** CID 478334: Memory - corruptions (OVERRUN)
Ilias Apalodimas
ilias.apalodimas at linaro.org
Fri Jan 19 09:58:31 CET 2024
Hi Heinrich,
On Fri, 19 Jan 2024 at 10:56, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> Hello Ilias,
>
> please, have a look at this warning.
>
>
> -------- Forwarded Message --------
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> Date: Thu, 18 Jan 2024 14:20:27 +0000 (UTC)
> From: scan-admin at coverity.com
> To: xypron.glpk at gmx.de
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to Das U-Boot
> found with Coverity Scan.
>
> 2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> 16 defect(s), reported by Coverity Scan earlier, were marked fixed in
> the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 2 of 2 defect(s)
>
>
> ** CID 478334: Memory - corruptions (OVERRUN)
>
>
> ________________________________________________________________________________________________________
> *** CID 478334: Memory - corruptions (OVERRUN)
> /cmd/eficonfig.c: 534 in eficonfig_create_device_path()
> 528 p += fp_size;
> 529 *((struct efi_device_path *)p) = END;
> 530 531 dp = efi_dp_shorten(dp_volume);
> 532 if (!dp)
> 533 dp = dp_volume;
> >>> CID 478334: Memory - corruptions (OVERRUN)
> >>> Overrunning struct type efi_device_path of 4 bytes by passing it to a function which accesses it at byte offset 5 using argument "fp->dp.length" (which evaluates to 6).
> 534 dp = efi_dp_concat(dp, &fp->dp, false);
>
> How about using
>
> dp = efi_dp_concat(dp, (struct efi_device_path *)fp, false);
That looks good. I'll send a patch shortly
Thanks
/Ilias
>
> Best regards
>
> Heinrich
>
> 535 free(buf);
> 536 537 return dp;
> 538 }
> 539
> ** CID 478333: Error handling issues (CHECKED_RETURN)
> /lib/efi_loader/efi_firmware.c: 413 in efi_firmware_set_fmp_state_var()
>
More information about the U-Boot
mailing list