[tom.rini at gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]

Simon Glass sjg at chromium.org
Thu Sep 8 20:19:01 CEST 2022 

Hi Tom,

On Wed, 24 Aug 2022 at 05:40, Tom Rini <trini at konsulko.com> wrote:
>
> And here's the most recent one.
>
> ----- Forwarded message from Tom Rini <tom.rini at gmail.com> -----
>
> Date: Wed, 24 Aug 2022 07:38:55 -0400
> From: Tom Rini <tom.rini at gmail.com>
> To: trini at konsulko.com
> Subject: Fwd: New Defects reported by Coverity Scan for Das U-Boot
>
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Mon, Aug 22, 2022 at 7:07 PM
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> To: <tom.rini at gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to Das
> U-Boot found with Coverity Scan.
>
> 3 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in
> the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
>
>
> ** CID 356244:  Null pointer dereferences  (FORWARD_NULL)
>
>
> ________________________________________________________________________________________________________
> *** CID 356244:  Null pointer dereferences  (FORWARD_NULL)
> /boot/vbe.c: 46 in vbe_find_first_device()
> 40     int vbe_find_first_device(struct udevice **devp)
> 41     {
> 42      uclass_find_first_device(UCLASS_BOOTMETH, devp);
> 43      if (*devp && is_vbe(*devp))
> 44              return 0;
> 45
> >>>     CID 356244:  Null pointer dereferences  (FORWARD_NULL)
> >>>     Passing "devp" to "vbe_find_next_device", which dereferences null "*devp".
> 46      return vbe_find_next_device(devp);
> 47     }
> 48
> 49     int vbe_list(void)
> 50     {
> 51      struct bootstd_priv *std;
>
> ** CID 356243:  Code maintainability issues  (UNUSED_VALUE)
> /boot/vbe_simple.c: 237 in bootmeth_vbe_simple_ft_fixup()
>
>
> ________________________________________________________________________________________________________
> *** CID 356243:  Code maintainability issues  (UNUSED_VALUE)
> /boot/vbe_simple.c: 237 in bootmeth_vbe_simple_ft_fixup()
> 231             /*
> 232              * Ideally we would have driver model support for
> fixups, but that does
> 233              * not exist yet. It is a step too far to try to do
> this before VBE is
> 234              * in place.
> 235              */
> 236             for (ret = vbe_find_first_device(&dev); dev;
> >>>     CID 356243:  Code maintainability issues  (UNUSED_VALUE)
> >>>     Assigning value from "vbe_find_next_device(&dev)" to "ret" here, but that stored value is overwritten before it can be used.
> 237                  ret = vbe_find_next_device(&dev)) {
> 238                     struct simple_state state;
> 239
> 240                     if (strcmp("vbe_simple", dev->driver->name))
> 241                             continue;
> 242
>
> ** CID 356242:    (TAINTED_SCALAR)
>
>
> ________________________________________________________________________________________________________
> *** CID 356242:    (TAINTED_SCALAR)
> /test/dm/ofnode.c: 501 in make_ofnode_fdt()
> 495             ut_assertok(fdt_end_node(fdt));
> 496
> 497             ut_assert(fdt_begin_node(fdt, "new-mmc") >= 0);
> 498             ut_assertok(fdt_end_node(fdt));
> 499
> 500             ut_assertok(fdt_end_node(fdt));
> >>>     CID 356242:    (TAINTED_SCALAR)
> >>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
> 501             ut_assertok(fdt_finish(fdt));
> 502
> 503             return 0;
> 504     }
> 505
> 506     static int dm_test_ofnode_root(struct unit_test_state *uts)
> /test/dm/ofnode.c: 501 in make_ofnode_fdt()
> 495             ut_assertok(fdt_end_node(fdt));
> 496
> 497             ut_assert(fdt_begin_node(fdt, "new-mmc") >= 0);
> 498             ut_assertok(fdt_end_node(fdt));
> 499
> 500             ut_assertok(fdt_end_node(fdt));
> >>>     CID 356242:    (TAINTED_SCALAR)
> >>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
> 501             ut_assertok(fdt_finish(fdt));
> 502
> 503             return 0;
> 504     }
> 505
> 506     static int dm_test_ofnode_root(struct unit_test_state *uts)
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3Dl_S3_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTu-2FviBcJy3TYnkbff9O1lpJB2a065UniCzfVIBu-2Brs6HGPrhp6hp3s-2BQGSVvNSaRsQojbpJAi7kxyFcHZ8aaIeQ0LJlzM2cTXzCCeq8c-2FquCeg4mCmdPzUFdWUhBcgytnExm8LYbWctf-2B-2BcK49gD2uvdO0dVdoZGeFYKdAJZGcKrg-3D-3D
>
>   To manage Coverity Scan email notifications for
> "tom.rini at gmail.com", click
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFzf226DuRd-2B2ygQlLnerl-2BA3jN1AOYejXZ-2FNZ62waJHedPFGpqqjTx8fawy9KPJBno-3D0xWA_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTu-2FviBcJy3TYnkbff9O1lpJ8fYfPhPSMWru8G5g0hjYD2lP6GfXdRYLDay-2BEZMB4nffrqxFwC3P84QsfDGYYlZb-2Fv2AYdsgvSvu2gEihe-2BP8O4Khh9gLeVsBYy-2Bps2buInswpEo43c-2B1-2FHNkYpmMXLe6-2FNHIyvt0clj7kDSbeyOqA-3D-3D
>

OK I have it on my list...currently trying to get the VBE stuff
finished for osfc in 10 days.

Regards,
Simon

More information about the U-Boot mailing list