size;
** CID 355766: (PRINTF_ARGS)
________________________________________________________________________________________________________ *** CID 355766: (PRINTF_ARGS) /test/cmd/fdt.c: 121 in fdt_test_resize() 115 /* Test setting and resizing the working FDT to a larger size */ 116 ut_assertok(console_record_reset_enable()); 117 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize)); 118 ut_assertok(ut_check_console_end(uts)); 119 120 /* Try shrinking it */
CID 355766: (PRINTF_ARGS) Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
121 ut_assertok(run_commandf("fdt addr %08x %x", addr, sizeof(fdt) / 4)); 122 ut_assert_nextline("New length %d < existing length %d, ignoring", 123 (int)sizeof(fdt) / 4, newsize); 124 ut_assertok(ut_check_console_end(uts)); 125 126 /* ...quietly */ /test/cmd/fdt.c: 127 in fdt_test_resize() 121 ut_assertok(run_commandf("fdt addr %08x %x", addr, sizeof(fdt) / 4)); 122 ut_assert_nextline("New length %d < existing length %d, ignoring", 123 (int)sizeof(fdt) / 4, newsize); 124 ut_assertok(ut_check_console_end(uts)); 125 126 /* ...quietly */
CID 355766: (PRINTF_ARGS) Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
127 ut_assertok(run_commandf("fdt addr -q %08x %x", addr, sizeof(fdt) / 4)); 128 ut_assertok(ut_check_console_end(uts)); 129 130 /* We cannot easily provoke errors in fdt_open_into(), so ignore that */ 131 132 return 0;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
participants (1)
-
Tom Rini