[tom.rini at gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]

Tom Rini trini at konsulko.com
Thu Dec 21 17:08:11 CET 2023 

On Thu, Dec 21, 2023 at 02:48:31PM +0000, Shantur Rathore wrote:
> Hi Tom,
> 
> On Mon, Dec 18, 2023 at 4:26 PM Tom Rini <trini at konsulko.com> wrote:
> >
> > Here's the latest report.
> >
> > ---------- Forwarded message ---------
> > From: <scan-admin at coverity.com>
> > Date: Mon, Dec 18, 2023 at 8:42 AM
> > Subject: New Defects reported by Coverity Scan for Das U-Boot
> > To: <tom.rini at gmail.com>
> >
> >
> > Hi,
> >
> > Please find the latest report on new defect(s) introduced to Das
> > U-Boot found with Coverity Scan.
> >
> > 1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> >
> >
> > New defect(s) Reported-by: Coverity Scan
> > Showing 1 of 1 defect(s)
> >
> >
> > ** CID 470930:  Uninitialized variables  (UNINIT)
> > /boot/bootmeth_efi.c: 465 in distro_efi_boot()
> >
> >
> > ________________________________________________________________________________________________________
> > *** CID 470930:  Uninitialized variables  (UNINIT)
> > /boot/bootmeth_efi.c: 465 in distro_efi_boot()
> > 459              */
> > 460             if (bflow->flags & BOOTFLOWF_USE_BUILTIN_FDT) {
> > 461                     log_debug("Booting with built-in fdt\n");
> > 462                     snprintf(cmd, sizeof(cmd), "bootefi %lx", kernel);
> > 463             } else {
> > 464                     log_debug("Booting with external fdt\n");
> > >>>     CID 470930:  Uninitialized variables  (UNINIT)
> > >>>     Using uninitialized value "fdt" when calling "snprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
> > 465                     snprintf(cmd, sizeof(cmd), "bootefi %lx %lx",
> > kernel, fdt);
> > 466             }
> > 467
> > 468             if (run_command(cmd, 0))
> > 469                     return log_msg_ret("run", -EINVAL);
> > 470
> >
> 
> The code in question is
> 
> if (!bootmeth_uses_network(bflow)) {
>   // snip
>   if (bflow->flags & ~BOOTFLOWF_USE_BUILTIN_FDT)
>     fdt = bflow->fdt_addr;
> } else {
>   // snip
>   fdt = env_get_hex("fdt_addr_r", 0);
> }
> //snip
> if (bflow->flags & BOOTFLOWF_USE_BUILTIN_FDT) {
>   log_debug("Booting with built-in fdt\n");
>   snprintf(cmd, sizeof(cmd), "bootefi %lx", kernel);
> } else {
>   log_debug("Booting with external fdt\n");
>   snprintf(cmd, sizeof(cmd), "bootefi %lx %lx", kernel, fdt);
> }
> 
> I am unsure in which case is fdt uninitialised.
> Unless the tool is being thrown off by different version of
> bflow->flags & BOOTFLOWF_USE_BUILTIN_FDT
> check, I don't see the problem.
> 
> Please let me know if you see it.

Ah, right, thanks for re-checking.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20231221/670222ea/attachment.sig>

More information about the U-Boot mailing list