[scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]
----- Forwarded message from scan-admin@coverity.com -----
Date: Mon, 01 Feb 2021 16:18:03 +0000 (UTC) From: scan-admin@coverity.com To: tom.rini@gmail.com Subject: New Defects reported by Coverity Scan for Das U-Boot
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 new defect(s) introduced to Das U-Boot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s)
** CID 317953: (OVERRUN) /drivers/misc/cros_ec_sandbox.c: 536 in process_cmd() /drivers/misc/cros_ec_sandbox.c: 548 in process_cmd()
________________________________________________________________________________________________________ *** CID 317953: (OVERRUN) /drivers/misc/cros_ec_sandbox.c: 536 in process_cmd() 530 const struct ec_params_vstore_write *req = req_data; 531 struct vstore_slot *slot; 532 533 if (req->slot >= EC_VSTORE_SLOT_MAX) 534 return -EINVAL; 535 slot = &ec->slot[req->slot];
CID 317953: (OVERRUN) Overrunning array of 260 bytes at byte offset 2015 by dereferencing pointer "slot".
536 slot->locked = true; 537 memcpy(slot->data, req->data, EC_VSTORE_SLOT_SIZE); 538 len = 0; 539 break; 540 } 541 case EC_CMD_VSTORE_READ: { /drivers/misc/cros_ec_sandbox.c: 548 in process_cmd() 542 const struct ec_params_vstore_read *req = req_data; 543 struct ec_response_vstore_read *resp = resp_data; 544 struct vstore_slot *slot; 545 546 if (req->slot >= EC_VSTORE_SLOT_MAX) 547 return -EINVAL;
CID 317953: (OVERRUN) "&ec->slot[req->slot]" evaluates to an address that is at byte offset 2015 of an array of 260 bytes.
548 slot = &ec->slot[req->slot]; 549 memcpy(resp->data, slot->data, EC_VSTORE_SLOT_SIZE); 550 len = sizeof(*resp); 551 break; 552 } 553 default:
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
To manage Coverity Scan email notifications for "tom.rini@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0...
----- End forwarded message -----
participants (1)
-
Tom Rini