[scan-admin at coverity.com: New Defects reported by Coverity Scan for Das U-Boot]

Tom Rini trini at konsulko.com
Mon Feb 1 20:51:07 CET 2021 

----- Forwarded message from scan-admin at coverity.com -----

Date: Mon, 01 Feb 2021 16:18:03 +0000 (UTC)
From: scan-admin at coverity.com
To: tom.rini at gmail.com
Subject: New Defects reported by Coverity Scan for Das U-Boot

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.

1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 317953:    (OVERRUN)
/drivers/misc/cros_ec_sandbox.c: 536 in process_cmd()
/drivers/misc/cros_ec_sandbox.c: 548 in process_cmd()


________________________________________________________________________________________________________
*** CID 317953:    (OVERRUN)
/drivers/misc/cros_ec_sandbox.c: 536 in process_cmd()
530     		const struct ec_params_vstore_write *req = req_data;
531     		struct vstore_slot *slot;
532     
533     		if (req->slot >= EC_VSTORE_SLOT_MAX)
534     			return -EINVAL;
535     		slot = &ec->slot[req->slot];
>>>     CID 317953:    (OVERRUN)
>>>     Overrunning array of 260 bytes at byte offset 2015 by dereferencing pointer "slot".
536     		slot->locked = true;
537     		memcpy(slot->data, req->data, EC_VSTORE_SLOT_SIZE);
538     		len = 0;
539     		break;
540     	}
541     	case EC_CMD_VSTORE_READ: {
/drivers/misc/cros_ec_sandbox.c: 548 in process_cmd()
542     		const struct ec_params_vstore_read *req = req_data;
543     		struct ec_response_vstore_read *resp = resp_data;
544     		struct vstore_slot *slot;
545     
546     		if (req->slot >= EC_VSTORE_SLOT_MAX)
547     			return -EINVAL;
>>>     CID 317953:    (OVERRUN)
>>>     "&ec->slot[req->slot]" evaluates to an address that is at byte offset 2015 of an array of 260 bytes.
548     		slot = &ec->slot[req->slot];
549     		memcpy(resp->data, slot->data, EC_VSTORE_SLOT_SIZE);
550     		len = sizeof(*resp);
551     		break;
552     	}
553     	default:


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3Djsgx_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTvw0i-2BZeaG2NwneHBLdclGj0dZxktyUtICgF-2Bw8qb-2FneqjEmvbgwhNvmXz70TzQRWpHGC1GPOtnJwuV-2FckrA-2BZiBdaNnl8UUpJ7kZhxZQ8SEHToTVO0UrgPu4MRukOIBHhlfE0M0ylVZGm578kgQu1oUY7oQY10WypcgJYSRFzSXsa60oObHMkzy4DPrA9sxlM-3D

  To manage Coverity Scan email notifications for "tom.rini at gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFw4elYDyedRVZOC-2ButxjBZdouVmTGuWB6Aj6G7lm7t25-2Biv1B-2B9082pHzCCex2kqMs-3D-7XA_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTvw0i-2BZeaG2NwneHBLdclGj20f9M5rwX45j1npE5NazJWu81Awx8InXRPGu6jHKeg-2FiGihplqmlvrD2TJCzaX2RMUSTw1UsD73k4c-2BNmtoo4gnEa-2F9ofAHPE-2FZkYpp20hp5GosFa8Ui3NxsPSg45ev6lLxbCss-2FNUAnPCCwc-2BAHBiJS-2FlnTcurE6JsyCKtYop8-3D


----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210201/43ae6d74/attachment-0001.sig>

More information about the U-Boot mailing list