Fwd: New Defects reported by Coverity Scan for Das U-Boot
Lucien.Jheng
lucienzx159 at gmail.com
Thu May 14 17:39:11 CEST 2026
Hi Tom
I will fix coverity issue in the next patch.
Tom Rini 於 2026/5/9 上午 07:42 寫道:
> Here's the latest report. I think test code matters because it sets bad
> examples, or might not really end up testing things the way we want them
> to, and so should be fixed. Thanks!
>
> ---------- Forwarded message ---------
> From: <scan-admin at coverity.com>
> Date: Fri, May 8, 2026 at 5:31 PM
> Subject: New Defects reported by Coverity Scan for Das U-Boot
> To: <tom.rini at gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to *Das U-Boot*
> found with Coverity Scan.
>
> - *New Defects Found:* 17
> - 3 defect(s), reported by Coverity Scan earlier, were marked fixed in
> the recent build analyzed by Coverity Scan.
> - *Defects Shown:* Showing 17 of 17 defect(s)
>
> Defect Details
>
> ** CID 646011: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 164 in
> dm_test_phy_common_props_rx_unsupported()
>
>
> _____________________________________________________________________________________________
> *** CID 646011: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 164 in
> dm_test_phy_common_props_rx_unsupported()
> 158 unsigned int val;
> 159 int ret;
> 160
> 161 ut_assert(ofnode_valid(node));
> 162
> 163 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646011: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 164 ut_asserteq(-EOPNOTSUPP, ret);
> 165
> 166 return 0;
> 167 }
> 168
> 169 DM_TEST(dm_test_phy_common_props_rx_unsupported, UTF_SCAN_FDT);
>
> ** CID 646010: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 236 in
> dm_test_phy_common_props_tx_more_names()
>
>
> _____________________________________________________________________________________________
> *** CID 646010: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 236 in
> dm_test_phy_common_props_tx_more_names()
> 230 unsigned int val;
> 231 int ret;
> 232
> 233 ut_assert(ofnode_valid(node));
> 234
> 235 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646010: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 236 ut_asserteq(-EINVAL, ret);
> 237
> 238 return 0;
> 239 }
> 240
> 241 DM_TEST(dm_test_phy_common_props_tx_more_names, UTF_SCAN_FDT);
>
> ** CID 646009: (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 253 in
> dm_test_phy_common_props_tx_find_by_name()
> /test/dm/phy_common_props.c: 257 in
> dm_test_phy_common_props_tx_find_by_name()
> /test/dm/phy_common_props.c: 261 in
> dm_test_phy_common_props_tx_find_by_name()
>
>
> _____________________________________________________________________________________________
> *** CID 646009: (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 253 in
> dm_test_phy_common_props_tx_find_by_name()
> 247 unsigned int val;
> 248 int ret;
> 249
> 250 ut_assert(ofnode_valid(node));
> 251
> 252 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646009: (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 253 ut_asserteq(0, ret);
> 254 ut_asserteq(PHY_POL_NORMAL, val);
> 255
> 256 ret = phy_get_manual_tx_polarity(node, "2500base-x", &val);
> 257 ut_asserteq(0, ret);
> 258 ut_asserteq(PHY_POL_INVERT, val);
> /test/dm/phy_common_props.c: 257 in
> dm_test_phy_common_props_tx_find_by_name()
> 251
> 252 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
> 253 ut_asserteq(0, ret);
> 254 ut_asserteq(PHY_POL_NORMAL, val);
> 255
> 256 ret = phy_get_manual_tx_polarity(node, "2500base-x", &val);
>>>> CID 646009: (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 257 ut_asserteq(0, ret);
> 258 ut_asserteq(PHY_POL_INVERT, val);
> 259
> 260 ret = phy_get_manual_tx_polarity(node, "1000base-x", &val);
> 261 ut_asserteq(0, ret);
> 262 ut_asserteq(PHY_POL_NORMAL, val);
> /test/dm/phy_common_props.c: 261 in
> dm_test_phy_common_props_tx_find_by_name()
> 255
> 256 ret = phy_get_manual_tx_polarity(node, "2500base-x", &val);
> 257 ut_asserteq(0, ret);
> 258 ut_asserteq(PHY_POL_INVERT, val);
> 259
> 260 ret = phy_get_manual_tx_polarity(node, "1000base-x", &val);
>>>> CID 646009: (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 261 ut_asserteq(0, ret);
> 262 ut_asserteq(PHY_POL_NORMAL, val);
> 263
> 264 return 0;
> 265 }
> 266
>
> ** CID 646008: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 31 in
> dm_test_phy_common_props_rx_missing()
>
>
> _____________________________________________________________________________________________
> *** CID 646008: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 31 in
> dm_test_phy_common_props_rx_missing()
> 25 unsigned int val;
> 26 int ret;
> 27
> 28 ut_assert(ofnode_valid(node));
> 29
> 30 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646008: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 31 ut_asserteq(0, ret);
> 32 ut_asserteq(PHY_POL_NORMAL, val);
> 33
> 34 return 0;
> 35 }
> 36
>
> ** CID 646007: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 296 in
> dm_test_phy_common_props_tx_with_default()
>
>
> _____________________________________________________________________________________________
> *** CID 646007: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 296 in
> dm_test_phy_common_props_tx_with_default()
> 290 unsigned int val;
> 291 int ret;
> 292
> 293 ut_assert(ofnode_valid(node));
> 294
> 295 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646007: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 296 ut_asserteq(0, ret);
> 297 ut_asserteq(PHY_POL_INVERT, val);
> 298
> 299 return 0;
> 300 }
> 301
>
> ** CID 646006: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 314 in
> dm_test_phy_common_props_tx_unsupported()
>
>
> _____________________________________________________________________________________________
> *** CID 646006: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 314 in
> dm_test_phy_common_props_tx_unsupported()
> 308 unsigned int val;
> 309 int ret;
> 310
> 311 ut_assert(ofnode_valid(node));
> 312
> 313 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646006: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 314 ut_asserteq(-EOPNOTSUPP, ret);
> 315
> 316 return 0;
> 317 }
> 318
>
> ** CID 646005: (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 111 in
> dm_test_phy_common_props_rx_find_by_name()
> /test/dm/phy_common_props.c: 105 in
> dm_test_phy_common_props_rx_find_by_name()
> /test/dm/phy_common_props.c: 101 in
> dm_test_phy_common_props_rx_find_by_name()
>
>
> _____________________________________________________________________________________________
> *** CID 646005: (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 111 in
> dm_test_phy_common_props_rx_find_by_name()
> 105 ut_asserteq(0, ret);
> 106 ut_asserteq(PHY_POL_INVERT, val);
> 107
> 108 /* "usb-ss" has PHY_POL_AUTO; auto is supported here */
> 109 ret = phy_get_rx_polarity(node, "usb-ss", BIT(PHY_POL_AUTO),
> 110 PHY_POL_AUTO, &val);
>>>> CID 646005: (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 111 ut_asserteq(0, ret);
> 112 ut_asserteq(PHY_POL_AUTO, val);
> 113
> 114 return 0;
> 115 }
> 116
> /test/dm/phy_common_props.c: 105 in
> dm_test_phy_common_props_rx_find_by_name()
> 99
> 100 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
> 101 ut_asserteq(0, ret);
> 102 ut_asserteq(PHY_POL_NORMAL, val);
> 103
> 104 ret = phy_get_manual_rx_polarity(node, "2500base-x", &val);
>>>> CID 646005: (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 105 ut_asserteq(0, ret);
> 106 ut_asserteq(PHY_POL_INVERT, val);
> 107
> 108 /* "usb-ss" has PHY_POL_AUTO; auto is supported here */
> 109 ret = phy_get_rx_polarity(node, "usb-ss", BIT(PHY_POL_AUTO),
> 110 PHY_POL_AUTO, &val);
> /test/dm/phy_common_props.c: 101 in
> dm_test_phy_common_props_rx_find_by_name()
> 95 unsigned int val;
> 96 int ret;
> 97
> 98 ut_assert(ofnode_valid(node));
> 99
> 100 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646005: (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 101 ut_asserteq(0, ret);
> 102 ut_asserteq(PHY_POL_NORMAL, val);
> 103
> 104 ret = phy_get_manual_rx_polarity(node, "2500base-x", &val);
> 105 ut_asserteq(0, ret);
> 106 ut_asserteq(PHY_POL_INVERT, val);
>
> ** CID 646004: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 183 in
> dm_test_phy_common_props_tx_missing()
>
>
> _____________________________________________________________________________________________
> *** CID 646004: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 183 in
> dm_test_phy_common_props_tx_missing()
> 177 unsigned int val;
> 178 int ret;
> 179
> 180 ut_assert(ofnode_valid(node));
> 181
> 182 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646004: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 183 ut_asserteq(0, ret);
> 184 ut_asserteq(PHY_POL_NORMAL, val);
> 185
> 186 return 0;
> 187 }
> 188
>
> ** CID 646003: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 49 in
> dm_test_phy_common_props_rx_more_values()
>
>
> _____________________________________________________________________________________________
> *** CID 646003: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 49 in
> dm_test_phy_common_props_rx_more_values()
> 43 unsigned int val;
> 44 int ret;
> 45
> 46 ut_assert(ofnode_valid(node));
> 47
> 48 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646003: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 49 ut_asserteq(-EINVAL, ret);
> 50
> 51 return 0;
> 52 }
> 53
> 54 DM_TEST(dm_test_phy_common_props_rx_more_values, UTF_SCAN_FDT);
>
> ** CID 646002: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 146 in
> dm_test_phy_common_props_rx_with_default()
>
>
> _____________________________________________________________________________________________
> *** CID 646002: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 146 in
> dm_test_phy_common_props_rx_with_default()
> 140 unsigned int val;
> 141 int ret;
> 142
> 143 ut_assert(ofnode_valid(node));
> 144
> 145 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646002: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 146 ut_asserteq(0, ret);
> 147 ut_asserteq(PHY_POL_INVERT, val);
> 148
> 149 return 0;
> 150 }
> 151
>
> ** CID 646001: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 66 in
> dm_test_phy_common_props_rx_single_value()
>
>
> _____________________________________________________________________________________________
> *** CID 646001: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 66 in
> dm_test_phy_common_props_rx_single_value()
> 60 unsigned int val;
> 61 int ret;
> 62
> 63 ut_assert(ofnode_valid(node));
> 64
> 65 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646001: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 66 ut_asserteq(0, ret);
> 67 ut_asserteq(PHY_POL_INVERT, val);
> 68
> 69 return 0;
> 70 }
> 71
>
> ** CID 646000: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 129 in
> dm_test_phy_common_props_rx_no_default()
>
>
> _____________________________________________________________________________________________
> *** CID 646000: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 129 in
> dm_test_phy_common_props_rx_no_default()
> 123 unsigned int val;
> 124 int ret;
> 125
> 126 ut_assert(ofnode_valid(node));
> 127
> 128 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 646000: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 129 ut_asserteq(-EINVAL, ret);
> 130
> 131 return 0;
> 132 }
> 133
> 134 DM_TEST(dm_test_phy_common_props_rx_no_default, UTF_SCAN_FDT);
>
> ** CID 645999: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 84 in
> dm_test_phy_common_props_rx_more_names()
>
>
> _____________________________________________________________________________________________
> *** CID 645999: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 84 in
> dm_test_phy_common_props_rx_more_names()
> 78 unsigned int val;
> 79 int ret;
> 80
> 81 ut_assert(ofnode_valid(node));
> 82
> 83 ret = phy_get_manual_rx_polarity(node, "sgmii", &val);
>>>> CID 645999: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 84 ut_asserteq(-EINVAL, ret);
> 85
> 86 return 0;
> 87 }
> 88
> 89 DM_TEST(dm_test_phy_common_props_rx_more_names, UTF_SCAN_FDT);
>
> ** CID 645998: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 218 in
> dm_test_phy_common_props_tx_single_value()
>
>
> _____________________________________________________________________________________________
> *** CID 645998: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 218 in
> dm_test_phy_common_props_tx_single_value()
> 212 unsigned int val;
> 213 int ret;
> 214
> 215 ut_assert(ofnode_valid(node));
> 216
> 217 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 645998: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 218 ut_asserteq(0, ret);
> 219 ut_asserteq(PHY_POL_INVERT, val);
> 220
> 221 return 0;
> 222 }
> 223
>
> ** CID 646014: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 201 in
> dm_test_phy_common_props_tx_more_values()
>
>
> _____________________________________________________________________________________________
> *** CID 646014: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 201 in
> dm_test_phy_common_props_tx_more_values()
> 195 unsigned int val;
> 196 int ret;
> 197
> 198 ut_assert(ofnode_valid(node));
> 199
> 200 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646014: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 201 ut_asserteq(-EINVAL, ret);
> 202
> 203 return 0;
> 204 }
> 205
> 206 DM_TEST(dm_test_phy_common_props_tx_more_values, UTF_SCAN_FDT);
>
> ** CID 646013: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 279 in
> dm_test_phy_common_props_tx_no_default()
>
>
> _____________________________________________________________________________________________
> *** CID 646013: Integer handling issues (INTEGER_OVERFLOW)
> /test/dm/phy_common_props.c: 279 in
> dm_test_phy_common_props_tx_no_default()
> 273 unsigned int val;
> 274 int ret;
> 275
> 276 ut_assert(ofnode_valid(node));
> 277
> 278 ret = phy_get_manual_tx_polarity(node, "sgmii", &val);
>>>> CID 646013: Integer handling issues (INTEGER_OVERFLOW)
>>>> Expression "_val2", where "ret" is known to be equal to -95, overflows the type of "_val2", which is type "unsigned int".
> 279 ut_asserteq(-EINVAL, ret);
> 280
> 281 return 0;
> 282 }
> 283
> 284 DM_TEST(dm_test_phy_common_props_tx_no_default, UTF_SCAN_FDT);
>
> ** CID 646012: (TAINTED_SCALAR)
> /drivers/phy/phy-common-props.c: 156 in ofnode_get_u32_prop_for_name()
>
>
> _____________________________________________________________________________________________
> *** CID 646012: (TAINTED_SCALAR)
> /drivers/phy/phy-common-props.c: 156 in
> ofnode_get_u32_prop_for_name()
> 150 props = calloc(n_props, sizeof(*props));
> 151 if (!props)
> 152 return -ENOMEM;
> 153
> 154 err = ofnode_read_u32_array(node, props_title, props, n_props);
> 155 if (err >= 0) {
>>>> CID 646012: (TAINTED_SCALAR)
>>>> Using tainted variable "idx" as an index to pointer "props".
> 156 *val = props[idx];
> 157 pr_debug("%s: resolved value %u at index %d for name '%s'
> from '%s'\n",
> 158 __func__, *val, idx, name, props_title);
> 159 } else {
> 160 pr_debug("%s: failed to read u32 array '%s' (err=%d)\n",
> 161 __func__, props_title, err);
> /drivers/phy/phy-common-props.c: 164 in
> ofnode_get_u32_prop_for_name()
> 158 __func__, *val, idx, name, props_title);
> 159 } else {
> 160 pr_debug("%s: failed to read u32 array '%s' (err=%d)\n",
> 161 __func__, props_title, err);
> 162 }
> 163
>>>> CID 646012: (TAINTED_SCALAR)
>>>> Passing tainted expression "*props" to "dlfree", which uses it as an offset.
> 164 free(props);
> 165
> 166 return err;
> 167 }
> 168
> 169 /**
>
>
>
> View Defects in Coverity Scan
> <https://scan.coverity.com/projects/das-u-boot?tab=overview>
>
> Best regards,
>
> The Coverity Scan Admin Team
>
> ----- End forwarded message -----
>
More information about the U-Boot
mailing list