Fwd: New Defects reported by Coverity Scan for Das U-Boot

Jerome Forissier jerome.forissier at linaro.org
Tue Apr 29 14:07:05 CEST 2025 

Hi Tom,

On 4/28/25 23:59, Tom Rini wrote:
> Hey all,
> 
> Here's the latest set of Coverity defects. Please let me know if some of
> these are false positives for example, thanks.
> 
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Mon, Apr 28, 2025 at 3:52 PM
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> To: <tom.rini at gmail.com>
> 
> 
> Hi,
> 
> Please find the latest report on new defect(s) introduced to Das U-Boot
> found with Coverity Scan.
> 
> 33 new defect(s) introduced to Das U-Boot found with Coverity Scan.
> 15 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
> 
> New defect(s) Reported-by: Coverity Scan
> Showing 20 of 33 defect(s)
> 

[...]
 
> ** CID 550297:  Integer handling issues  (INTEGER_OVERFLOW)
> /cmd/spawn.c: 174 in do_wait()
> 
> 
> ________________________________________________________________________________________________________
> *** CID 550297:  Integer handling issues  (INTEGER_OVERFLOW)
> /cmd/spawn.c: 174 in do_wait()
> 168                                     ret = wait_job(i);
> 169             } else {
> 170                     for (i = 1; i < argc; i++) {
> 171                             id = dectoul(argv[i], NULL);
> 172                             if (id < 0 || id >
> CONFIG_CMD_SPAWN_NUM_JOBS)
> 173                                     return CMD_RET_USAGE;
>>>>     CID 550297:  Integer handling issues  (INTEGER_OVERFLOW)
>>>>     Expression "idx", where "(int)id - 1" is known to be equal to -1,
> overflows the type of "idx", which is type "unsigned int".
> 174                             idx = (int)id - 1;
> 175                             ret = wait_job(idx);
> 176                     }
> 177             }
> 178
> 179             return ret;
> 
> ** CID 550296:  Control flow issues  (NO_EFFECT)
> /cmd/spawn.c: 172 in do_wait()
> 
> 
> ________________________________________________________________________________________________________
> *** CID 550296:  Control flow issues  (NO_EFFECT)
> /cmd/spawn.c: 172 in do_wait()
> 166                     for (i = 0; i < CONFIG_CMD_SPAWN_NUM_JOBS; i++)
> 167                             if (job[i])
> 168                                     ret = wait_job(i);
> 169             } else {
> 170                     for (i = 1; i < argc; i++) {
> 171                             id = dectoul(argv[i], NULL);
>>>>     CID 550296:  Control flow issues  (NO_EFFECT)
>>>>     This less-than-zero comparison of an unsigned value is never true.
> "id < 0UL".
> 172                             if (id < 0 || id >
> CONFIG_CMD_SPAWN_NUM_JOBS)
> 173                                     return CMD_RET_USAGE;
> 174                             idx = (int)id - 1;
> 175                             ret = wait_job(idx);
> 176                     }
> 177             }


These two are real issues and should be fixed by [1].

[1] https://lists.denx.de/pipermail/u-boot/2025-April/588272.html

Thanks,
-- 
Jerome

More information about the U-Boot mailing list