[scan-admin at coverity.com: New Defects reported by Coverity Scan for Das U-Boot]

Tom Rini trini at konsulko.com
Tue Sep 6 17:50:31 CEST 2022 

----- Forwarded message from scan-admin at coverity.com -----

Date: Tue, 06 Sep 2022 01:07:45 +0000 (UTC)
From: scan-admin at coverity.com
To: tom.rini at gmail.com
Subject: New Defects reported by Coverity Scan for Das U-Boot

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan.

2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 356664:  API usage errors  (BUFFER_SIZE)
/lib/tpm-v2.c: 703 in tpm2_report_state()


________________________________________________________________________________________________________
*** CID 356664:  API usage errors  (BUFFER_SIZE)
/lib/tpm-v2.c: 703 in tpm2_report_state()
697     	log_debug("ret=%s, %x\n", dev->name, ret);
698     	if (ret)
699     		return ret;
700     	if (*recv_size < 12)
701     		return -ENODATA;
702     	*recv_size -= 12;
>>>     CID 356664:  API usage errors  (BUFFER_SIZE)
>>>     The source buffer "recvbuf + 12" potentially overlaps with the destination buffer "recvbuf", which results in undefined behavior for "memcpy".
703     	memcpy(recvbuf, recvbuf + 12, *recv_size);
704     
705     	return 0;
706     }
707     
708     u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,

** CID 183377:    (TAINTED_SCALAR)
/drivers/tpm/tpm2_tis_sandbox.c: 735 in sandbox_tpm2_xfer()
/drivers/tpm/tpm2_tis_sandbox.c: 586 in sandbox_tpm2_xfer()


________________________________________________________________________________________________________
*** CID 183377:    (TAINTED_SCALAR)
/drivers/tpm/tpm2_tis_sandbox.c: 735 in sandbox_tpm2_xfer()
729     		seq = sb_tpm_index_to_seq(index);
730     		if (seq < 0)
731     			return log_msg_ret("index", -EINVAL);
732     		printf("tpm: nvread index=%#02x, len=%#02x, seq=%#02x\n", index,
733     		       length, seq);
734     		*recv_len = TPM2_HDR_LEN + 6 + length;
>>>     CID 183377:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*recv_len" to "memset", which uses it as an offset. [Note: The source code implementation of the function has been overridden by a builtin model.]
735     		memset(recvbuf, '\0', *recv_len);
736     		put_unaligned_be32(length, recvbuf + 2);
737     		sb_tpm_read_data(tpm->nvdata, seq, recvbuf,
738     				 TPM2_HDR_LEN + 4 + 2, length);
739     		break;
740     	}
/drivers/tpm/tpm2_tis_sandbox.c: 586 in sandbox_tpm2_xfer()
580     
581     		/* Give the number of properties that follow */
582     		put_unaligned_be32(property_count, recv);
583     		recv += sizeof(property_count);
584     
585     		/* Fill with the properties */
>>>     CID 183377:    (TAINTED_SCALAR)
>>>     Using tainted variable "property_count" as a loop boundary.
586     		for (i = 0; i < property_count; i++) {
587     			put_unaligned_be32(TPM2_PROPERTIES_OFFSET + property +
588     					   i, recv);
589     			recv += sizeof(property);
590     			put_unaligned_be32(tpm->properties[property + i],
591     					   recv);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3D4Xh0_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTtsqJ39YESEW2nKPYCMHF70wsixkMVibSCjQ-2FGaGw5huIkg7-2FWaEDzqOUGcMyrbAAtsYzFGNDW0J6oj0eM4yvinWio8GHNygWR2n19gx10LjZwDEeBkQkwqkhNLGzEBh5ka4haIShtRdBfXm97-2BH2LxChYnqy6cvN-2BxDI2jW9HZJA-3D-3D

  To manage Coverity Scan email notifications for "tom.rini at gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFzf226DuRd-2B2ygQlLnerl-2BA3jN1AOYejXZ-2FNZ62waJHedPFGpqqjTx8fawy9KPJBno-3DsyQ2_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTtsqJ39YESEW2nKPYCMHF700mhadf4YcMAqAcj9oPFjTlJ2s4EcIQU2bFVkOb10WKv-2FZ2t9vT4MUzH6ZOeXZ7qzOdr4JI8cQEPg4D8Tf3kLp0qolYqirx5tuUYCJh6JJ8ik6zvle859z9fd8Tb07Eb4SVxS10DXjSaXXriNevOzvQ-3D-3D


----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220906/d49180ab/attachment.sig>

More information about the U-Boot mailing list