[scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]
Hey all,
Here's the latest report.
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 30 Aug 2021 16:58:54 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write()
________________________________________________________________________________________________________ *** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write() 612 613 if (is_sparse_image(download_buffer)) { 614 struct fb_mmc_sparse sparse_priv; 615 struct sparse_storage sparse; 616 int err; 617
CID 338648: Memory - illegal accesses (UNINIT) Using uninitialized value "dev_desc".
618 sparse_priv.dev_desc = dev_desc; 619 620 sparse.blksz = info.blksz; 621 sparse.start = info.start; 622 sparse.size = info.size; 623 sparse.write = fb_mmc_sparse_write;
** CID 338647: Integer handling issues (DIVIDE_BY_ZERO)
________________________________________________________________________________________________________ *** CID 338647: Integer handling issues (DIVIDE_BY_ZERO) /drivers/fastboot/fb_mmc.c: 631 in fastboot_mmc_flash_write() 625 sparse.mssg = fastboot_fail; 626 627 printf("Flashing sparse image at offset " LBAFU "\n", 628 sparse.start); 629 630 sparse.priv = &sparse_priv;
CID 338647: Integer handling issues (DIVIDE_BY_ZERO) In function call "write_sparse_image", division by expression "sparse.blksz" which may be zero has undefined behavior.
631 err = write_sparse_image(&sparse, cmd, download_buffer, 632 response); 633 if (!err) 634 fastboot_okay(NULL, response); 635 } else { 636 write_raw_image(dev_desc, &info, cmd, download_buffer,
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----
I will take a look on it?
30.08.21 20:39, Tom Rini пише:
Hey all,
Here's the latest report.
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 30 Aug 2021 16:58:54 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write()
*** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write() 612 613 if (is_sparse_image(download_buffer)) { 614 struct fb_mmc_sparse sparse_priv; 615 struct sparse_storage sparse; 616 int err; 617
CID 338648: Memory - illegal accesses (UNINIT) Using uninitialized value "dev_desc".618 sparse_priv.dev_desc = dev_desc; 619 620 sparse.blksz = info.blksz; 621 sparse.start = info.start; 622 sparse.size = info.size; 623 sparse.write = fb_mmc_sparse_write;
** CID 338647: Integer handling issues (DIVIDE_BY_ZERO)
*** CID 338647: Integer handling issues (DIVIDE_BY_ZERO) /drivers/fastboot/fb_mmc.c: 631 in fastboot_mmc_flash_write() 625 sparse.mssg = fastboot_fail; 626 627 printf("Flashing sparse image at offset " LBAFU "\n", 628 sparse.start); 629 630 sparse.priv = &sparse_priv;
CID 338647: Integer handling issues (DIVIDE_BY_ZERO) In function call "write_sparse_image", division by expression "sparse.blksz" which may be zero has undefined behavior.631 err = write_sparse_image(&sparse, cmd, download_buffer, 632 response); 633 if (!err) 634 fastboot_okay(NULL, response); 635 } else { 636 write_raw_image(dev_desc, &info, cmd, download_buffer,
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----
Hello Tom!
Looks like it a false positive detection. info and dev_desc are validated in few lines above:
609 | if (!info.name[0] && 610 | fastboot_mmc_get_part_info(cmd, &dev_desc, &info, response) < 0) 611 | return;
30.08.21 20:39, Tom Rini пише:
Hey all,
Here's the latest report.
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 30 Aug 2021 16:58:54 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write()
*** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write() 612 613 if (is_sparse_image(download_buffer)) { 614 struct fb_mmc_sparse sparse_priv; 615 struct sparse_storage sparse; 616 int err; 617
CID 338648: Memory - illegal accesses (UNINIT) Using uninitialized value "dev_desc".618 sparse_priv.dev_desc = dev_desc; 619 620 sparse.blksz = info.blksz; 621 sparse.start = info.start; 622 sparse.size = info.size; 623 sparse.write = fb_mmc_sparse_write;
** CID 338647: Integer handling issues (DIVIDE_BY_ZERO)
*** CID 338647: Integer handling issues (DIVIDE_BY_ZERO) /drivers/fastboot/fb_mmc.c: 631 in fastboot_mmc_flash_write() 625 sparse.mssg = fastboot_fail; 626 627 printf("Flashing sparse image at offset " LBAFU "\n", 628 sparse.start); 629 630 sparse.priv = &sparse_priv;
CID 338647: Integer handling issues (DIVIDE_BY_ZERO) In function call "write_sparse_image", division by expression "sparse.blksz" which may be zero has undefined behavior.631 err = write_sparse_image(&sparse, cmd, download_buffer, 632 response); 633 if (!err) 634 fastboot_okay(NULL, response); 635 } else { 636 write_raw_image(dev_desc, &info, cmd, download_buffer,
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----
On Mon, Sep 06, 2021 at 05:05:40PM +0300, Oleh Kravchenko wrote:
Hello Tom!
Looks like it a false positive detection. info and dev_desc are validated in few lines above:
609 | if (!info.name[0] && 610 | fastboot_mmc_get_part_info(cmd, &dev_desc, &info, response) < 0) 611 | return;
Thanks for reviewing! I've updated the CIDs.
30.08.21 20:39, Tom Rini пише:
Hey all,
Here's the latest report.
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 30 Aug 2021 16:58:54 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write()
*** CID 338648: Memory - illegal accesses (UNINIT) /drivers/fastboot/fb_mmc.c: 618 in fastboot_mmc_flash_write() 612 613 if (is_sparse_image(download_buffer)) { 614 struct fb_mmc_sparse sparse_priv; 615 struct sparse_storage sparse; 616 int err; 617
CID 338648: Memory - illegal accesses (UNINIT) Using uninitialized value "dev_desc".618 sparse_priv.dev_desc = dev_desc; 619 620 sparse.blksz = info.blksz; 621 sparse.start = info.start; 622 sparse.size = info.size; 623 sparse.write = fb_mmc_sparse_write;
** CID 338647: Integer handling issues (DIVIDE_BY_ZERO)
*** CID 338647: Integer handling issues (DIVIDE_BY_ZERO) /drivers/fastboot/fb_mmc.c: 631 in fastboot_mmc_flash_write() 625 sparse.mssg = fastboot_fail; 626 627 printf("Flashing sparse image at offset " LBAFU "\n", 628 sparse.start); 629 630 sparse.priv = &sparse_priv;
CID 338647: Integer handling issues (DIVIDE_BY_ZERO) In function call "write_sparse_image", division by expression "sparse.blksz" which may be zero has undefined behavior.631 err = write_sparse_image(&sparse, cmd, download_buffer, 632 response); 633 if (!err) 634 fastboot_okay(NULL, response); 635 } else { 636 write_raw_image(dev_desc, &info, cmd, download_buffer,
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----
participants (2)
-
Oleh Kravchenko -
Tom Rini