Fwd: New Defects reported by Coverity Scan for Das U-Boot

Michal Simek michal.simek at amd.com
Wed Apr 29 08:31:07 CEST 2026 


On 4/28/26 16:04, Tom Rini wrote:
> Here's the latest report.
> 
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Mon, Apr 27, 2026, 5:41 PM
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> To: <tom.rini at gmail.com>
> 
> 
> Hi,
> 
> Please find the latest report on new defect(s) introduced to *Das U-Boot*
> found with Coverity Scan.
> 
>     - *New Defects Found:* 9
>     - 77 defect(s), reported by Coverity Scan earlier, were marked fixed in
>     the recent build analyzed by Coverity Scan.
>     - *Defects Shown:* Showing 9 of 9 defect(s)
> 
> Defect Details
> 
> 
> ** CID 645841:       Incorrect expression  (BAD_COMPARE)
> /common/bloblist.c: 303           in bloblist_apply_blobs()
> 
> 
> _____________________________________________________________________________________________
> *** CID 645841:         Incorrect expression  (BAD_COMPARE)
> /common/bloblist.c: 303             in bloblist_apply_blobs()
> 297     				log_err("Failed to apply blob with tag %d\n",
> 298     					tag);
> 299     				return ret;
> 300     			}
> 301
> 302     			rec = rec_from_blob(blob - dat_off);
>>>>      CID 645841:         Incorrect expression  (BAD_COMPARE)
>>>>      Comparing pointer "rec" against "NULL" using anything besides "==" or "!=" is likely to be incorrect.
> 303     			if (rec <= 0) {
> 304     				log_err("Blob corrupted\n");
> 305     				return -ENOENT;
> 306     			}
> 307
> 308     			/* Mark applied blob record as void */
> 

I sent a patch for this one.


> ** CID 645839:       Error handling issues  (CHECKED_RETURN)
> /lib/fdtdec.c: 1785           in fdtdec_apply_bloblist_dtos()
> 
> 
> _____________________________________________________________________________________________
> *** CID 645839:         Error handling issues  (CHECKED_RETURN)
> /lib/fdtdec.c: 1785             in fdtdec_apply_bloblist_dtos()
> 1779
> 1780     	ret = bloblist_apply_blobs(BLOBLISTT_FDT_OVERLAY,
> fdtdec_apply_dto_blob);
> 1781     	if (ret)
> 1782     		return ret;
> 1783
> 1784     	/* Shink the blob to the actual FDT size */
>>>>      CID 645839:         Error handling issues  (CHECKED_RETURN)
>>>>      Calling "fdt_pack" without checking return value (as is done elsewhere 5 out of 6 times).
> 1785     	fdt_pack(live_fdt);
> 1786     	return bloblist_resize(BLOBLISTT_CONTROL_FDT,
> fdt_totalsize(live_fdt));
> 1787     }
> 1788
> 1789     int fdtdec_setup(void)
> 1790     {
> 

And this one.

M

More information about the U-Boot mailing list