New Defects reported by Coverity Scan for Das U-Boot
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed Oct 16 08:12:41 CEST 2024
HI Tom,
We'll have a look on the mbedTLS reports later today
Thanks
/Ilias
On Wed, 16 Oct 2024 at 06:47, Tom Rini <trini at konsulko.com> wrote:
>
> Hey all, here's the latest report.
>
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Tue, Oct 15, 2024 at 5:06 PM
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> To: <tom.rini at gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to Das
> U-Boot found with Coverity Scan.
>
> 22 new defect(s) introduced to Das U-Boot found with Coverity Scan.
>
>
> New defect(s) Reported-by: Coverity Scan
> Showing 20 of 22 defect(s)
>
>
> ** CID 510813: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read()
>
>
> ________________________________________________________________________________________________________
> *** CID 510813: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read()
> 1646 goto read_err;
> 1647 }
> 1648 if (ret < 0)
> 1649 goto read_err;
> 1650
> 1651 if (is_ofst_odd == true) {
> >>> CID 510813: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "memmove(buf, buf + 1, len -...".
> 1652 memmove(buf, (buf + 1), (len - 1));
> 1653 *retlen += (ret - 1);
> 1654 buf += ret - 1;
> 1655 is_ofst_odd = false;
> 1656 } else {
> 1657 *retlen += ret;
>
> ** CID 510812: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase()
> /drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase()
> /drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase()
> /drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase()
>
>
> ________________________________________________________________________________________________________
> *** CID 510812: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase()
> 3567 /*
> 3568 * In parallel-memories the erase operation is
> 3569 * performed on both the flashes simultaneously
> 3570 * so, double the erasesize.
> 3571 */
> 3572 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510812: (DEADCODE)
> >>> Execution cannot reach this statement: "mtd->erasesize = 8192U;".
> 3573 mtd->erasesize = 4096 * 2;
> 3574 else
> 3575 mtd->erasesize = 4096;
> 3576 } else if (info->flags & SECT_4K_PMC) {
> 3577 nor->erase_opcode = SPINOR_OP_BE_4K_PMC;
> 3578 /*
> /drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase()
> 3578 /*
> 3579 * In parallel-memories the erase operation is
> 3580 * performed on both the flashes simultaneously
> 3581 * so, double the erasesize.
> 3582 */
> 3583 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510812: (DEADCODE)
> >>> Execution cannot reach this statement: "mtd->erasesize = 8192U;".
> 3584 mtd->erasesize = 4096 * 2;
> 3585 else
> 3586 mtd->erasesize = 4096;
> 3587 } else
> 3588 #endif
> 3589 {
> /drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase()
> 3604 /*
> 3605 * In parallel-memories the erase operation is
> 3606 * performed on both the flashes simultaneously
> 3607 * so, double the erasesize.
> 3608 */
> 3609 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510812: (DEADCODE)
> >>> Execution cannot reach this statement: "mtd->erasesize = 8192U;".
> 3610 mtd->erasesize = 4096 * 2;
> 3611 else
> 3612 mtd->erasesize = 4096;
> 3613 }
> 3614
> 3615 return 0;
> /drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase()
> 3591 /*
> 3592 * In parallel-memories the erase operation is
> 3593 * performed on both the flashes simultaneously
> 3594 * so, double the erasesize.
> 3595 */
> 3596 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510812: (DEADCODE)
> >>> Execution cannot reach this statement: "mtd->erasesize = info->sect...".
> 3597 mtd->erasesize = info->sector_size * 2;
> 3598 else
> 3599 mtd->erasesize = info->sector_size;
> 3600 }
> 3601
> 3602 if ((JEDEC_MFR(info) == SNOR_MFR_SST) && info->flags &
> SECT_4K) {
>
> ** CID 510811: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase()
> /drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase()
>
>
> ________________________________________________________________________________________________________
> *** CID 510811: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase()
> 1128 addr_known = false;
> 1129 ret = -EINTR;
> 1130 goto erase_err;
> 1131 }
> 1132 offset = addr;
> 1133 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510811: (DEADCODE)
> >>> Execution cannot reach this statement: "offset /= 2U;".
> 1134 offset /= 2;
> 1135
> 1136 if (nor->flags & SNOR_F_HAS_STACKED) {
> 1137 if (offset >= (mtd->size / 2)) {
> 1138 offset = offset - (mtd->size / 2);
> 1139 nor->spi->flags |= SPI_XFER_U_PAGE;
> /drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase()
> 1131 }
> 1132 offset = addr;
> 1133 if (nor->flags & SNOR_F_HAS_PARALLEL)
> 1134 offset /= 2;
> 1135
> 1136 if (nor->flags & SNOR_F_HAS_STACKED) {
> >>> CID 510811: (DEADCODE)
> >>> Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
> 1137 if (offset >= (mtd->size / 2)) {
> 1138 offset = offset - (mtd->size / 2);
> 1139 nor->spi->flags |= SPI_XFER_U_PAGE;
> 1140 } else {
> 1141 nor->spi->flags &= ~SPI_XFER_U_PAGE;
> 1142 }
>
> ** CID 510810: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
>
>
> ________________________________________________________________________________________________________
> *** CID 510810: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
> 1550 {
> 1551 int tmp;
> 1552 u8 id[SPI_NOR_MAX_ID_LEN];
> 1553 const struct flash_info *info;
> 1554
> 1555 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510810: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "nor->spi->flags |= 0x100;".
> 1556 nor->spi->flags |= SPI_XFER_LOWER;
> 1557
> 1558 tmp = nor->read_reg(nor, SPINOR_OP_RDID, id,
> SPI_NOR_MAX_ID_LEN);
> 1559 if (tmp < 0) {
> 1560 dev_dbg(nor->dev, "error %d reading JEDEC ID\n", tmp);
> 1561 return ERR_PTR(tmp);
>
> ** CID 510809: Resource leaks (RESOURCE_LEAK)
> /lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo()
>
>
> ________________________________________________________________________________________________________
> *** CID 510809: Resource leaks (RESOURCE_LEAK)
> /lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo()
> 379 signed_info);
> 380 if (ret)
> 381 goto out_err_sinfo;
> 382
> 383 no_authattrs:
> 384 *sinfo = signed_info;
> >>> CID 510809: Resource leaks (RESOURCE_LEAK)
> >>> Variable "mctx" going out of scope leaks the storage it points to.
> 385 return 0;
> 386
> 387 out_err_sinfo:
> 388 pkcs7_free_sinfo_mbedtls_ctx(mctx);
> 389 out_no_mctx:
> 390 public_key_signature_free(s);
>
> ** CID 510808: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes()
>
>
> ________________________________________________________________________________________________________
> *** CID 510808: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes()
> 718 static void spi_nor_set_4byte_opcodes(struct spi_nor *nor,
> 719 const struct flash_info *info)
> 720 {
> 721 bool shift = 0;
> 722
> 723 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510808: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "shift = true;".
> 724 shift = 1;
> 725
> 726 /* Do some manufacturer fixups first */
> 727 switch (JEDEC_MFR(info)) {
> 728 case SNOR_MFR_SPANSION:
> 729 /* No small sector erase for 4-byte command set */
>
> ** CID 510807: Control flow issues (DEADCODE)
> /lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in x509_inet_pton_ipv6()
>
>
> ________________________________________________________________________________________________________
> *** CID 510807: Control flow issues (DEADCODE)
> /lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in x509_inet_pton_ipv6()
> 2744 MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
> 2745 nonzero_groups++;
> 2746 if (*p == '\0') {
> 2747 break;
> 2748 } else if (*p == '.') {
> 2749 /* Don't accept IPv4 too early or late */
> >>> CID 510807: Control flow issues (DEADCODE)
> >>> Execution cannot reach the expression "zero_group_start == -1" inside this statement: "if ((nonzero_groups == 0 &&...".
> 2750 if ((nonzero_groups == 0 && zero_group_start == -1) ||
> 2751 nonzero_groups >= 7) {
> 2752 break;
> 2753 }
> 2754
> 2755 /* Walk back to prior ':', then parse as IPv4-mapped */
>
> ** CID 510806: Control flow issues (DEADCODE)
> /lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse()
>
>
> ________________________________________________________________________________________________________
> *** CID 510806: Control flow issues (DEADCODE)
> /lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse()
> 203 return -EINVAL;
> 204 }
> 205
> 206 p += seq_len;
> 207 }
> 208
> >>> CID 510806: Control flow issues (DEADCODE)
> >>> Execution cannot reach the expression "ret != -96" inside this statement: "if (ret && ret != -96)
> re...".
> 209 if (ret && ret != MBEDTLS_ERR_ASN1_OUT_OF_DATA)
> 210 return ret;
> 211
> 212 msg->have_authattrs = true;
> 213
> 214 /*
>
> ** CID 510805: Memory - illegal accesses (OVERRUN)
> /lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop()
>
>
> ________________________________________________________________________________________________________
> *** CID 510805: Memory - illegal accesses (OVERRUN)
> /lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop()
> 672 (*prop)->num_bits = (rsa_key.n_sz - i) * 8;
> 673 (*prop)->modulus = malloc(rsa_key.n_sz - i);
> 674 if (!(*prop)->modulus) {
> 675 ret = -ENOMEM;
> 676 goto out;
> 677 }
> >>> CID 510805: Memory - illegal accesses (OVERRUN)
> >>> Overrunning dynamic array "rsa_key.n" at offset corresponding to index variable "i".
> 678 memcpy((void *)(*prop)->modulus, &rsa_key.n[i],
> rsa_key.n_sz - i);
> 679
> 680 n = calloc(sizeof(uint32_t), 1 + ((*prop)->num_bits >> 5));
> 681 rr = calloc(sizeof(uint32_t), 1 + (((*prop)->num_bits
> * 2) >> 5));
> 682 rrtmp = calloc(sizeof(uint32_t), 2 +
> (((*prop)->num_bits * 2) >> 5));
> 683 if (!n || !rr || !rrtmp) {
>
> ** CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
> /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
>
>
> ________________________________________________________________________________________________________
> *** CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
> /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
> 1550 {
> 1551 int tmp;
> 1552 u8 id[SPI_NOR_MAX_ID_LEN];
> 1553 const struct flash_info *info;
> 1554
> 1555 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
> >>> In "nor->spi->flags |= 256 /* 1 << 8 */", wider "256 /* 1 << 8 */" has high-order bits (0x100) that don't affect the narrower left-hand side.
> 1556 nor->spi->flags |= SPI_XFER_LOWER;
> 1557
> 1558 tmp = nor->read_reg(nor, SPINOR_OP_RDID, id,
> SPI_NOR_MAX_ID_LEN);
> 1559 if (tmp < 0) {
> 1560 dev_dbg(nor->dev, "error %d reading JEDEC ID\n", tmp);
> 1561 return ERR_PTR(tmp);
>
> ** CID 510803: Code maintainability issues (UNUSED_VALUE)
> /drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase()
>
>
> ________________________________________________________________________________________________________
> *** CID 510803: Code maintainability issues (UNUSED_VALUE)
> /drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase()
> 1132 offset = addr;
> 1133 if (nor->flags & SNOR_F_HAS_PARALLEL)
> 1134 offset /= 2;
> 1135
> 1136 if (nor->flags & SNOR_F_HAS_STACKED) {
> 1137 if (offset >= (mtd->size / 2)) {
> >>> CID 510803: Code maintainability issues (UNUSED_VALUE)
> >>> Assigning value from "offset - mtd->size / 2ULL" to "offset" here, but that stored value is overwritten before it can be used.
> 1138 offset = offset - (mtd->size / 2);
> 1139 nor->spi->flags |= SPI_XFER_U_PAGE;
> 1140 } else {
> 1141 nor->spi->flags &= ~SPI_XFER_U_PAGE;
> 1142 }
> 1143 }
>
> ** CID 510802: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 504 in read_sr()
>
>
> ________________________________________________________________________________________________________
> *** CID 510802: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 504 in read_sr()
> 498 * discard the second byte.
> 499 */
> 500 if (spi_nor_protocol_is_dtr(nor->reg_proto))
> 501 op.data.nbytes = 2;
> 502
> 503 if (nor->flags & SNOR_F_HAS_PARALLEL) {
> >>> CID 510802: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "op.data.nbytes = 2U;".
> 504 op.data.nbytes = 2;
> 505 ret = spi_nor_read_write_reg(nor, &op, &val[0]);
> 506 if (ret < 0) {
> 507 pr_debug("error %d reading SR\n", (int)ret);
> 508 return ret;
> 509 }
>
> ** CID 510801: Null pointer dereferences (FORWARD_NULL)
>
>
> ________________________________________________________________________________________________________
> *** CID 510801: Null pointer dereferences (FORWARD_NULL)
> /lib/ecdsa/ecdsa-libcrypto.c: 365 in ecdsa_add_verify_data()
> 359 struct signer ctx;
> 360 int ret;
> 361
> 362 fdt_key_name = info->keyname ? info->keyname : "default-key";
> 363 ret = prepare_ctx(&ctx, info);
> 364 if (ret >= 0) {
> >>> CID 510801: Null pointer dereferences (FORWARD_NULL)
> >>> Passing "info" to "do_add", which dereferences null "info->keyname".
> 365 ret = do_add(&ctx, fdt, fdt_key_name, info);
> 366 if (ret < 0)
> 367 ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
> 368 }
> 369
> 370 free_ctx(&ctx);
> 371 return ret;
>
> ** CID 510800: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read()
> /drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read()
> /drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read()
> /drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read()
>
>
> ________________________________________________________________________________________________________
> *** CID 510800: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read()
> 1614 } else {
> 1615 nor->spi->flags &= ~SPI_XFER_U_PAGE;
> 1616 }
> 1617 }
> 1618
> 1619 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510800: (DEADCODE)
> >>> Execution cannot reach this statement: "offset /= 2LL;".
> 1620 offset /= 2;
> 1621
> 1622 if (nor->addr_width == 3) {
> 1623 #ifdef CONFIG_SPI_FLASH_BAR
> 1624 ret = write_bar(nor, offset);
> 1625 if (ret < 0)
> /drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read()
> 1584 u32 rem_bank_len = 0;
> 1585 u8 bank;
> 1586 bool is_ofst_odd = false;
> 1587
> 1588 dev_dbg(nor->dev, "from 0x%08x, len %zd\n", (u32)from, len);
> 1589
> >>> CID 510800: (DEADCODE)
> >>> Execution cannot reach the expression "offset & 1LL" inside this statement: "if (nor->flags & SNOR_F_HAS...".
> 1590 if ((nor->flags & SNOR_F_HAS_PARALLEL) && (offset & 1)) {
> 1591 /* We can hit this case when we use file system
> like ubifs */
> 1592 from--;
> 1593 len++;
> 1594 is_ofst_odd = true;
> 1595 }
> /drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read()
> 1605 rem_bank_len = (SZ_16M * (bank
> + 1)) - from;
> 1606 }
> 1607 }
> 1608 offset = from;
> 1609
> 1610 if (nor->flags & SNOR_F_HAS_STACKED) {
> >>> CID 510800: (DEADCODE)
> >>> Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
> 1611 if (offset >= (mtd->size / 2)) {
> 1612 offset = offset - (mtd->size / 2);
> 1613 nor->spi->flags |= SPI_XFER_U_PAGE;
> 1614 } else {
> 1615 nor->spi->flags &= ~SPI_XFER_U_PAGE;
> 1616 }
> /drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read()
> 1594 is_ofst_odd = true;
> 1595 }
> 1596
> 1597 while (len) {
> 1598 if (nor->addr_width == 3) {
> 1599 if (nor->flags & SNOR_F_HAS_PARALLEL) {
> >>> CID 510800: (DEADCODE)
> >>> Execution cannot reach this statement: "bank = (u32)from / 33554432U;".
> 1600 bank = (u32)from / (SZ_16M << 0x01);
> 1601 rem_bank_len = ((SZ_16M << 0x01) *
> 1602 (bank + 1)) - from;
> 1603 } else {
> 1604 bank = (u32)from / SZ_16M;
> 1605 rem_bank_len = (SZ_16M * (bank
> + 1)) - from;
>
> ** CID 510799: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write()
> /drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write()
> /drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write()
>
>
> ________________________________________________________________________________________________________
> *** CID 510799: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write()
> 1965 return 0;
> 1966
> 1967 /*
> 1968 * Cannot write to odd offset in parallel mode,
> 1969 * so write 2 bytes first
> 1970 */
> >>> CID 510799: (DEADCODE)
> >>> Execution cannot reach the expression "to & 1LL" inside this statement: "if (nor->flags & SNOR_F_HAS...".
> 1971 if ((nor->flags & SNOR_F_HAS_PARALLEL) && (to & 1)) {
> 1972 u8 two[2] = {0xff, buf[0]};
> 1973 size_t local_retlen;
> 1974
> 1975 ret = spi_nor_write(mtd, to & ~1, 2,
> &local_retlen, two);
> 1976 if (ret < 0)
> /drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write()
> 2001 }
> 2002 offset = (to + i);
> 2003 if (nor->flags & SNOR_F_HAS_PARALLEL)
> 2004 offset /= 2;
> 2005
> 2006 if (nor->flags & SNOR_F_HAS_STACKED) {
> >>> CID 510799: (DEADCODE)
> >>> Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
> 2007 if (offset >= (mtd->size / 2)) {
> 2008 offset = offset - (mtd->size / 2);
> 2009 nor->spi->flags |= SPI_XFER_U_PAGE;
> 2010 } else {
> 2011 nor->spi->flags &= ~SPI_XFER_U_PAGE;
> 2012 }
> /drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write()
> 1998 u64 aux = addr;
> 1999
> 2000 page_offset = do_div(aux, nor->page_size);
> 2001 }
> 2002 offset = (to + i);
> 2003 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510799: (DEADCODE)
> >>> Execution cannot reach this statement: "offset /= 2U;".
> 2004 offset /= 2;
> 2005
> 2006 if (nor->flags & SNOR_F_HAS_STACKED) {
> 2007 if (offset >= (mtd->size / 2)) {
> 2008 offset = offset - (mtd->size / 2);
> 2009 nor->spi->flags |= SPI_XFER_U_PAGE;
>
> ** CID 510798: Resource leaks (RESOURCE_LEAK)
> /lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params()
>
>
> ________________________________________________________________________________________________________
> *** CID 510798: Resource leaks (RESOURCE_LEAK)
> /lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params()
> 214 }
> 215
> 216 ret = hash_calculate(s->hash_algo, ®ion, 1, s->digest);
> 217 if (!ret)
> 218 *sig = s;
> 219
> >>> CID 510798: Resource leaks (RESOURCE_LEAK)
> >>> Variable "s" going out of scope leaks the storage it points to.
> 220 return ret;
> 221
> 222 error_sig:
> 223 public_key_signature_free(s);
> 224 return ret;
> 225 }
>
> ** CID 510797: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan()
> /drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan()
>
>
> ________________________________________________________________________________________________________
> *** CID 510797: (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan()
> 4622 /* Send all the required SPI flash commands to
> initialize device */
> 4623 ret = spi_nor_init(nor);
> 4624 if (ret)
> 4625 return ret;
> 4626
> 4627 if (nor->flags & SNOR_F_HAS_STACKED) {
> >>> CID 510797: (DEADCODE)
> >>> Execution cannot reach this statement: "nor->spi->flags |= 0x10UL;".
> 4628 nor->spi->flags |= SPI_XFER_U_PAGE;
> 4629 ret = spi_nor_init(nor);
> 4630 if (ret)
> 4631 return ret;
> 4632 nor->spi->flags &= ~SPI_XFER_U_PAGE;
> 4633 }
> /drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan()
> 4592 nor->addr_width = info->addr_width;
> 4593 } else {
> 4594 nor->addr_width = 3;
> 4595 }
> 4596
> 4597 if (nor->flags & (SNOR_F_HAS_PARALLEL | SNOR_F_HAS_STACKED))
> >>> CID 510797: (DEADCODE)
> >>> Execution cannot reach this statement: "shift = true;".
> 4598 shift = 1;
> 4599 if (nor->addr_width == 3 && (mtd->size >> shift) > SZ_16M) {
> 4600 #ifndef CONFIG_SPI_FLASH_BAR
> 4601 /* enable 4-byte addressing if the device
> exceeds 16MiB */
> 4602 nor->addr_width = 4;
> 4603 if (JEDEC_MFR(info) == SNOR_MFR_SPANSION ||
>
> ** CID 510796: Insecure data handling (TAINTED_SCALAR)
>
>
> ________________________________________________________________________________________________________
> *** CID 510796: Insecure data handling (TAINTED_SCALAR)
> /lib/mbedtls/external/mbedtls/library/rsa.c: 1316 in rsa_prepare_blinding()
> 1310 }
> 1311
> 1312 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf,
> ctx->len - 1, f_rng, p_rng));
> 1313
> 1314 /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from
> inv_mod. */
> 1315 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len
> - 1, f_rng, p_rng));
> >>> CID 510796: Insecure data handling (TAINTED_SCALAR)
> >>> Passing tainted expression "*ctx->Vf.p" to "mbedtls_mpi_mul_mpi", which uses it as an offset.
> 1316 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R));
> 1317 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi,
> &ctx->Vi, &ctx->N));
> 1318
> 1319 /* At this point, Vi is invertible mod N if and only
> if both Vf and R
> 1320 * are invertible mod N. If one of them isn't, we
> don't need to know
> 1321 * which one, we just loop and choose new values for
> both of them.
>
> ** CID 510795: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init()
>
>
> ________________________________________________________________________________________________________
> *** CID 510795: Control flow issues (DEADCODE)
> /drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init()
> 4265
> 4266 static int spi_nor_init(struct spi_nor *nor)
> 4267 {
> 4268 int err;
> 4269
> 4270 if (nor->flags & SNOR_F_HAS_PARALLEL)
> >>> CID 510795: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "nor->spi->flags |= 3UL;".
> 4271 nor->spi->flags |= SPI_NOR_ENABLE_MULTI_CS;
> 4272
> 4273 err = spi_nor_octal_dtr_enable(nor);
> 4274 if (err) {
> 4275 dev_dbg(nor->dev, "Octal DTR mode not supported\n");
> 4276 return err;
>
> ** CID 510794: Control flow issues (NO_EFFECT)
> /lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string()
>
>
> ________________________________________________________________________________________________________
> *** CID 510794: Control flow issues (NO_EFFECT)
> /lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string()
> 72 do {
> 73 name_str = kzalloc(len, GFP_KERNEL);
> 74 if (!name_str)
> 75 return NULL;
> 76
> 77 wb = mbedtls_x509_dn_gets(name_str, len, name);
> >>> CID 510794: Control flow issues (NO_EFFECT)
> >>> This less-than-zero comparison of an unsigned value is never true. "wb < 0UL".
> 78 if (wb < 0) {
> 79 pr_err("Get DN string failed, ret:-0x%04x\n",
> 80 (unsigned int)-wb);
> 81 kfree(name_str);
> 82 len = len * 2; /* Try with a bigger buffer */
> 83 }
>
> ----- End forwarded message -----
>
> --
> Tom
More information about the U-Boot
mailing list