Fwd: New Defects reported by Coverity Scan for Das U-Boot

Tom Rini trini at konsulko.com
Tue Jan 23 00:52:12 CET 2024 

I've now updated to the latest Coverity scan tool and that eliminated
some previous defects and found two new ones:

---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Jan 22, 2024 at 6:42 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.

2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
8 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 478862:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 478862:  Memory - corruptions  (OVERRUN)
/lib/initcall.c: 82 in initcall_run_list()
76      if (ret) {
77              if (CONFIG_IS_ENABLED(EVENT)) {
78                      char buf[60];
79
80                      /* don't worry about buf size as we are dying here */
81                      if (type) {
>>>     CID 478862:  Memory - corruptions  (OVERRUN)
>>>     Overrunning callee's array of size 15 by passing argument "type" (which evaluates to 255) in call to "event_type_name".
82                              sprintf(buf, "event %d/%s", type,
83                                      event_type_name(type));
84                      } else {
85                              sprintf(buf, "call %p", func);
86                      }
87

** CID 478861:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 478861:  Memory - corruptions  (OVERRUN)
/cmd/nvedit.c: 356 in print_static_flags()
350     static int print_static_flags(const char *var_name, const char *flags,
351                                   void *priv)
352     {
353             enum env_flags_vartype type = env_flags_parse_vartype(flags);
354             enum env_flags_varaccess access =
env_flags_parse_varaccess(flags);
355
>>>     CID 478861:  Memory - corruptions  (OVERRUN)
>>>     Overrunning callee's array of size 4 by passing argument "access" (which evaluates to 4) in call to "env_flags_get_varaccess_name".
356             printf("\t%-20s %-20s %-20s\n", var_name,
357                     env_flags_get_vartype_name(type),
358                     env_flags_get_varaccess_name(access));
359
360             return 0;
361     }

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240122/2059ca07/attachment.sig>

More information about the U-Boot mailing list