[tom.rini at gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]

Tom Rini trini at konsulko.com
Mon Mar 27 21:19:46 CEST 2023


Here's the latest report.

---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Mar 27, 2023 at 2:36 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.

6 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 451089:  Incorrect expression  (EVALUATION_ORDER)
/lib/efi_loader/efi_device_path.c: 752 in dp_fill()


________________________________________________________________________________________________________
*** CID 451089:  Incorrect expression  (EVALUATION_ORDER)
/lib/efi_loader/efi_device_path.c: 752 in dp_fill()
746                             memcpy(&dp->ns_id, &ns_id, sizeof(ns_id));
747                             return &dp[1];
748                             }
749     #endif
750     #if defined(CONFIG_USB)
751                     case UCLASS_MASS_STORAGE: {
>>>     CID 451089:  Incorrect expression  (EVALUATION_ORDER)
>>>     In "desc = desc = dev_get_uclass_plat(dev)", "desc" is written twice with the same value.
752                             struct blk_desc *desc = desc =
dev_get_uclass_plat(dev);
753                             struct efi_device_path_controller *dp =
754                                     dp_fill(buf, dev->parent);
755
756                             dp->dp.type     =
DEVICE_PATH_TYPE_HARDWARE_DEVICE;
757                             dp->dp.sub_type =
DEVICE_PATH_SUB_TYPE_CONTROLLER;

** CID 450973:    (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 450973:    (TAINTED_SCALAR)
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127             ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128             ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129             ut_assertok(fdt_end_node(fdt));
130             ut_assertok(fdt_end_node(fdt));
131
132             ut_assertok(fdt_end_node(fdt));
>>>     CID 450973:    (TAINTED_SCALAR)
>>>     Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133             ut_assertok(fdt_finish(fdt));
134
135             return 0;
136     }
137
138     /* Test 'fdt addr' getting/setting address */

** CID 450972:    (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 450972:    (PRINTF_ARGS)
/test/cmd/fdt.c: 267 in fdt_test_move()
261             ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262             ut_assert_nextline("Working FDT set to %lx", newaddr);
263             ut_assertok(ut_check_console_end(uts));
264
265             /* Compare the source and destination DTs */
266             ut_assertok(console_record_reset_enable());
>>>     CID 450972:    (PRINTF_ARGS)
>>>     Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
267             ut_assertok(run_commandf("cmp.b %08x %08x %x", addr,
newaddr, ts));
268             ut_assert_nextline("Total of %d byte(s) were the same", ts);
269             ut_assertok(ut_check_console_end(uts));
270
271             return 0;
272     }
/test/cmd/fdt.c: 261 in fdt_test_move()
255             /* Moved target DT location */
256             buf = map_sysmem(newaddr, size);
257             memset(buf, 0, size);
258
259             /* Test moving the working FDT to a new location */
260             ut_assertok(console_record_reset_enable());
>>>     CID 450972:    (PRINTF_ARGS)
>>>     Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
261             ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262             ut_assert_nextline("Working FDT set to %lx", newaddr);
263             ut_assertok(ut_check_console_end(uts));
264
265             /* Compare the source and destination DTs */
266             ut_assertok(console_record_reset_enable());

** CID 450970:    (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 450970:    (PRINTF_ARGS)
/test/cmd/fdt.c: 224 in fdt_test_addr_resize()
218             ut_assertok(console_record_reset_enable());
219             ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220             ut_assert_nextline("Working FDT set to %lx", addr);
221             ut_assertok(ut_check_console_end(uts));
222
223             /* Try shrinking it */
>>>     CID 450970:    (PRINTF_ARGS)
>>>     Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
224             ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
225             ut_assert_nextline("Working FDT set to %lx", addr);
226             ut_assert_nextline("New length %d < existing length
%d, ignoring",
227                                (int)sizeof(fdt) / 4, newsize);
228             ut_assertok(ut_check_console_end(uts));
229
/test/cmd/fdt.c: 219 in fdt_test_addr_resize()
213             ut_assertok(make_test_fdt(uts, fdt, sizeof(fdt)));
214             addr = map_to_sysmem(fdt);
215             set_working_fdt_addr(addr);
216
217             /* Test setting and resizing the working FDT to a larger size */
218             ut_assertok(console_record_reset_enable());
>>>     CID 450970:    (PRINTF_ARGS)
>>>     Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
219             ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220             ut_assert_nextline("Working FDT set to %lx", addr);
221             ut_assertok(ut_check_console_end(uts));
222
223             /* Try shrinking it */
224             ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
/test/cmd/fdt.c: 231 in fdt_test_addr_resize()
225             ut_assert_nextline("Working FDT set to %lx", addr);
226             ut_assert_nextline("New length %d < existing length
%d, ignoring",
227                                (int)sizeof(fdt) / 4, newsize);
228             ut_assertok(ut_check_console_end(uts));
229
230             /* ...quietly */
>>>     CID 450970:    (PRINTF_ARGS)
>>>     Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
231             ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
232             ut_assert_nextline("Working FDT set to %lx", addr);
233             ut_assertok(ut_check_console_end(uts));
234
235             /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
236

** CID 450968:    (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 450968:    (PRINTF_ARGS)
/test/cmd/fdt.c: 224 in fdt_test_addr_resize()
218             ut_assertok(console_record_reset_enable());
219             ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220             ut_assert_nextline("Working FDT set to %lx", addr);
221             ut_assertok(ut_check_console_end(uts));
222
223             /* Try shrinking it */
>>>     CID 450968:    (PRINTF_ARGS)
>>>     Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
224             ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
225             ut_assert_nextline("Working FDT set to %lx", addr);
226             ut_assert_nextline("New length %d < existing length
%d, ignoring",
227                                (int)sizeof(fdt) / 4, newsize);
228             ut_assertok(ut_check_console_end(uts));
229
/test/cmd/fdt.c: 231 in fdt_test_addr_resize()
225             ut_assert_nextline("Working FDT set to %lx", addr);
226             ut_assert_nextline("New length %d < existing length
%d, ignoring",
227                                (int)sizeof(fdt) / 4, newsize);
228             ut_assertok(ut_check_console_end(uts));
229
230             /* ...quietly */
>>>     CID 450968:    (PRINTF_ARGS)
>>>     Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
231             ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
232             ut_assert_nextline("Working FDT set to %lx", addr);
233             ut_assertok(ut_check_console_end(uts));
234
235             /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
236

** CID 450967:    (PRINTF_ARGS)


________________________________________________________________________________________________________
*** CID 450967:    (PRINTF_ARGS)
/test/cmd/fdt.c: 261 in fdt_test_move()
255             /* Moved target DT location */
256             buf = map_sysmem(newaddr, size);
257             memset(buf, 0, size);
258
259             /* Test moving the working FDT to a new location */
260             ut_assertok(console_record_reset_enable());
>>>     CID 450967:    (PRINTF_ARGS)
>>>     Argument "newaddr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
261             ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262             ut_assert_nextline("Working FDT set to %lx", newaddr);
263             ut_assertok(ut_check_console_end(uts));
264
265             /* Compare the source and destination DTs */
266             ut_assertok(console_record_reset_enable());
/test/cmd/fdt.c: 267 in fdt_test_move()
261             ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262             ut_assert_nextline("Working FDT set to %lx", newaddr);
263             ut_assertok(ut_check_console_end(uts));
264
265             /* Compare the source and destination DTs */
266             ut_assertok(console_record_reset_enable());
>>>     CID 450967:    (PRINTF_ARGS)
>>>     Argument "newaddr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
267             ut_assertok(run_commandf("cmp.b %08x %08x %x", addr,
newaddr, ts));
268             ut_assert_nextline("Total of %d byte(s) were the same", ts);
269             ut_assertok(ut_check_console_end(uts));
270
271             return 0;
272     }


----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230327/0d1986fe/attachment.sig>


More information about the U-Boot mailing list