From: Tom Rini <trini@konsulko.com>
To: Marek Vasut <marex@denx.de>
Cc: u-boot@lists.denx.de,
Jerome Forissier <jerome.forissier@linaro.org>,
Varadarajan Narayanan <quic_varada@quicinc.com>,
Casey Connolly <casey.connolly@linaro.org>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Patrick Rudolph <patrick.rudolph@9elements.com>,
Adriano Cordova <adrianox@gmail.com>,
Paul HENRYS <paul.henrys_ext@softathome.com>,
Daniel Golle <daniel@makrotopia.org>,
Simon Glass <sjg@chromium.org>
Subject: Re: Fwd: New Defects reported by Coverity Scan for Das U-Boot
Date: Wed, 30 Apr 2025 11:01:37 -0600 [thread overview]
Message-ID: <20250430170137.GW1261075@bill-the-cat> (raw)
In-Reply-To: <19a791c9-19b9-47cd-9444-24846ae5c222@denx.de>
[-- Attachment #1: Type: text/plain, Size: 3395 bytes --]
On Wed, Apr 30, 2025 at 06:50:50PM +0200, Marek Vasut wrote:
> On 4/28/25 11:59 PM, Tom Rini wrote:
> > ________________________________________________________________________________________________________
> > *** CID 550306: Control flow issues (DEADCODE)
> > /fs/exfat/io.c: 547 in exfat_generic_pwrite()
> > 541 int rc;
> > 542 cluster_t cluster;
> > 543 const char* bufp = buffer;
> > 544 off_t lsize, loffset, remainder;
> > 545
> > 546 if (offset < 0)
> > > > > CID 550306: Control flow issues (DEADCODE)
> > > > > Execution cannot reach this statement: "return -22L;".
> > 547 return -EINVAL;
> > 548 if (uoffset > node->size)
> > 549 {
> > 550 rc = exfat_truncate(ef, node, uoffset, true);
> > 551 if (rc != 0)
> > 552 return rc;
>
> This one is I think false positive, off_t can be signed integer, so the
> check should be in place.
I've updated Coverity with this comment.
> > ** CID 550305: Security best practices violations (STRING_OVERFLOW)
> > /fs/exfat/io.c: 739 in exfat_fs_opendir()
> >
> >
> > ________________________________________________________________________________________________________
> > *** CID 550305: Security best practices violations (STRING_OVERFLOW)
> > /fs/exfat/io.c: 739 in exfat_fs_opendir()
> > 733 return err;
> > 734
> > 735 dirs = calloc(1, sizeof(*dirs));
> > 736 if (!dirs)
> > 737 return -ENOMEM;
> > 738
> > > > > CID 550305: Security best practices violations (STRING_OVERFLOW)
> > > > > You might overrun the 1024-character fixed-size string
> > "dirs->dirname" by copying "filename" without checking the length.
> > 739 strcpy(dirs->dirname, filename);
> > 740 dirs->offset = -1;
> > 741
> > 742 *dirsp = &dirs->fs_dirs;
> > 743
> > 744 return 0;
> >
> > ** CID 550304: Error handling issues (NEGATIVE_RETURNS)
> > /tools/fit_check_sign.c: 98 in main()
>
> Fixed:
>
> https://patchwork.ozlabs.org/project/uboot/patch/20250430164559.27095-1-marex@denx.de/
>
> > ________________________________________________________________________________________________________
> > *** CID 550300: Integer handling issues (INTEGER_OVERFLOW)
> > /fs/exfat/utils.c: 146 in exfat_humanize_bytes()
> > 140 /* 16 EB (minus 1 byte) is the largest size that can be
> > represented by
> > 141 uint64_t */
> > 142 const char* units[] = {"bytes", "KB", "MB", "GB", "TB",
> > "PB", "EB"};
> > 143 uint64_t divisor = 1;
> > 144 uint64_t temp = 0;
> > 145
> > > > > CID 550300: Integer handling issues (INTEGER_OVERFLOW)
> > > > > Expression "divisor", overflows the type of "divisor", which is
> > type "uint64_t".
> > 146 for (i = 0; ; i++, divisor *= 1024)
> > 147 {
> > 148 temp = (value + divisor / 2) / divisor;
> > 149
> > 150 if (temp == 0)
> > 151 break;
> Fixed:
>
> https://patchwork.ozlabs.org/project/uboot/patch/20250430164559.27095-2-marex@denx.de/
Thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2025-04-30 17:01 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-28 21:59 Fwd: New Defects reported by Coverity Scan for Das U-Boot Tom Rini
2025-04-29 12:07 ` Jerome Forissier
2025-04-30 16:50 ` Marek Vasut
2025-04-30 17:01 ` Tom Rini [this message]
2025-04-30 18:23 ` Heinrich Schuchardt
2025-04-30 19:14 ` Tom Rini
-- strict thread matches above, loose matches on Subject: below --
2026-05-11 22:35 Tom Rini
2026-05-08 23:42 Tom Rini
2026-05-14 15:39 ` Lucien.Jheng
2026-04-28 14:04 Tom Rini
2026-04-29 6:31 ` Michal Simek
2026-05-01 22:51 ` Raymond Mao
2026-05-12 8:44 ` Christian Pötzsch
2026-05-12 18:38 ` Tom Rini
2026-04-06 19:12 Tom Rini
2026-03-09 21:23 Tom Rini
2026-03-09 22:05 ` Raphaël Gallais-Pou
2026-03-09 22:13 ` Tom Rini
2026-02-23 19:51 Tom Rini
2026-02-13 22:09 Tom Rini
2026-02-18 23:02 ` Chris Morgan
2026-02-20 16:11 ` Tom Rini
2026-02-20 16:23 ` Chris Morgan
2026-01-16 19:43 Tom Rini
2026-02-09 11:05 ` Guillaume La Roque
2026-02-20 16:11 ` Tom Rini
2026-01-06 20:36 Tom Rini
2026-01-05 23:58 Tom Rini
2026-01-06 9:37 ` Mattijs Korpershoek
2026-01-06 17:15 ` Tom Rini
2026-01-06 10:03 ` Heiko Schocher
2025-12-08 19:38 Tom Rini
2025-11-23 19:03 Tom Rini
2025-11-10 18:55 Tom Rini
2025-10-11 18:06 Tom Rini
2025-10-12 14:22 ` Mikhail Kshevetskiy
2025-10-12 19:07 ` Tom Rini
2025-11-01 6:32 ` Mikhail Kshevetskiy
2025-11-03 15:17 ` Tom Rini
2025-11-03 15:24 ` Michael Nazzareno Trimarchi
2025-08-06 18:35 Tom Rini
2025-08-07 9:17 ` Heiko Schocher
2025-08-08 3:37 ` Maniyam, Dinesh
2025-08-08 4:01 ` Heiko Schocher
2025-07-29 16:32 Tom Rini
2025-07-25 13:26 Tom Rini
2025-07-25 13:34 ` Michal Simek
2025-08-04 9:11 ` Alexander Dahl
2025-07-14 23:29 Tom Rini
2025-07-15 13:45 ` Rasmus Villemoes
2025-07-08 14:10 Tom Rini
2025-03-11 1:49 Tom Rini
2025-02-25 2:39 Tom Rini
2025-02-25 6:06 ` Heiko Schocher
2025-02-25 10:48 ` Quentin Schulz
2025-02-25 10:54 ` Heiko Schocher
2025-02-10 22:26 Tom Rini
2025-02-11 6:14 ` Heiko Schocher
2025-02-11 22:30 ` Tom Rini
2024-12-31 13:55 Tom Rini
2024-12-24 17:14 Tom Rini
2024-11-15 13:27 Tom Rini
2024-11-12 2:11 Tom Rini
2024-10-28 3:11 Tom Rini
2024-10-19 16:16 Tom Rini
2024-10-16 3:47 Tom Rini
2024-10-16 5:56 ` Tudor Ambarus
2024-10-07 17:15 Tom Rini
2024-07-23 14:18 Tom Rini
2024-07-24 9:21 ` Mattijs Korpershoek
2024-07-24 9:45 ` Heinrich Schuchardt
2024-07-24 9:56 ` Mattijs Korpershoek
2024-07-24 10:06 ` Heinrich Schuchardt
2024-07-24 22:40 ` Tom Rini
2024-07-25 8:04 ` Mattijs Korpershoek
2024-07-25 17:16 ` Tom Rini
2024-07-24 9:53 ` Mattijs Korpershoek
2024-04-22 21:48 Tom Rini
2024-01-29 23:55 Tom Rini
2024-01-30 8:14 ` Heinrich Schuchardt
[not found] <20240127154018.GC785631@bill-the-cat>
2024-01-27 20:56 ` Heinrich Schuchardt
2024-01-28 8:51 ` Heinrich Schuchardt
2024-01-22 23:52 Tom Rini
2024-01-22 23:30 Tom Rini
2024-01-23 8:15 ` Hugo Cornelis
[not found] <65a933ab652b3_da12cbd3e77f998728e5@prd-scan-dashboard-0.mail>
2024-01-19 8:47 ` Heinrich Schuchardt
2024-01-18 14:35 Tom Rini
2024-01-08 17:45 Tom Rini
2024-01-09 5:26 ` Sean Anderson
2024-01-09 22:18 ` Tom Rini
2023-08-21 21:09 Tom Rini
2023-08-24 9:27 ` Abdellatif El Khlifi
2023-08-28 16:09 ` Alvaro Fernando García
2023-08-28 16:11 ` Tom Rini
2023-10-20 11:57 ` Abdellatif El Khlifi
2023-10-25 14:57 ` Tom Rini
2023-10-25 15:12 ` Abdellatif El Khlifi
2023-10-25 15:15 ` Tom Rini
2023-10-31 14:21 ` Abdellatif El Khlifi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250430170137.GW1261075@bill-the-cat \
--to=trini@konsulko.com \
--cc=adrianox@gmail.com \
--cc=casey.connolly@linaro.org \
--cc=daniel@makrotopia.org \
--cc=jerome.forissier@linaro.org \
--cc=marex@denx.de \
--cc=patrick.rudolph@9elements.com \
--cc=paul.henrys_ext@softathome.com \
--cc=quic_varada@quicinc.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.