** CID 478334: Memory - corruptions (OVERRUN)

Ilias Apalodimas ilias.apalodimas at linaro.org
Fri Jan 19 10:35:52 CET 2024


Looking at it again,

This looks like a false positive, but I cant understand how coverity
gets triggered. If your proposal quiesces the warning for some reason,
I can send a patch.

Thanks
/Ilias

On Fri, 19 Jan 2024 at 10:58, Ilias Apalodimas
<ilias.apalodimas at linaro.org> wrote:
>
> Hi Heinrich,
>
> On Fri, 19 Jan 2024 at 10:56, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> >
> > Hello Ilias,
> >
> > please, have a look at this warning.
> >
> >
> > -------- Forwarded Message --------
> > Subject: New Defects reported by Coverity Scan for Das U-Boot
> > Date: Thu, 18 Jan 2024 14:20:27 +0000 (UTC)
> > From: scan-admin at coverity.com
> > To: xypron.glpk at gmx.de
> >
> > Hi,
> >
> > Please find the latest report on new defect(s) introduced to Das U-Boot
> > found with Coverity Scan.
> >
> > 2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> > 16 defect(s), reported by Coverity Scan earlier, were marked fixed in
> > the recent build analyzed by Coverity Scan.
> >
> > New defect(s) Reported-by: Coverity Scan
> > Showing 2 of 2 defect(s)
> >
> >
> > ** CID 478334:  Memory - corruptions  (OVERRUN)
> >
> >
> > ________________________________________________________________________________________________________
> > *** CID 478334:  Memory - corruptions  (OVERRUN)
> > /cmd/eficonfig.c: 534 in eficonfig_create_device_path()
> > 528             p += fp_size;
> > 529             *((struct efi_device_path *)p) = END;
> > 530     531             dp = efi_dp_shorten(dp_volume);
> > 532             if (!dp)
> > 533                     dp = dp_volume;
> > >>>     CID 478334:  Memory - corruptions  (OVERRUN)
> > >>>     Overrunning struct type efi_device_path of 4 bytes by passing it to a function which accesses it at byte offset 5 using argument "fp->dp.length" (which evaluates to 6).
> > 534             dp = efi_dp_concat(dp, &fp->dp, false);
> >
> > How about using
> >
> > dp = efi_dp_concat(dp, (struct efi_device_path *)fp, false);
>
> That looks good. I'll send a patch shortly
>
> Thanks
> /Ilias
> >
> > Best regards
> >
> > Heinrich
> >
> > 535             free(buf);
> > 536     537             return dp;
> > 538     }
> > 539
> > ** CID 478333:  Error handling issues  (CHECKED_RETURN)
> > /lib/efi_loader/efi_firmware.c: 413 in efi_firmware_set_fmp_state_var()
> >


More information about the U-Boot mailing list