[tom.rini at gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]
Tom Rini
trini at konsulko.com
Wed Aug 24 13:40:00 CEST 2022
A bit behind on forwarding these along.
----- Forwarded message from Tom Rini <tom.rini at gmail.com> -----
Date: Wed, 24 Aug 2022 07:38:46 -0400
From: Tom Rini <tom.rini at gmail.com>
To: trini at konsulko.com
Subject: Fwd: New Defects reported by Coverity Scan for Das U-Boot
---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Aug 8, 2022 at 8:51 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.
6 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 355771: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 355771: (PRINTF_ARGS)
/test/cmd/fdt.c: 72 in fdt_test_addr()
66 ut_assertok(run_command("fdt addr", 0));
67 ut_assert_nextline("Working fdt: %08lx", (ulong)map_to_sysmem(fdt));
68 ut_assertok(ut_check_console_end(uts));
69
70 /* Set the working FDT */
71 set_working_fdt_addr(0);
>>> CID 355771: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
72 ut_assertok(run_commandf("fdt addr %08x", addr));
73 ut_asserteq(addr, map_to_sysmem(working_fdt));
74 ut_assertok(ut_check_console_end(uts));
75 set_working_fdt_addr(0);
76
77 /* Set the working FDT */
/test/cmd/fdt.c: 89 in fdt_test_addr()
83 ut_assertok(ret);
84 ut_asserteq(addr, map_to_sysmem(new_fdt));
85 ut_assertok(ut_check_console_end(uts));
86
87 /* Test setting an invalid FDT */
88 fdt[0] = 123;
>>> CID 355771: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
89 ut_asserteq(1, run_commandf("fdt addr %08x", addr));
90 ut_assert_nextline("libfdt fdt_check_header(): FDT_ERR_BADMAGIC");
91 ut_assertok(ut_check_console_end(uts));
92
93 /* Test detecting an invalid FDT */
94 fdt[0] = 123;
/test/cmd/fdt.c: 80 in fdt_test_addr()
74 ut_assertok(ut_check_console_end(uts));
75 set_working_fdt_addr(0);
76
77 /* Set the working FDT */
78 fdt_blob = gd->fdt_blob;
79 gd->fdt_blob = NULL;
>>> CID 355771: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
80 ret = run_commandf("fdt addr -c %08x", addr);
81 new_fdt = gd->fdt_blob;
82 gd->fdt_blob = fdt_blob;
83 ut_assertok(ret);
84 ut_asserteq(addr, map_to_sysmem(new_fdt));
85 ut_assertok(ut_check_console_end(uts));
** CID 355770: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 355770: Insecure data handling (TAINTED_SCALAR)
/test/cmd/fdt.c: 37 in make_test_fdt()
31 static int make_test_fdt(struct unit_test_state *uts, void
*fdt, int size)
32 {
33 ut_assertok(fdt_create(fdt, size));
34 ut_assertok(fdt_finish_reservemap(fdt));
35 ut_assert(fdt_begin_node(fdt, "") >= 0);
36 ut_assertok(fdt_end_node(fdt));
>>> CID 355770: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
37 ut_assertok(fdt_finish(fdt));
38
39 return 0;
40 }
41
42 /* Test 'fdt addr' getting/setting address */
** CID 355769: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 355769: (PRINTF_ARGS)
/test/cmd/fdt.c: 121 in fdt_test_resize()
115 /* Test setting and resizing the working FDT to a larger size */
116 ut_assertok(console_record_reset_enable());
117 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
118 ut_assertok(ut_check_console_end(uts));
119
120 /* Try shrinking it */
>>> CID 355769: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
121 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
122 ut_assert_nextline("New length %d < existing length
%d, ignoring",
123 (int)sizeof(fdt) / 4, newsize);
124 ut_assertok(ut_check_console_end(uts));
125
126 /* ...quietly */
/test/cmd/fdt.c: 127 in fdt_test_resize()
121 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
122 ut_assert_nextline("New length %d < existing length
%d, ignoring",
123 (int)sizeof(fdt) / 4, newsize);
124 ut_assertok(ut_check_console_end(uts));
125
126 /* ...quietly */
>>> CID 355769: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
127 ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
128 ut_assertok(ut_check_console_end(uts));
129
130 /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
131
132 return 0;
/test/cmd/fdt.c: 117 in fdt_test_resize()
111 ut_assertok(make_test_fdt(uts, fdt, sizeof(fdt)));
112 addr = map_to_sysmem(fdt);
113 set_working_fdt_addr(addr);
114
115 /* Test setting and resizing the working FDT to a larger size */
116 ut_assertok(console_record_reset_enable());
>>> CID 355769: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
117 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
118 ut_assertok(ut_check_console_end(uts));
119
120 /* Try shrinking it */
121 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
122 ut_assert_nextline("New length %d < existing length
%d, ignoring",
** CID 355768: Memory - illegal accesses (UNINIT)
/drivers/core/lists.c: 252 in lists_bind_fdt()
________________________________________________________________________________________________________
*** CID 355768: Memory - illegal accesses (UNINIT)
/drivers/core/lists.c: 252 in lists_bind_fdt()
246 }
247
248 if (entry->of_match)
249 log_debug(" - found match at '%s':
'%s' matches '%s'\n",
250 entry->name,
entry->of_match->compatible,
251 id->compatible);
>>> CID 355768: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "id".
252 ret = device_bind_with_driver_data(parent, entry, name,
253 id->data,
node, &dev);
254 if (ret == -ENODEV) {
255 log_debug("Driver '%s' refuses to
bind\n", entry->name);
256 continue;
257 }
** CID 355767: (OVERRUN)
/lib/addr_map.c: 66 in addrmap_set_entry()
/lib/addr_map.c: 67 in addrmap_set_entry()
/lib/addr_map.c: 65 in addrmap_set_entry()
________________________________________________________________________________________________________
*** CID 355767: (OVERRUN)
/lib/addr_map.c: 66 in addrmap_set_entry()
60 phys_size_t size, int idx)
61 {
62 if (idx > CONFIG_SYS_NUM_ADDR_MAP)
63 return;
64
65 address_map[idx].vaddr = vaddr;
>>> CID 355767: (OVERRUN)
>>> Overrunning array "address_map" of 16 16-byte elements at element index 16 (byte offset 271) using index "idx" (which evaluates to 16).
66 address_map[idx].paddr = paddr;
67 address_map[idx].size = size;
/lib/addr_map.c: 67 in addrmap_set_entry()
61 {
62 if (idx > CONFIG_SYS_NUM_ADDR_MAP)
63 return;
64
65 address_map[idx].vaddr = vaddr;
66 address_map[idx].paddr = paddr;
>>> CID 355767: (OVERRUN)
>>> Overrunning array "address_map" of 16 16-byte elements at element index 16 (byte offset 271) using index "idx" (which evaluates to 16).
67 address_map[idx].size = size;
/lib/addr_map.c: 65 in addrmap_set_entry()
59 void addrmap_set_entry(unsigned long vaddr, phys_addr_t paddr,
60 phys_size_t size, int idx)
61 {
62 if (idx > CONFIG_SYS_NUM_ADDR_MAP)
63 return;
64
>>> CID 355767: (OVERRUN)
>>> Overrunning array "address_map" of 16 16-byte elements at element index 16 (byte offset 271) using index "idx" (which evaluates to 16).
65 address_map[idx].vaddr = vaddr;
66 address_map[idx].paddr = paddr;
67 address_map[idx].size = size;
** CID 355766: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 355766: (PRINTF_ARGS)
/test/cmd/fdt.c: 121 in fdt_test_resize()
115 /* Test setting and resizing the working FDT to a larger size */
116 ut_assertok(console_record_reset_enable());
117 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
118 ut_assertok(ut_check_console_end(uts));
119
120 /* Try shrinking it */
>>> CID 355766: (PRINTF_ARGS)
>>> Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
121 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
122 ut_assert_nextline("New length %d < existing length
%d, ignoring",
123 (int)sizeof(fdt) / 4, newsize);
124 ut_assertok(ut_check_console_end(uts));
125
126 /* ...quietly */
/test/cmd/fdt.c: 127 in fdt_test_resize()
121 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
122 ut_assert_nextline("New length %d < existing length
%d, ignoring",
123 (int)sizeof(fdt) / 4, newsize);
124 ut_assertok(ut_check_console_end(uts));
125
126 /* ...quietly */
>>> CID 355766: (PRINTF_ARGS)
>>> Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
127 ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
128 ut_assertok(ut_check_console_end(uts));
129
130 /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
131
132 return 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3DqIQf_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTsut95EuJ1dF4QhvWDPMPg-2FzMzS9KRhGAV1f-2FUmmbNbALbLgedwSxyHFzv40zBZbQ-2BXdxVQrhyzuPqo1U5lwMDREo6ylUvUQ2f0J7eVecTS1Gig-2FQwwd7N1OvprpUa-2BpHy38-2BCNKgrt9q-2Fn03k8f5ttSRxORtyDMKSuD38GNNRlqw-3D-3D
To manage Coverity Scan email notifications for
"tom.rini at gmail.com", click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFzf226DuRd-2B2ygQlLnerl-2BA3jN1AOYejXZ-2FNZ62waJHedPFGpqqjTx8fawy9KPJBno-3DnIoA_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTsut95EuJ1dF4QhvWDPMPg-2FMDA5j8o4o-2Bl7QSWv-2Fdquz5Ay0IUrCqd-2B1tBatlmw-2Bk6r7mDQmU6vjrCmsI0TrpSErVm17PM3p-2FVCVAk8-2FYnP-2B4Nf-2F0gam9xYjGZmoklMOMo7wgiMoo2HKgeyxJ3k66OEFYIC-2BDgf2IdTUhB-2FuHnR4A-3D-3D
--
Tom
----- End forwarded message -----
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220824/e8706b0f/attachment.sig>
More information about the U-Boot
mailing list