Fwd: New Defects reported by Coverity Scan for Das U-Boot

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Jan 30 09:14:57 CET 2024 

On 1/30/24 00:55, Tom Rini wrote:
> Here's the latest report.
>
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Mon, Jan 29, 2024 at 6:51 PM
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> To: <tom.rini at gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to Das
> U-Boot found with Coverity Scan.
>
> 1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> 1 defect(s), reported by Coverity Scan earlier, were marked fixed in
> the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 1 of 1 defect(s)
>
>
> ** CID 480240:  Insecure data handling  (TAINTED_SCALAR)
> /cmd/efidebug.c: 192 in do_efi_capsule_esrt()
>
>
> ________________________________________________________________________________________________________
> *** CID 480240:  Insecure data handling  (TAINTED_SCALAR)
> /cmd/efidebug.c: 192 in do_efi_capsule_esrt()
> 186
> 187             printf("========================================\n");
> 188             printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
> 189             printf("ESRT: fw_resource_count_max=%d\n",
> esrt->fw_resource_count_max);
> 190             printf("ESRT: fw_resource_version=%lld\n",
> esrt->fw_resource_version);
> 191
>>>>      CID 480240:  Insecure data handling  (TAINTED_SCALAR)
>>>>      Using tainted variable "esrt->fw_resource_count" as a loop boundary.
> 192             for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
> 193                     printf("[entry
> %d]==============================\n", idx);
> 194                     printf("ESRT: fw_class=%pUL\n",
> &esrt->entries[idx].fw_class);
> 195                     printf("ESRT: fw_type=%s\n",
> EFI_FW_TYPE_STR_GET(esrt->entries[idx].fw_type));
> 196                     printf("ESRT: fw_version=%d\n",
> esrt->entries[idx].fw_version);
> 197                     printf("ESRT: lowest_supported_fw_version=%d\n",
>
> ----- End forwarded message -----
>

Coverity sees any conversion from void * as a hint to tainted data. The
ESRT might be manipulated by some EFI app but we want to display it. So
I marked this Coverity issue as intentional.

Best regards

Heinrich

More information about the U-Boot mailing list