** CID 478334: Memory - corruptions (OVERRUN)

[Heinrich Schuchardt]

Hello Ilias,

please, have a look at this warning.


-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for Das U-Boot
Date: Thu, 18 Jan 2024 14:20:27 +0000 (UTC)
From: scan-admin at coverity.com
To: xypron.glpk at gmx.de

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot
found with Coverity Scan.

2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 478334:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 478334:  Memory - corruptions  (OVERRUN)
/cmd/eficonfig.c: 534 in eficonfig_create_device_path()
528     	p += fp_size;
529     	*((struct efi_device_path *)p) = END;
530     531     	dp = efi_dp_shorten(dp_volume);
532     	if (!dp)
533     		dp = dp_volume;
>>>     CID 478334:  Memory - corruptions  (OVERRUN)
>>>     Overrunning struct type efi_device_path of 4 bytes by passing it to a function which accesses it at byte offset 5 using argument "fp->dp.length" (which evaluates to 6).
534     	dp = efi_dp_concat(dp, &fp->dp, false);

How about using

dp = efi_dp_concat(dp, (struct efi_device_path *)fp, false);

Best regards

Heinrich

535     	free(buf);
536     537     	return dp;
538     }
539
** CID 478333:  Error handling issues  (CHECKED_RETURN)
/lib/efi_loader/efi_firmware.c: 413 in efi_firmware_set_fmp_state_var()