New Defects reported by Coverity Scan for Das U-Boot

Abbarapu, Venkatesh venkatesh.abbarapu at amd.com
Wed Oct 16 10:20:05 CEST 2024


Hi Tom,
I will try to check for the spi nor core issues mentioned below.

Thanks
Venkatesh

> -----Original Message-----
> From: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Sent: Wednesday, October 16, 2024 11:43 AM
> To: Tom Rini <trini at konsulko.com>
> Cc: u-boot at lists.denx.de; Vignesh R <vigneshr at ti.com>; Takahiro Kuwano
> <Takahiro.Kuwano at infineon.com>; Tudor Ambarus <tudor.ambarus at linaro.org>;
> Abbarapu, Venkatesh <venkatesh.abbarapu at amd.com>; Pratyush Yadav
> <p.yadav at ti.com>; Ashok Reddy Soma <ashok.reddy.soma at amd.com>; Joakim
> Tjernlund <joakim.tjernlund at infinera.com>; Raymond Mao
> <raymond.mao at linaro.org>
> Subject: Re: New Defects reported by Coverity Scan for Das U-Boot
> 
> HI Tom,
> 
> We'll have a look on the mbedTLS reports later today
> 
> Thanks
> /Ilias
> 
> On Wed, 16 Oct 2024 at 06:47, Tom Rini <trini at konsulko.com> wrote:
> >
> > Hey all, here's the latest report.
> >
> > ---------- Forwarded message ---------
> > From: <scan-admin at coverity.com>
> > Date: Tue, Oct 15, 2024 at 5:06 PM
> > Subject: New Defects reported by Coverity Scan for Das U-Boot
> > To: <tom.rini at gmail.com>
> >
> >
> > Hi,
> >
> > Please find the latest report on new defect(s) introduced to Das
> > U-Boot found with Coverity Scan.
> >
> > 22 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> >
> >
> > New defect(s) Reported-by: Coverity Scan Showing 20 of 22 defect(s)
> >
> >
> > ** CID 510813:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510813:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read()
> > 1646                            goto read_err;
> > 1647                    }
> > 1648                    if (ret < 0)
> > 1649                            goto read_err;
> > 1650
> > 1651                    if (is_ofst_odd == true) {
> > >>>     CID 510813:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach this statement: "memmove(buf, buf + 1, len -...".
> > 1652                            memmove(buf, (buf + 1), (len - 1));
> > 1653                            *retlen += (ret - 1);
> > 1654                            buf += ret - 1;
> > 1655                            is_ofst_odd = false;
> > 1656                    } else {
> > 1657                            *retlen += ret;
> >
> > ** CID 510812:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase()
> > /drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase()
> > /drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase()
> > /drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510812:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase()
> > 3567                    /*
> > 3568                     * In parallel-memories the erase operation is
> > 3569                     * performed on both the flashes simultaneously
> > 3570                     * so, double the erasesize.
> > 3571                     */
> > 3572                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510812:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "mtd->erasesize = 8192U;".
> > 3573                            mtd->erasesize = 4096 * 2;
> > 3574                    else
> > 3575                            mtd->erasesize = 4096;
> > 3576            } else if (info->flags & SECT_4K_PMC) {
> > 3577                    nor->erase_opcode = SPINOR_OP_BE_4K_PMC;
> > 3578                    /*
> > /drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase()
> > 3578                    /*
> > 3579                     * In parallel-memories the erase operation is
> > 3580                     * performed on both the flashes simultaneously
> > 3581                     * so, double the erasesize.
> > 3582                     */
> > 3583                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510812:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "mtd->erasesize = 8192U;".
> > 3584                            mtd->erasesize = 4096 * 2;
> > 3585                    else
> > 3586                            mtd->erasesize = 4096;
> > 3587            } else
> > 3588     #endif
> > 3589            {
> > /drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase()
> > 3604                    /*
> > 3605                     * In parallel-memories the erase operation is
> > 3606                     * performed on both the flashes simultaneously
> > 3607                     * so, double the erasesize.
> > 3608                     */
> > 3609                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510812:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "mtd->erasesize = 8192U;".
> > 3610                            mtd->erasesize = 4096 * 2;
> > 3611                    else
> > 3612                            mtd->erasesize = 4096;
> > 3613            }
> > 3614
> > 3615            return 0;
> > /drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase()
> > 3591                    /*
> > 3592                     * In parallel-memories the erase operation is
> > 3593                     * performed on both the flashes simultaneously
> > 3594                     * so, double the erasesize.
> > 3595                     */
> > 3596                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510812:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "mtd->erasesize = info->sect...".
> > 3597                            mtd->erasesize = info->sector_size * 2;
> > 3598                    else
> > 3599                            mtd->erasesize = info->sector_size;
> > 3600            }
> > 3601
> > 3602            if ((JEDEC_MFR(info) == SNOR_MFR_SST) && info->flags &
> > SECT_4K) {
> >
> > ** CID 510811:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase()
> > /drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510811:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase()
> > 1128                            addr_known = false;
> > 1129                            ret = -EINTR;
> > 1130                            goto erase_err;
> > 1131                    }
> > 1132                    offset = addr;
> > 1133                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510811:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "offset /= 2U;".
> > 1134                            offset /= 2;
> > 1135
> > 1136                    if (nor->flags & SNOR_F_HAS_STACKED) {
> > 1137                            if (offset >= (mtd->size / 2)) {
> > 1138                                    offset = offset - (mtd->size / 2);
> > 1139                                    nor->spi->flags |= SPI_XFER_U_PAGE;
> > /drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase()
> > 1131                    }
> > 1132                    offset = addr;
> > 1133                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > 1134                            offset /= 2;
> > 1135
> > 1136                    if (nor->flags & SNOR_F_HAS_STACKED) {
> > >>>     CID 510811:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
> > 1137                            if (offset >= (mtd->size / 2)) {
> > 1138                                    offset = offset - (mtd->size / 2);
> > 1139                                    nor->spi->flags |= SPI_XFER_U_PAGE;
> > 1140                            } else {
> > 1141                                    nor->spi->flags &= ~SPI_XFER_U_PAGE;
> > 1142                            }
> >
> > ** CID 510810:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510810:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
> > 1550     {
> > 1551            int                     tmp;
> > 1552            u8                      id[SPI_NOR_MAX_ID_LEN];
> > 1553            const struct flash_info *info;
> > 1554
> > 1555            if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510810:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach this statement: "nor->spi->flags |= 0x100;".
> > 1556                    nor->spi->flags |= SPI_XFER_LOWER;
> > 1557
> > 1558            tmp = nor->read_reg(nor, SPINOR_OP_RDID, id,
> > SPI_NOR_MAX_ID_LEN);
> > 1559            if (tmp < 0) {
> > 1560                    dev_dbg(nor->dev, "error %d reading JEDEC ID\n", tmp);
> > 1561                    return ERR_PTR(tmp);
> >
> > ** CID 510809:  Resource leaks  (RESOURCE_LEAK)
> > /lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510809:  Resource leaks  (RESOURCE_LEAK)
> > /lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo()
> > 379                                   signed_info);
> > 380             if (ret)
> > 381                     goto out_err_sinfo;
> > 382
> > 383     no_authattrs:
> > 384             *sinfo = signed_info;
> > >>>     CID 510809:  Resource leaks  (RESOURCE_LEAK)
> > >>>     Variable "mctx" going out of scope leaks the storage it points to.
> > 385             return 0;
> > 386
> > 387     out_err_sinfo:
> > 388             pkcs7_free_sinfo_mbedtls_ctx(mctx);
> > 389     out_no_mctx:
> > 390             public_key_signature_free(s);
> >
> > ** CID 510808:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510808:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes()
> > 718     static void spi_nor_set_4byte_opcodes(struct spi_nor *nor,
> > 719                                           const struct flash_info *info)
> > 720     {
> > 721             bool shift = 0;
> > 722
> > 723             if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510808:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach this statement: "shift = true;".
> > 724                     shift = 1;
> > 725
> > 726             /* Do some manufacturer fixups first */
> > 727             switch (JEDEC_MFR(info)) {
> > 728             case SNOR_MFR_SPANSION:
> > 729                     /* No small sector erase for 4-byte command set */
> >
> > ** CID 510807:  Control flow issues  (DEADCODE)
> > /lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in x509_inet_pton_ipv6()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510807:  Control flow issues  (DEADCODE)
> > /lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in x509_inet_pton_ipv6()
> > 2744                 MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
> > 2745                 nonzero_groups++;
> > 2746                 if (*p == '\0') {
> > 2747                     break;
> > 2748                 } else if (*p == '.') {
> > 2749                     /* Don't accept IPv4 too early or late */
> > >>>     CID 510807:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach the expression "zero_group_start == -1" inside this
> statement: "if ((nonzero_groups == 0 &&...".
> > 2750                     if ((nonzero_groups == 0 && zero_group_start == -1) ||
> > 2751                         nonzero_groups >= 7) {
> > 2752                         break;
> > 2753                     }
> > 2754
> > 2755                     /* Walk back to prior ':', then parse as IPv4-mapped */
> >
> > ** CID 510806:  Control flow issues  (DEADCODE)
> > /lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510806:  Control flow issues  (DEADCODE)
> > /lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse()
> > 203                                     return -EINVAL;
> > 204                     }
> > 205
> > 206                     p += seq_len;
> > 207             }
> > 208
> > >>>     CID 510806:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach the expression "ret != -96" inside this statement: "if
> (ret && ret != -96)
> >   re...".
> > 209             if (ret && ret !=  MBEDTLS_ERR_ASN1_OUT_OF_DATA)
> > 210                     return ret;
> > 211
> > 212             msg->have_authattrs = true;
> > 213
> > 214             /*
> >
> > ** CID 510805:  Memory - illegal accesses  (OVERRUN)
> > /lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510805:  Memory - illegal accesses  (OVERRUN)
> > /lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop()
> > 672             (*prop)->num_bits = (rsa_key.n_sz - i) * 8;
> > 673             (*prop)->modulus = malloc(rsa_key.n_sz - i);
> > 674             if (!(*prop)->modulus) {
> > 675                     ret = -ENOMEM;
> > 676                     goto out;
> > 677             }
> > >>>     CID 510805:  Memory - illegal accesses  (OVERRUN)
> > >>>     Overrunning dynamic array "rsa_key.n" at offset corresponding to index
> variable "i".
> > 678             memcpy((void *)(*prop)->modulus, &rsa_key.n[i],
> > rsa_key.n_sz - i);
> > 679
> > 680             n = calloc(sizeof(uint32_t), 1 + ((*prop)->num_bits >> 5));
> > 681             rr = calloc(sizeof(uint32_t), 1 + (((*prop)->num_bits
> > * 2) >> 5));
> > 682             rrtmp = calloc(sizeof(uint32_t), 2 +
> > (((*prop)->num_bits * 2) >> 5));
> > 683             if (!n || !rr || !rrtmp) {
> >
> > ** CID 510804:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
> > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510804:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
> > /drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
> > 1550     {
> > 1551            int                     tmp;
> > 1552            u8                      id[SPI_NOR_MAX_ID_LEN];
> > 1553            const struct flash_info *info;
> > 1554
> > 1555            if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510804:  Integer handling issues
> (CONSTANT_EXPRESSION_RESULT)
> > >>>     In "nor->spi->flags |= 256 /* 1 << 8 */", wider "256 /* 1 << 8 */" has high-
> order bits (0x100) that don't affect the narrower left-hand side.
> > 1556                    nor->spi->flags |= SPI_XFER_LOWER;
> > 1557
> > 1558            tmp = nor->read_reg(nor, SPINOR_OP_RDID, id,
> > SPI_NOR_MAX_ID_LEN);
> > 1559            if (tmp < 0) {
> > 1560                    dev_dbg(nor->dev, "error %d reading JEDEC ID\n", tmp);
> > 1561                    return ERR_PTR(tmp);
> >
> > ** CID 510803:  Code maintainability issues  (UNUSED_VALUE)
> > /drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510803:  Code maintainability issues  (UNUSED_VALUE)
> > /drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase()
> > 1132                    offset = addr;
> > 1133                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > 1134                            offset /= 2;
> > 1135
> > 1136                    if (nor->flags & SNOR_F_HAS_STACKED) {
> > 1137                            if (offset >= (mtd->size / 2)) {
> > >>>     CID 510803:  Code maintainability issues  (UNUSED_VALUE)
> > >>>     Assigning value from "offset - mtd->size / 2ULL" to "offset" here, but that
> stored value is overwritten before it can be used.
> > 1138                                    offset = offset - (mtd->size / 2);
> > 1139                                    nor->spi->flags |= SPI_XFER_U_PAGE;
> > 1140                            } else {
> > 1141                                    nor->spi->flags &= ~SPI_XFER_U_PAGE;
> > 1142                            }
> > 1143                    }
> >
> > ** CID 510802:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 504 in read_sr()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510802:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 504 in read_sr()
> > 498              * discard the second byte.
> > 499              */
> > 500             if (spi_nor_protocol_is_dtr(nor->reg_proto))
> > 501                     op.data.nbytes = 2;
> > 502
> > 503             if (nor->flags & SNOR_F_HAS_PARALLEL) {
> > >>>     CID 510802:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach this statement: "op.data.nbytes = 2U;".
> > 504                     op.data.nbytes = 2;
> > 505                     ret = spi_nor_read_write_reg(nor, &op, &val[0]);
> > 506                     if (ret < 0) {
> > 507                             pr_debug("error %d reading SR\n", (int)ret);
> > 508                             return ret;
> > 509                     }
> >
> > ** CID 510801:  Null pointer dereferences  (FORWARD_NULL)
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510801:  Null pointer dereferences  (FORWARD_NULL)
> > /lib/ecdsa/ecdsa-libcrypto.c: 365 in ecdsa_add_verify_data()
> > 359             struct signer ctx;
> > 360             int ret;
> > 361
> > 362             fdt_key_name = info->keyname ? info->keyname : "default-key";
> > 363             ret = prepare_ctx(&ctx, info);
> > 364             if (ret >= 0) {
> > >>>     CID 510801:  Null pointer dereferences  (FORWARD_NULL)
> > >>>     Passing "info" to "do_add", which dereferences null "info->keyname".
> > 365                     ret = do_add(&ctx, fdt, fdt_key_name, info);
> > 366                     if (ret < 0)
> > 367                             ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
> > 368             }
> > 369
> > 370             free_ctx(&ctx);
> > 371             return ret;
> >
> > ** CID 510800:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read()
> > /drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read()
> > /drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read()
> > /drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510800:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read()
> > 1614                            } else {
> > 1615                                    nor->spi->flags &= ~SPI_XFER_U_PAGE;
> > 1616                            }
> > 1617                    }
> > 1618
> > 1619                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510800:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "offset /= 2LL;".
> > 1620                            offset /= 2;
> > 1621
> > 1622                    if (nor->addr_width == 3) {
> > 1623     #ifdef CONFIG_SPI_FLASH_BAR
> > 1624                            ret = write_bar(nor, offset);
> > 1625                            if (ret < 0)
> > /drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read()
> > 1584            u32 rem_bank_len = 0;
> > 1585            u8 bank;
> > 1586            bool is_ofst_odd = false;
> > 1587
> > 1588            dev_dbg(nor->dev, "from 0x%08x, len %zd\n", (u32)from, len);
> > 1589
> > >>>     CID 510800:    (DEADCODE)
> > >>>     Execution cannot reach the expression "offset & 1LL" inside this statement:
> "if (nor->flags & SNOR_F_HAS...".
> > 1590            if ((nor->flags & SNOR_F_HAS_PARALLEL) && (offset & 1)) {
> > 1591                /* We can hit this case when we use file system
> > like ubifs */
> > 1592                    from--;
> > 1593                    len++;
> > 1594                    is_ofst_odd = true;
> > 1595            }
> > /drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read()
> > 1605                                    rem_bank_len = (SZ_16M * (bank
> > + 1)) - from;
> > 1606                            }
> > 1607                    }
> > 1608                    offset = from;
> > 1609
> > 1610                    if (nor->flags & SNOR_F_HAS_STACKED) {
> > >>>     CID 510800:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
> > 1611                            if (offset >= (mtd->size / 2)) {
> > 1612                                    offset = offset - (mtd->size / 2);
> > 1613                                    nor->spi->flags |= SPI_XFER_U_PAGE;
> > 1614                            } else {
> > 1615                                    nor->spi->flags &= ~SPI_XFER_U_PAGE;
> > 1616                            }
> > /drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read()
> > 1594                    is_ofst_odd = true;
> > 1595            }
> > 1596
> > 1597            while (len) {
> > 1598                    if (nor->addr_width == 3) {
> > 1599                            if (nor->flags & SNOR_F_HAS_PARALLEL) {
> > >>>     CID 510800:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "bank = (u32)from / 33554432U;".
> > 1600                                    bank = (u32)from / (SZ_16M << 0x01);
> > 1601                                    rem_bank_len = ((SZ_16M << 0x01) *
> > 1602                                            (bank + 1)) - from;
> > 1603                            } else {
> > 1604                                    bank = (u32)from / SZ_16M;
> > 1605                                    rem_bank_len = (SZ_16M * (bank
> > + 1)) - from;
> >
> > ** CID 510799:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write()
> > /drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write()
> > /drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510799:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write()
> > 1965                    return 0;
> > 1966
> > 1967            /*
> > 1968             * Cannot write to odd offset in parallel mode,
> > 1969             * so write 2 bytes first
> > 1970             */
> > >>>     CID 510799:    (DEADCODE)
> > >>>     Execution cannot reach the expression "to & 1LL" inside this statement: "if
> (nor->flags & SNOR_F_HAS...".
> > 1971            if ((nor->flags & SNOR_F_HAS_PARALLEL) && (to & 1)) {
> > 1972                    u8 two[2] = {0xff, buf[0]};
> > 1973                    size_t local_retlen;
> > 1974
> > 1975                    ret = spi_nor_write(mtd, to & ~1, 2,
> > &local_retlen, two);
> > 1976                    if (ret < 0)
> > /drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write()
> > 2001                    }
> > 2002                    offset = (to + i);
> > 2003                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > 2004                            offset /= 2;
> > 2005
> > 2006                    if (nor->flags & SNOR_F_HAS_STACKED) {
> > >>>     CID 510799:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
> > 2007                            if (offset >= (mtd->size / 2)) {
> > 2008                                    offset = offset - (mtd->size / 2);
> > 2009                                    nor->spi->flags |= SPI_XFER_U_PAGE;
> > 2010                            } else {
> > 2011                                    nor->spi->flags &= ~SPI_XFER_U_PAGE;
> > 2012                            }
> > /drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write()
> > 1998                            u64 aux = addr;
> > 1999
> > 2000                            page_offset = do_div(aux, nor->page_size);
> > 2001                    }
> > 2002                    offset = (to + i);
> > 2003                    if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510799:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "offset /= 2U;".
> > 2004                            offset /= 2;
> > 2005
> > 2006                    if (nor->flags & SNOR_F_HAS_STACKED) {
> > 2007                            if (offset >= (mtd->size / 2)) {
> > 2008                                    offset = offset - (mtd->size / 2);
> > 2009                                    nor->spi->flags |= SPI_XFER_U_PAGE;
> >
> > ** CID 510798:  Resource leaks  (RESOURCE_LEAK)
> > /lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510798:  Resource leaks  (RESOURCE_LEAK)
> > /lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params()
> > 214             }
> > 215
> > 216             ret = hash_calculate(s->hash_algo, &region, 1, s->digest);
> > 217             if (!ret)
> > 218                     *sig = s;
> > 219
> > >>>     CID 510798:  Resource leaks  (RESOURCE_LEAK)
> > >>>     Variable "s" going out of scope leaks the storage it points to.
> > 220             return ret;
> > 221
> > 222     error_sig:
> > 223             public_key_signature_free(s);
> > 224             return ret;
> > 225     }
> >
> > ** CID 510797:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan()
> > /drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510797:    (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan()
> > 4622            /* Send all the required SPI flash commands to
> > initialize device */
> > 4623            ret = spi_nor_init(nor);
> > 4624            if (ret)
> > 4625                    return ret;
> > 4626
> > 4627            if (nor->flags & SNOR_F_HAS_STACKED) {
> > >>>     CID 510797:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "nor->spi->flags |= 0x10UL;".
> > 4628                    nor->spi->flags |= SPI_XFER_U_PAGE;
> > 4629                    ret = spi_nor_init(nor);
> > 4630                    if (ret)
> > 4631                            return ret;
> > 4632                    nor->spi->flags &= ~SPI_XFER_U_PAGE;
> > 4633            }
> > /drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan()
> > 4592                    nor->addr_width = info->addr_width;
> > 4593            } else {
> > 4594                    nor->addr_width = 3;
> > 4595            }
> > 4596
> > 4597            if (nor->flags & (SNOR_F_HAS_PARALLEL |
> SNOR_F_HAS_STACKED))
> > >>>     CID 510797:    (DEADCODE)
> > >>>     Execution cannot reach this statement: "shift = true;".
> > 4598                    shift = 1;
> > 4599            if (nor->addr_width == 3 && (mtd->size >> shift) > SZ_16M) {
> > 4600     #ifndef CONFIG_SPI_FLASH_BAR
> > 4601                    /* enable 4-byte addressing if the device
> > exceeds 16MiB */
> > 4602                    nor->addr_width = 4;
> > 4603                    if (JEDEC_MFR(info) == SNOR_MFR_SPANSION ||
> >
> > ** CID 510796:  Insecure data handling  (TAINTED_SCALAR)
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510796:  Insecure data handling  (TAINTED_SCALAR)
> > /lib/mbedtls/external/mbedtls/library/rsa.c: 1316 in rsa_prepare_blinding()
> > 1310             }
> > 1311
> > 1312             MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf,
> > ctx->len - 1, f_rng, p_rng));
> > 1313
> > 1314             /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from
> > inv_mod. */
> > 1315             MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len
> > - 1, f_rng, p_rng));
> > >>>     CID 510796:  Insecure data handling  (TAINTED_SCALAR)
> > >>>     Passing tainted expression "*ctx->Vf.p" to "mbedtls_mpi_mul_mpi", which
> uses it as an offset.
> > 1316             MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf,
> &R));
> > 1317             MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi,
> > &ctx->Vi, &ctx->N));
> > 1318
> > 1319             /* At this point, Vi is invertible mod N if and only
> > if both Vf and R
> > 1320              * are invertible mod N. If one of them isn't, we
> > don't need to know
> > 1321              * which one, we just loop and choose new values for
> > both of them.
> >
> > ** CID 510795:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510795:  Control flow issues  (DEADCODE)
> > /drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init()
> > 4265
> > 4266     static int spi_nor_init(struct spi_nor *nor)
> > 4267     {
> > 4268            int err;
> > 4269
> > 4270            if (nor->flags & SNOR_F_HAS_PARALLEL)
> > >>>     CID 510795:  Control flow issues  (DEADCODE)
> > >>>     Execution cannot reach this statement: "nor->spi->flags |= 3UL;".
> > 4271                    nor->spi->flags |= SPI_NOR_ENABLE_MULTI_CS;
> > 4272
> > 4273            err = spi_nor_octal_dtr_enable(nor);
> > 4274            if (err) {
> > 4275                    dev_dbg(nor->dev, "Octal DTR mode not supported\n");
> > 4276                    return err;
> >
> > ** CID 510794:  Control flow issues  (NO_EFFECT)
> > /lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string()
> >
> >
> >
> ___________________________________________________________________
> _____________________________________
> > *** CID 510794:  Control flow issues  (NO_EFFECT)
> > /lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string()
> > 72      do {
> > 73              name_str = kzalloc(len, GFP_KERNEL);
> > 74              if (!name_str)
> > 75                      return NULL;
> > 76
> > 77              wb = mbedtls_x509_dn_gets(name_str, len, name);
> > >>>     CID 510794:  Control flow issues  (NO_EFFECT)
> > >>>     This less-than-zero comparison of an unsigned value is never true. "wb <
> 0UL".
> > 78              if (wb < 0) {
> > 79                      pr_err("Get DN string failed, ret:-0x%04x\n",
> > 80                             (unsigned int)-wb);
> > 81                      kfree(name_str);
> > 82                      len = len * 2; /* Try with a bigger buffer */
> > 83              }
> >
> > ----- End forwarded message -----
> >
> > --
> > Tom


More information about the U-Boot mailing list