From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de, Michal Simek <michal.simek@amd.com>
Subject: Fwd: New Defects reported by Coverity Scan for Das U-Boot
Date: Fri, 25 Jul 2025 07:26:45 -0600 [thread overview]
Message-ID: <20250725132645.GA1807455@bill-the-cat> (raw)
[-- Attachment #1: Type: text/plain, Size: 8942 bytes --]
Here's the latest report. These aren't new issues as much as they are
Coverity now looking at FPGA code issues.
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Thu, Jul 24, 2025 at 8:03 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to *Das U-Boot*
found with Coverity Scan.
- *New Defects Found:* 8
- 3 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
- *Defects Shown:* Showing 8 of 8 defect(s)
Defect Details
** CID 583150: Null pointer dereferences (NULL_RETURNS)
/drivers/fpga/xilinx.c: 54 in fpga_loadbitstream()
_____________________________________________________________________________________________
*** CID 583150: Null pointer dereferences (NULL_RETURNS)
/drivers/fpga/xilinx.c: 54 in fpga_loadbitstream()
48 xilinx_desc *xdesc;
49
50 dataptr = (unsigned char *)fpgadata;
51 /* Find out fpga_description */
52 desc = fpga_validate(devnum, dataptr, 0);
53 /* Assign xilinx device description */
>>> CID 583150: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing "desc", which is known to be "NULL".
54 xdesc = desc->devdesc;
55
56 /* skip the first bytes of the bitsteam, their meaning is unknown */
57 length = (*dataptr << 8) + *(dataptr + 1);
58 dataptr += 2;
59 dataptr += length;
** CID 583149: Control flow issues (DEADCODE)
/drivers/fpga/ACEX1K.c: 226 in ACEX1K_ps_load()
_____________________________________________________________________________________________
*** CID 583149: Control flow issues (DEADCODE)
/drivers/fpga/ACEX1K.c: 226 in ACEX1K_ps_load()
220
221 #ifdef CONFIG_SYS_FPGA_PROG_FEEDBACK
222 if (ret_val == FPGA_SUCCESS) {
223 puts ("Done.\n");
224 }
225 else {
>>> CID 583149: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "puts("Fail.\n");".
226 puts ("Fail.\n");
227 }
228 #endif
229 (*fn->post) (cookie);
230
231 } else {
** CID 583148: Control flow issues (DEADCODE)
/drivers/fpga/cyclon2.c: 180 in CYC2_ps_load()
_____________________________________________________________________________________________
*** CID 583148: Control flow issues (DEADCODE)
/drivers/fpga/cyclon2.c: 180 in CYC2_ps_load()
174 ret_val = FPGA_SUCCESS;
175
176 #ifdef CONFIG_SYS_FPGA_PROG_FEEDBACK
177 if (ret_val == FPGA_SUCCESS)
178 puts("Done.\n");
179 else
>>> CID 583148: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "puts("Fail.\n");".
180 puts("Fail.\n");
181 #endif
182
183 /*
184 * Run the post configuration function if there is one.
185 */
** CID 583147: Integer handling issues (NEGATIVE_RETURNS)
_____________________________________________________________________________________________
*** CID 583147: Integer handling issues (NEGATIVE_RETURNS)
/cmd/fpga.c: 305 in do_fpga_loadmk()
299 #if defined(CONFIG_GZIP)
300 ulong image_buf = image_get_data(hdr);
301 ulong image_size = ~0UL;
302
303 data = image_get_load(hdr);
304
>>> CID 583147: Integer handling issues (NEGATIVE_RETURNS)
>>> A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
305 if (gunzip((void *)data, ~0U, (void *)image_buf,
306 &image_size) != 0) {
307 log_err("Gunzip error\n");
308 return CMD_RET_FAILURE;
309 }
310 data_size = image_size;
** CID 583146: Control flow issues (DEADCODE)
/drivers/fpga/ivm_core.c: 1306 in ispVMDataCode()
_____________________________________________________________________________________________
*** CID 583146: Control flow issues (DEADCODE)
/drivers/fpga/ivm_core.c: 1306 in ispVMDataCode()
1300 /*
1301 * Encountered invalid opcode.
1302 */
1303
1304 return VME_INVALID_FILE;
1305 } else {
>>> CID 583146: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return 0;".
1306 return 0;
1307 }
1308 }
1309
1310 /*
1311 *
** CID 583145: (INTEGER_OVERFLOW)
/drivers/fpga/ivm_core.c: 1959 in ispVMBitShift()
/drivers/fpga/ivm_core.c: 1974 in ispVMBitShift()
_____________________________________________________________________________________________
*** CID 583145: (INTEGER_OVERFLOW)
/drivers/fpga/ivm_core.c: 1959 in ispVMBitShift()
1953 for (i = 0; i < size; i++) {
1954 if (g_pucInData[i] != 0) {
1955 tmpbits = bits;
1956 while (tmpbits > 0) {
1957 g_pucInData[i] <<= 1;
1958 if (g_pucInData[i] == 0) {
>>> CID 583145: (INTEGER_OVERFLOW)
>>> Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "unsigned short".
1959 i--;
1960 g_pucInData[i] = 1;
1961 }
1962 tmpbits--;
1963 }
1964 }
/drivers/fpga/ivm_core.c: 1974 in ispVMBitShift()
1968 for (i = 0; i < size; i++) {
1969 if (g_pucInData[i] != 0) {
1970 tmpbits = bits;
1971 while (tmpbits > 0) {
1972 g_pucInData[i] >>= 1;
1973 if (g_pucInData[i] == 0) {
>>> CID 583145: (INTEGER_OVERFLOW)
>>> Expression "i--", where "i" is known to be equal to 0, underflows the type of "i--", which is type "unsigned short".
1974 i--;
1975 g_pucInData[i] = 8;
1976 }
1977 tmpbits--;
1978 }
1979 }
** CID 583144: Null pointer dereferences (FORWARD_NULL)
/drivers/fpga/ivm_core.c: 2406 in ispVMBypass()
_____________________________________________________________________________________________
*** CID 583144: Null pointer dereferences (FORWARD_NULL)
/drivers/fpga/ivm_core.c: 2406 in ispVMBypass()
2400
2401 iSourceIndex = 0;
2402 cBitState = 0;
2403 for (iIndex = 0; iIndex < Bits - 1; iIndex++) {
2404 /* Scan instruction or bypass register */
2405 if (iIndex % 8 == 0) {
>>> CID 583144: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "pcSource".
2406 cCurByte = pcSource[iSourceIndex++];
2407 }
2408 cBitState = (unsigned char) (((cCurByte << iIndex % 8) & 0x80)
2409 ? 0x01 : 0x00);
2410 writePort(g_ucPinTDI, cBitState);
2411 sclock();
** CID 583143: (OVERRUN)
/drivers/fpga/ivm_core.c: 2455 in ispVMStateMachine()
/drivers/fpga/ivm_core.c: 2458 in ispVMStateMachine()
_____________________________________________________________________________________________
*** CID 583143: (OVERRUN)
/drivers/fpga/ivm_core.c: 2455 in ispVMStateMachine()
2449 g_JTAGTransistions[cStateIndex].NextState)) {
2450 break;
2451 }
2452 }
2453
2454 g_cCurrentJTAGState = cNextJTAGState;
>>> CID 583143: (OVERRUN)
>>> Overrunning array "g_JTAGTransistions" of 25 4-byte elements at element index 25 (byte offset 103) using index "cStateIndex" (which evaluates to 25).
2455 for (cPathIndex = 0;
2456 cPathIndex < g_JTAGTransistions[cStateIndex].Pulses;
2457 cPathIndex++) {
2458 if ((g_JTAGTransistions[cStateIndex].Pattern << cPathIndex)
2459 & 0x80) {
2460 writePort(g_ucPinTMS, (unsigned char) 0x01);
/drivers/fpga/ivm_core.c: 2458 in ispVMStateMachine()
2452 }
2453
2454 g_cCurrentJTAGState = cNextJTAGState;
2455 for (cPathIndex = 0;
2456 cPathIndex < g_JTAGTransistions[cStateIndex].Pulses;
2457 cPathIndex++) {
>>> CID 583143: (OVERRUN)
>>> Overrunning array "g_JTAGTransistions" of 25 4-byte elements at element index 25 (byte offset 103) using index "cStateIndex" (which evaluates to 25).
2458 if ((g_JTAGTransistions[cStateIndex].Pattern << cPathIndex)
2459 & 0x80) {
2460 writePort(g_ucPinTMS, (unsigned char) 0x01);
2461 } else {
2462 writePort(g_ucPinTMS, (unsigned char) 0x00);
2463 }
View Defects in Coverity Scan
<https://scan.coverity.com/projects/das-u-boot?tab=overview>
Best regards,
The Coverity Scan Admin Team
----- End forwarded message -----
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next reply other threads:[~2025-07-25 13:26 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-25 13:26 Tom Rini [this message]
2025-07-25 13:34 ` Fwd: New Defects reported by Coverity Scan for Das U-Boot Michal Simek
2025-08-04 9:11 ` Alexander Dahl
-- strict thread matches above, loose matches on Subject: below --
2026-05-11 22:35 Tom Rini
2026-05-08 23:42 Tom Rini
2026-05-14 15:39 ` Lucien.Jheng
2026-04-28 14:04 Tom Rini
2026-04-29 6:31 ` Michal Simek
2026-05-01 22:51 ` Raymond Mao
2026-05-12 8:44 ` Christian Pötzsch
2026-05-12 18:38 ` Tom Rini
2026-04-06 19:12 Tom Rini
2026-03-09 21:23 Tom Rini
2026-03-09 22:05 ` Raphaël Gallais-Pou
2026-03-09 22:13 ` Tom Rini
2026-02-23 19:51 Tom Rini
2026-02-13 22:09 Tom Rini
2026-02-18 23:02 ` Chris Morgan
2026-02-20 16:11 ` Tom Rini
2026-02-20 16:23 ` Chris Morgan
2026-01-16 19:43 Tom Rini
2026-02-09 11:05 ` Guillaume La Roque
2026-02-20 16:11 ` Tom Rini
2026-01-06 20:36 Tom Rini
2026-01-05 23:58 Tom Rini
2026-01-06 9:37 ` Mattijs Korpershoek
2026-01-06 17:15 ` Tom Rini
2026-01-06 10:03 ` Heiko Schocher
2025-12-08 19:38 Tom Rini
2025-11-23 19:03 Tom Rini
2025-11-10 18:55 Tom Rini
2025-10-11 18:06 Tom Rini
2025-10-12 14:22 ` Mikhail Kshevetskiy
2025-10-12 19:07 ` Tom Rini
2025-11-01 6:32 ` Mikhail Kshevetskiy
2025-11-03 15:17 ` Tom Rini
2025-11-03 15:24 ` Michael Nazzareno Trimarchi
2025-08-06 18:35 Tom Rini
2025-08-07 9:17 ` Heiko Schocher
2025-08-08 3:37 ` Maniyam, Dinesh
2025-08-08 4:01 ` Heiko Schocher
2025-07-29 16:32 Tom Rini
2025-07-14 23:29 Tom Rini
2025-07-15 13:45 ` Rasmus Villemoes
2025-07-08 14:10 Tom Rini
2025-04-28 21:59 Tom Rini
2025-04-29 12:07 ` Jerome Forissier
2025-04-30 16:50 ` Marek Vasut
2025-04-30 17:01 ` Tom Rini
2025-04-30 18:23 ` Heinrich Schuchardt
2025-04-30 19:14 ` Tom Rini
2025-03-11 1:49 Tom Rini
2025-02-25 2:39 Tom Rini
2025-02-25 6:06 ` Heiko Schocher
2025-02-25 10:48 ` Quentin Schulz
2025-02-25 10:54 ` Heiko Schocher
2025-02-10 22:26 Tom Rini
2025-02-11 6:14 ` Heiko Schocher
2025-02-11 22:30 ` Tom Rini
2024-12-31 13:55 Tom Rini
2024-12-24 17:14 Tom Rini
2024-11-15 13:27 Tom Rini
2024-11-12 2:11 Tom Rini
2024-10-28 3:11 Tom Rini
2024-10-19 16:16 Tom Rini
2024-10-16 3:47 Tom Rini
2024-10-16 5:56 ` Tudor Ambarus
2024-10-07 17:15 Tom Rini
2024-07-23 14:18 Tom Rini
2024-07-24 9:21 ` Mattijs Korpershoek
2024-07-24 9:45 ` Heinrich Schuchardt
2024-07-24 9:56 ` Mattijs Korpershoek
2024-07-24 10:06 ` Heinrich Schuchardt
2024-07-24 22:40 ` Tom Rini
2024-07-25 8:04 ` Mattijs Korpershoek
2024-07-25 17:16 ` Tom Rini
2024-07-24 9:53 ` Mattijs Korpershoek
2024-04-22 21:48 Tom Rini
2024-01-29 23:55 Tom Rini
2024-01-30 8:14 ` Heinrich Schuchardt
[not found] <20240127154018.GC785631@bill-the-cat>
2024-01-27 20:56 ` Heinrich Schuchardt
2024-01-28 8:51 ` Heinrich Schuchardt
2024-01-22 23:52 Tom Rini
2024-01-22 23:30 Tom Rini
2024-01-23 8:15 ` Hugo Cornelis
[not found] <65a933ab652b3_da12cbd3e77f998728e5@prd-scan-dashboard-0.mail>
2024-01-19 8:47 ` Heinrich Schuchardt
2024-01-18 14:35 Tom Rini
2024-01-08 17:45 Tom Rini
2024-01-09 5:26 ` Sean Anderson
2024-01-09 22:18 ` Tom Rini
2023-08-21 21:09 Tom Rini
2023-08-24 9:27 ` Abdellatif El Khlifi
2023-08-28 16:09 ` Alvaro Fernando García
2023-08-28 16:11 ` Tom Rini
2023-10-20 11:57 ` Abdellatif El Khlifi
2023-10-25 14:57 ` Tom Rini
2023-10-25 15:12 ` Abdellatif El Khlifi
2023-10-25 15:15 ` Tom Rini
2023-10-31 14:21 ` Abdellatif El Khlifi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250725132645.GA1807455@bill-the-cat \
--to=trini@konsulko.com \
--cc=michal.simek@amd.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.