Latest Coverity scan results

Tom Rini trini at konsulko.com
Tue May 6 17:48:51 CEST 2025 

Hey all,

Unfortunately it looks like Coverity scan no longer generates the email
report with code snippets and only send me a high level report now. So,
the latest report is visible only to project members when logged in, and
is:
https://scan8.scan.coverity.com/#/project-view/22486/10710

So I'm making my own summary and either explaining what the problem is, or
copy/pasting from the viewer.

This has 3 new defects. Two of which are in
drivers/video/console_rotate.c and the console_putc_xy_1 and
console_putc_xy_3 functions noting that height/width arguments are
reversed in the return line call to video_damage. On looking at the
code, I think x/y are as well and maybe this is intentional but not
clearly commented enough?

The third defect is in boot/bootm_os.c the do_bootm_efi function:
503        /* Run EFI image */
504        printf("## Transferring control to EFI (at address %08lx) ...\n",
505               images->os.image_start);
506        bootstage_mark(BOOTSTAGE_ID_RUN_OS);
507
      2. Condition images->ft_len, taking true branch.
      3. function_return: Function efi_binary_run(image_buf, images->os.image_len, (images->ft_len ? images->ft_addr : NULL), (void *)images->initrd_start, (size_t)(images->initrd_end - images->initrd_start)) returns -9223372036854775799.
     
CID 550810: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
4. overflow_const: Expression ret, where efi_binary_run(image_buf, images->os.image_len, (images->ft_len ? images->ft_addr : NULL), (void *)images->initrd_start, (size_t)(images->initrd_end - images->initrd_start)) is known to be equal to 9223372036854775817, overflows the type of ret, which is type int.
508        ret = efi_binary_run(image_buf, images->os.image_len,
509                             images->ft_len
510                             ? images->ft_addr : EFI_FDT_USE_INTERNAL,
511                                 (void *)images->initrd_start,
512                                 (size_t)(images->initrd_end - images->initrd_start));
513
514        return ret;

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250506/a822bf4c/attachment.sig>

More information about the U-Boot mailing list