Fwd: New Defects reported by Coverity Scan for Das U-Boot

Tom Rini trini at konsulko.com
Mon Feb 23 20:51:09 CET 2026 

Hey all,

Looks like Coverity is a little unhappy about the FIT alignment fixes,
but I'm not sure yet if we can just mark them as intentional and already
safety checked inputs or not.

---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Feb 23, 2026 at 1:34 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to *Das U-Boot*
found with Coverity Scan.

   - *New Defects Found:* 1
   - 1 defect(s), reported by Coverity Scan earlier, were marked fixed in
   the recent build analyzed by Coverity Scan.
   - *Defects Shown:* Showing 1 of 1 defect(s)

Defect Details

** CID 644638:         (TAINTED_SCALAR)


_____________________________________________________________________________________________
*** CID 644638:           (TAINTED_SCALAR)
/boot/image-fit.c: 2410             in boot_get_fdt_fit_into_buffer()
2404     	 */
2405     	if (dstlen >= newdstlen && dstbuf == fdtsrcbuf)
2406     		goto out;
2407
2408     	/* Try to reuse existing destination buffer if it is large enough. */
2409     	if (dstbuf && dstlen >= newdstlen) {
>>>     CID 644638:           (TAINTED_SCALAR)
>>>     Passing tainted expression "fdtsrcbuf->size_dt_strings" to "fdt_open_into", which uses it as an offset.
2410     		err = fdt_open_into(fdtsrcbuf, dstbuf, dstlen);
2411     		goto out;
2412     	}
2413
2414     	newdstbuf = memalign(8, newdstlen);
2415     	if (!newdstbuf) {
/boot/image-fit.c: 2420             in boot_get_fdt_fit_into_buffer()
2414     	newdstbuf = memalign(8, newdstlen);
2415     	if (!newdstbuf) {
2416     		err = -ENOMEM;
2417     		goto out;
2418     	}
2419
>>>     CID 644638:           (TAINTED_SCALAR)
>>>     Passing tainted expression "fdtsrcbuf->size_dt_struct" to "fdt_open_into", which uses it as an offset.
2420     	err = fdt_open_into(fdtsrcbuf, newdstbuf, newdstlen);
2421     	if (err < 0)
2422     		goto out;
2423
2424     	free(dstbuf);
2425     	*fdtdstbuf = newdstbuf;
/boot/image-fit.c: 2420             in boot_get_fdt_fit_into_buffer()
2414     	newdstbuf = memalign(8, newdstlen);
2415     	if (!newdstbuf) {
2416     		err = -ENOMEM;
2417     		goto out;
2418     	}
2419
>>>     CID 644638:           (TAINTED_SCALAR)
>>>     Passing tainted expression "fdtsrcbuf->size_dt_strings" to "fdt_open_into", which uses it as an offset.
2420     	err = fdt_open_into(fdtsrcbuf, newdstbuf, newdstlen);
2421     	if (err < 0)
2422     		goto out;
2423
2424     	free(dstbuf);
2425     	*fdtdstbuf = newdstbuf;
/boot/image-fit.c: 2420             in boot_get_fdt_fit_into_buffer()
2414     	newdstbuf = memalign(8, newdstlen);
2415     	if (!newdstbuf) {
2416     		err = -ENOMEM;
2417     		goto out;
2418     	}
2419
>>>     CID 644638:           (TAINTED_SCALAR)
>>>     Passing tainted expression "fdtsrcbuf->totalsize" to "fdt_open_into", which uses it as an offset.
2420     	err = fdt_open_into(fdtsrcbuf, newdstbuf, newdstlen);
2421     	if (err < 0)
2422     		goto out;
2423
2424     	free(dstbuf);
2425     	*fdtdstbuf = newdstbuf;
/boot/image-fit.c: 2410             in boot_get_fdt_fit_into_buffer()
2404     	 */
2405     	if (dstlen >= newdstlen && dstbuf == fdtsrcbuf)
2406     		goto out;
2407
2408     	/* Try to reuse existing destination buffer if it is large enough. */
2409     	if (dstbuf && dstlen >= newdstlen) {
>>>     CID 644638:           (TAINTED_SCALAR)
>>>     Passing tainted expression "fdtsrcbuf->totalsize" to "fdt_open_into", which uses it as an offset.
2410     		err = fdt_open_into(fdtsrcbuf, dstbuf, dstlen);
2411     		goto out;
2412     	}
2413
2414     	newdstbuf = memalign(8, newdstlen);
2415     	if (!newdstbuf) {
/boot/image-fit.c: 2410             in boot_get_fdt_fit_into_buffer()
2404     	 */
2405     	if (dstlen >= newdstlen && dstbuf == fdtsrcbuf)
2406     		goto out;
2407
2408     	/* Try to reuse existing destination buffer if it is large enough. */
2409     	if (dstbuf && dstlen >= newdstlen) {
>>>     CID 644638:           (TAINTED_SCALAR)
>>>     Passing tainted expression "fdtsrcbuf->size_dt_struct" to "fdt_open_into", which uses it as an offset.
2410     		err = fdt_open_into(fdtsrcbuf, dstbuf, dstlen);
2411     		goto out;
2412     	}
2413
2414     	newdstbuf = memalign(8, newdstlen);
2415     	if (!newdstbuf) {



View Defects in Coverity Scan
<https://scan.coverity.com/projects/das-u-boot?tab=overview>

Best regards,

The Coverity Scan Admin Team

----- End forwarded message -----

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260223/41672e1e/attachment.sig>

More information about the U-Boot mailing list