[tom.rini at gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]
Tom Rini
trini at konsulko.com
Mon Mar 27 21:19:46 CEST 2023
Here's the latest report.
---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Mar 27, 2023 at 2:36 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.
6 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 451089: Incorrect expression (EVALUATION_ORDER)
/lib/efi_loader/efi_device_path.c: 752 in dp_fill()
________________________________________________________________________________________________________
*** CID 451089: Incorrect expression (EVALUATION_ORDER)
/lib/efi_loader/efi_device_path.c: 752 in dp_fill()
746 memcpy(&dp->ns_id, &ns_id, sizeof(ns_id));
747 return &dp[1];
748 }
749 #endif
750 #if defined(CONFIG_USB)
751 case UCLASS_MASS_STORAGE: {
>>> CID 451089: Incorrect expression (EVALUATION_ORDER)
>>> In "desc = desc = dev_get_uclass_plat(dev)", "desc" is written twice with the same value.
752 struct blk_desc *desc = desc =
dev_get_uclass_plat(dev);
753 struct efi_device_path_controller *dp =
754 dp_fill(buf, dev->parent);
755
756 dp->dp.type =
DEVICE_PATH_TYPE_HARDWARE_DEVICE;
757 dp->dp.sub_type =
DEVICE_PATH_SUB_TYPE_CONTROLLER;
** CID 450973: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 450973: (TAINTED_SCALAR)
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
** CID 450972: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450972: (PRINTF_ARGS)
/test/cmd/fdt.c: 267 in fdt_test_move()
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
>>> CID 450972: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
267 ut_assertok(run_commandf("cmp.b %08x %08x %x", addr,
newaddr, ts));
268 ut_assert_nextline("Total of %d byte(s) were the same", ts);
269 ut_assertok(ut_check_console_end(uts));
270
271 return 0;
272 }
/test/cmd/fdt.c: 261 in fdt_test_move()
255 /* Moved target DT location */
256 buf = map_sysmem(newaddr, size);
257 memset(buf, 0, size);
258
259 /* Test moving the working FDT to a new location */
260 ut_assertok(console_record_reset_enable());
>>> CID 450972: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
** CID 450970: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450970: (PRINTF_ARGS)
/test/cmd/fdt.c: 224 in fdt_test_addr_resize()
218 ut_assertok(console_record_reset_enable());
219 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220 ut_assert_nextline("Working FDT set to %lx", addr);
221 ut_assertok(ut_check_console_end(uts));
222
223 /* Try shrinking it */
>>> CID 450970: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
224 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
/test/cmd/fdt.c: 219 in fdt_test_addr_resize()
213 ut_assertok(make_test_fdt(uts, fdt, sizeof(fdt)));
214 addr = map_to_sysmem(fdt);
215 set_working_fdt_addr(addr);
216
217 /* Test setting and resizing the working FDT to a larger size */
218 ut_assertok(console_record_reset_enable());
>>> CID 450970: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
219 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220 ut_assert_nextline("Working FDT set to %lx", addr);
221 ut_assertok(ut_check_console_end(uts));
222
223 /* Try shrinking it */
224 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
/test/cmd/fdt.c: 231 in fdt_test_addr_resize()
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
230 /* ...quietly */
>>> CID 450970: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
231 ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
232 ut_assert_nextline("Working FDT set to %lx", addr);
233 ut_assertok(ut_check_console_end(uts));
234
235 /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
236
** CID 450968: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450968: (PRINTF_ARGS)
/test/cmd/fdt.c: 224 in fdt_test_addr_resize()
218 ut_assertok(console_record_reset_enable());
219 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220 ut_assert_nextline("Working FDT set to %lx", addr);
221 ut_assertok(ut_check_console_end(uts));
222
223 /* Try shrinking it */
>>> CID 450968: (PRINTF_ARGS)
>>> Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
224 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
/test/cmd/fdt.c: 231 in fdt_test_addr_resize()
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
230 /* ...quietly */
>>> CID 450968: (PRINTF_ARGS)
>>> Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
231 ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
232 ut_assert_nextline("Working FDT set to %lx", addr);
233 ut_assertok(ut_check_console_end(uts));
234
235 /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
236
** CID 450967: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450967: (PRINTF_ARGS)
/test/cmd/fdt.c: 261 in fdt_test_move()
255 /* Moved target DT location */
256 buf = map_sysmem(newaddr, size);
257 memset(buf, 0, size);
258
259 /* Test moving the working FDT to a new location */
260 ut_assertok(console_record_reset_enable());
>>> CID 450967: (PRINTF_ARGS)
>>> Argument "newaddr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
/test/cmd/fdt.c: 267 in fdt_test_move()
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
>>> CID 450967: (PRINTF_ARGS)
>>> Argument "newaddr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
267 ut_assertok(run_commandf("cmp.b %08x %08x %x", addr,
newaddr, ts));
268 ut_assert_nextline("Total of %d byte(s) were the same", ts);
269 ut_assertok(ut_check_console_end(uts));
270
271 return 0;
272 }
----- End forwarded message -----
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230327/0d1986fe/attachment.sig>
More information about the U-Boot
mailing list