Fwd: New Defects reported by Coverity Scan for Das U-Boot

Tom Rini trini at konsulko.com
Mon Dec 8 20:38:57 CET 2025 

Here's the latest Coverity scan report. I think the test/dm/clk_ccf.c
report is just a "works as intended" but I'm not sure off-hand about the
fdtdec.c test. Might be the case the previous test in the file also has
this problem, and since it's just test code, might also be fine enough.

---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Dec 8, 2025 at 1:23 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to *Das U-Boot*
found with Coverity Scan.

   - *New Defects Found:* 2
   - 1 defect(s), reported by Coverity Scan earlier, were marked fixed in
   the recent build analyzed by Coverity Scan.
   - *Defects Shown:* Showing 2 of 2 defect(s)

Defect Details

** CID 639831:         (TAINTED_SCALAR)


_____________________________________________________________________________________________
*** CID 639831:           (TAINTED_SCALAR)
/test/dm/fdtdec.c: 153             in dm_test_fdt_chosen_smbios()
147
148     	blob_sz = fdt_totalsize(gd->fdt_blob) + 4096;
149     	blob = memalign(8, blob_sz);
150     	ut_assertnonnull(blob);
151
152     	/* Make a writable copy of the fdt blob */
>>>     CID 639831:           (TAINTED_SCALAR)
>>>     Passing tainted expression "gd->fdt_blob->totalsize" to "fdt_open_into", which uses it as an offset.
153     	ut_assertok(fdt_open_into(gd->fdt_blob, blob, blob_sz));
154
155     	/* Mock SMBIOS table */
156     	entry = map_sysmem(gd->arch.smbios_start, sizeof(struct
smbios3_entry));
157     	memcpy(entry->anchor, "_SM3_", 5);
158     	entry->length = sizeof(struct smbios3_entry);
/test/dm/fdtdec.c: 153             in dm_test_fdt_chosen_smbios()
147
148     	blob_sz = fdt_totalsize(gd->fdt_blob) + 4096;
149     	blob = memalign(8, blob_sz);
150     	ut_assertnonnull(blob);
151
152     	/* Make a writable copy of the fdt blob */
>>>     CID 639831:           (TAINTED_SCALAR)
>>>     Passing tainted expression "gd->fdt_blob->size_dt_strings" to "fdt_open_into", which uses it as an offset.
153     	ut_assertok(fdt_open_into(gd->fdt_blob, blob, blob_sz));
154
155     	/* Mock SMBIOS table */
156     	entry = map_sysmem(gd->arch.smbios_start, sizeof(struct
smbios3_entry));
157     	memcpy(entry->anchor, "_SM3_", 5);
158     	entry->length = sizeof(struct smbios3_entry);
/test/dm/fdtdec.c: 153             in dm_test_fdt_chosen_smbios()
147
148     	blob_sz = fdt_totalsize(gd->fdt_blob) + 4096;
149     	blob = memalign(8, blob_sz);
150     	ut_assertnonnull(blob);
151
152     	/* Make a writable copy of the fdt blob */
>>>     CID 639831:           (TAINTED_SCALAR)
>>>     Passing tainted expression "gd->fdt_blob->size_dt_struct" to "fdt_open_into", which uses it as an offset.
153     	ut_assertok(fdt_open_into(gd->fdt_blob, blob, blob_sz));
154
155     	/* Mock SMBIOS table */
156     	entry = map_sysmem(gd->arch.smbios_start, sizeof(struct
smbios3_entry));
157     	memcpy(entry->anchor, "_SM3_", 5);
158     	entry->length = sizeof(struct smbios3_entry);

** CID 639830:       Integer handling issues  (INTEGER_OVERFLOW)
/test/dm/clk_ccf.c: 68           in dm_test_clk_ccf()


_____________________________________________________________________________________________
*** CID 639830:         Integer handling issues  (INTEGER_OVERFLOW)
/test/dm/clk_ccf.c: 68             in dm_test_clk_ccf()
62     	ut_asserteq(CLK_SET_RATE_NO_REPARENT, clk->flags);
63
64     	rate = clk_get_parent_rate(clk);
65     	ut_asserteq(rate, 60000000);
66
67     	rate = clk_set_rate(clk, 60000000);
>>>     CID 639830:         Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "_val1", where "rate" is known to be equal to -38, overflows the type of "_val1", which is type "unsigned int".
68     	ut_asserteq(rate, -ENOSYS);
69
70     	rate = clk_get_rate(clk);
71     	ut_asserteq(rate, 60000000);
72
73     	ret = clk_get_by_id(CLK_ID(dev, SANDBOX_CLK_PLL3_80M), &pclk);



View Defects in Coverity Scan
<https://scan.coverity.com/projects/das-u-boot?tab=overview>

Best regards,

The Coverity Scan Admin Team

----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20251208/4f87e508/attachment.sig>

More information about the U-Boot mailing list