Fwd: New Defects reported by Coverity Scan for Das U-Boot

Tom Rini trini at konsulko.com
Tue Jan 30 00:55:37 CET 2024 

Here's the latest report.

---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Jan 29, 2024 at 6:51 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.

1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 480240:  Insecure data handling  (TAINTED_SCALAR)
/cmd/efidebug.c: 192 in do_efi_capsule_esrt()


________________________________________________________________________________________________________
*** CID 480240:  Insecure data handling  (TAINTED_SCALAR)
/cmd/efidebug.c: 192 in do_efi_capsule_esrt()
186
187             printf("========================================\n");
188             printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
189             printf("ESRT: fw_resource_count_max=%d\n",
esrt->fw_resource_count_max);
190             printf("ESRT: fw_resource_version=%lld\n",
esrt->fw_resource_version);
191
>>>     CID 480240:  Insecure data handling  (TAINTED_SCALAR)
>>>     Using tainted variable "esrt->fw_resource_count" as a loop boundary.
192             for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
193                     printf("[entry
%d]==============================\n", idx);
194                     printf("ESRT: fw_class=%pUL\n",
&esrt->entries[idx].fw_class);
195                     printf("ESRT: fw_type=%s\n",
EFI_FW_TYPE_STR_GET(esrt->entries[idx].fw_type));
196                     printf("ESRT: fw_version=%d\n",
esrt->entries[idx].fw_version);
197                     printf("ESRT: lowest_supported_fw_version=%d\n",

----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240129/c8b15533/attachment.sig>

More information about the U-Boot mailing list