[scan-admin at coverity.com: New Defects reported by Coverity Scan for Das U-Boot]

Tom Rini trini at konsulko.com
Mon Nov 15 19:02:33 CET 2021


Now I'm not 100% sure if this is actually new or due to the code moving,
since there's a new helper function involved, and I also know I had to
hand-merge this section due to the zboot related changes.

----- Forwarded message from scan-admin at coverity.com -----

Date: Mon, 15 Nov 2021 17:10:36 +0000 (UTC)
From: scan-admin at coverity.com
To: tom.rini at gmail.com
Subject: New Defects reported by Coverity Scan for Das U-Boot

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.

1 new defect(s) introduced to Das U-Boot found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 131256:  Security best practices violations  (STRING_OVERFLOW)
/boot/pxe_utils.c: 468 in label_boot()


________________________________________________________________________________________________________
*** CID 131256:  Security best practices violations  (STRING_OVERFLOW)
/boot/pxe_utils.c: 468 in label_boot()
462     			printf("Skipping %s for failure retrieving initrd\n",
463     			       label->name);
464     			return 1;
465     		}
466     
467     		initrd_addr_str = env_get("ramdisk_addr_r");
>>>     CID 131256:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 10-character fixed-size string "initrd_filesize" by copying the return value of "simple_xtoa" without checking the length.
468     		strcpy(initrd_filesize, simple_xtoa(size));
469     
470     		strncpy(initrd_str, initrd_addr_str, 18);
471     		strcat(initrd_str, ":");
472     		strncat(initrd_str, initrd_filesize, 9);
473     	}


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3DqDBS_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTs3WaBv80RE1DzruJJZi6BnrEYmnrpcEhMD7i6Nn71mQEiN89q-2B05dnIrl-2F-2FLg-2FyyKhNlhf8f6j98klrBBZkTjKpvVHRnkKQV4P8RJHrC-2FTlH-2FnR3hd-2B-2FB4Xs9jPdh0o38re9-2FCcUQKHUJRCJuEiM0XGs5hL9sNTUyuPqeCqFN29A-3D-3D

  To manage Coverity Scan email notifications for "tom.rini at gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFw4elYDyedRVZOC-2ButxjBZdouVmTGuWB6Aj6G7lm7t25-2Biv1B-2B9082pHzCCex2kqMs-3DijCU_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTs3WaBv80RE1DzruJJZi6BnLcSIt4qRszMu8-2Fc6KHwE4eIspInu-2BW-2BBj23zAvCJHJy3kqoIbz4ydm6YAo63IB6MH66h52-2BUSdSSZFOCcaOcTEKYnCZ7XyrLuHLqrOy9IJQ0bUxbb-2F7xYHStimToW4RrC0VtoGZ4LNyOVS-2FVJOdQaw-3D-3D


----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20211115/0b048aa9/attachment.sig>


More information about the U-Boot mailing list