From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Cc: James Hilliard <james.hilliard1@gmail.com>,
Marek Vasut <marek.vasut@mailbox.org>
Subject: Fwd: New Defects reported by Coverity Scan for Das U-Boot
Date: Mon, 23 Feb 2026 13:51:09 -0600 [thread overview]
Message-ID: <20260223195109.GG3233182@bill-the-cat> (raw)
[-- Attachment #1: Type: text/plain, Size: 4672 bytes --]
Hey all,
Looks like Coverity is a little unhappy about the FIT alignment fixes,
but I'm not sure yet if we can just mark them as intentional and already
safety checked inputs or not.
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Mon, Feb 23, 2026 at 1:34 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to *Das U-Boot*
found with Coverity Scan.
- *New Defects Found:* 1
- 1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
- *Defects Shown:* Showing 1 of 1 defect(s)
Defect Details
** CID 644638: (TAINTED_SCALAR)
_____________________________________________________________________________________________
*** CID 644638: (TAINTED_SCALAR)
/boot/image-fit.c: 2410 in boot_get_fdt_fit_into_buffer()
2404 */
2405 if (dstlen >= newdstlen && dstbuf == fdtsrcbuf)
2406 goto out;
2407
2408 /* Try to reuse existing destination buffer if it is large enough. */
2409 if (dstbuf && dstlen >= newdstlen) {
>>> CID 644638: (TAINTED_SCALAR)
>>> Passing tainted expression "fdtsrcbuf->size_dt_strings" to "fdt_open_into", which uses it as an offset.
2410 err = fdt_open_into(fdtsrcbuf, dstbuf, dstlen);
2411 goto out;
2412 }
2413
2414 newdstbuf = memalign(8, newdstlen);
2415 if (!newdstbuf) {
/boot/image-fit.c: 2420 in boot_get_fdt_fit_into_buffer()
2414 newdstbuf = memalign(8, newdstlen);
2415 if (!newdstbuf) {
2416 err = -ENOMEM;
2417 goto out;
2418 }
2419
>>> CID 644638: (TAINTED_SCALAR)
>>> Passing tainted expression "fdtsrcbuf->size_dt_struct" to "fdt_open_into", which uses it as an offset.
2420 err = fdt_open_into(fdtsrcbuf, newdstbuf, newdstlen);
2421 if (err < 0)
2422 goto out;
2423
2424 free(dstbuf);
2425 *fdtdstbuf = newdstbuf;
/boot/image-fit.c: 2420 in boot_get_fdt_fit_into_buffer()
2414 newdstbuf = memalign(8, newdstlen);
2415 if (!newdstbuf) {
2416 err = -ENOMEM;
2417 goto out;
2418 }
2419
>>> CID 644638: (TAINTED_SCALAR)
>>> Passing tainted expression "fdtsrcbuf->size_dt_strings" to "fdt_open_into", which uses it as an offset.
2420 err = fdt_open_into(fdtsrcbuf, newdstbuf, newdstlen);
2421 if (err < 0)
2422 goto out;
2423
2424 free(dstbuf);
2425 *fdtdstbuf = newdstbuf;
/boot/image-fit.c: 2420 in boot_get_fdt_fit_into_buffer()
2414 newdstbuf = memalign(8, newdstlen);
2415 if (!newdstbuf) {
2416 err = -ENOMEM;
2417 goto out;
2418 }
2419
>>> CID 644638: (TAINTED_SCALAR)
>>> Passing tainted expression "fdtsrcbuf->totalsize" to "fdt_open_into", which uses it as an offset.
2420 err = fdt_open_into(fdtsrcbuf, newdstbuf, newdstlen);
2421 if (err < 0)
2422 goto out;
2423
2424 free(dstbuf);
2425 *fdtdstbuf = newdstbuf;
/boot/image-fit.c: 2410 in boot_get_fdt_fit_into_buffer()
2404 */
2405 if (dstlen >= newdstlen && dstbuf == fdtsrcbuf)
2406 goto out;
2407
2408 /* Try to reuse existing destination buffer if it is large enough. */
2409 if (dstbuf && dstlen >= newdstlen) {
>>> CID 644638: (TAINTED_SCALAR)
>>> Passing tainted expression "fdtsrcbuf->totalsize" to "fdt_open_into", which uses it as an offset.
2410 err = fdt_open_into(fdtsrcbuf, dstbuf, dstlen);
2411 goto out;
2412 }
2413
2414 newdstbuf = memalign(8, newdstlen);
2415 if (!newdstbuf) {
/boot/image-fit.c: 2410 in boot_get_fdt_fit_into_buffer()
2404 */
2405 if (dstlen >= newdstlen && dstbuf == fdtsrcbuf)
2406 goto out;
2407
2408 /* Try to reuse existing destination buffer if it is large enough. */
2409 if (dstbuf && dstlen >= newdstlen) {
>>> CID 644638: (TAINTED_SCALAR)
>>> Passing tainted expression "fdtsrcbuf->size_dt_struct" to "fdt_open_into", which uses it as an offset.
2410 err = fdt_open_into(fdtsrcbuf, dstbuf, dstlen);
2411 goto out;
2412 }
2413
2414 newdstbuf = memalign(8, newdstlen);
2415 if (!newdstbuf) {
View Defects in Coverity Scan
<https://scan.coverity.com/projects/das-u-boot?tab=overview>
Best regards,
The Coverity Scan Admin Team
----- End forwarded message -----
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next reply other threads:[~2026-02-23 19:51 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-23 19:51 Tom Rini [this message]
-- strict thread matches above, loose matches on Subject: below --
2026-05-11 22:35 Fwd: New Defects reported by Coverity Scan for Das U-Boot Tom Rini
2026-05-08 23:42 Tom Rini
2026-05-14 15:39 ` Lucien.Jheng
2026-04-28 14:04 Tom Rini
2026-04-29 6:31 ` Michal Simek
2026-05-01 22:51 ` Raymond Mao
2026-05-12 8:44 ` Christian Pötzsch
2026-05-12 18:38 ` Tom Rini
2026-04-06 19:12 Tom Rini
2026-03-09 21:23 Tom Rini
2026-03-09 22:05 ` Raphaël Gallais-Pou
2026-03-09 22:13 ` Tom Rini
2026-02-13 22:09 Tom Rini
2026-02-18 23:02 ` Chris Morgan
2026-02-20 16:11 ` Tom Rini
2026-02-20 16:23 ` Chris Morgan
2026-01-16 19:43 Tom Rini
2026-02-09 11:05 ` Guillaume La Roque
2026-02-20 16:11 ` Tom Rini
2026-01-06 20:36 Tom Rini
2026-01-05 23:58 Tom Rini
2026-01-06 9:37 ` Mattijs Korpershoek
2026-01-06 17:15 ` Tom Rini
2026-01-06 10:03 ` Heiko Schocher
2025-12-08 19:38 Tom Rini
2025-11-23 19:03 Tom Rini
2025-11-10 18:55 Tom Rini
2025-10-11 18:06 Tom Rini
2025-10-12 14:22 ` Mikhail Kshevetskiy
2025-10-12 19:07 ` Tom Rini
2025-11-01 6:32 ` Mikhail Kshevetskiy
2025-11-03 15:17 ` Tom Rini
2025-11-03 15:24 ` Michael Nazzareno Trimarchi
2025-08-06 18:35 Tom Rini
2025-08-07 9:17 ` Heiko Schocher
2025-08-08 3:37 ` Maniyam, Dinesh
2025-08-08 4:01 ` Heiko Schocher
2025-07-29 16:32 Tom Rini
2025-07-25 13:26 Tom Rini
2025-07-25 13:34 ` Michal Simek
2025-08-04 9:11 ` Alexander Dahl
2025-07-14 23:29 Tom Rini
2025-07-15 13:45 ` Rasmus Villemoes
2025-07-08 14:10 Tom Rini
2025-04-28 21:59 Tom Rini
2025-04-29 12:07 ` Jerome Forissier
2025-04-30 16:50 ` Marek Vasut
2025-04-30 17:01 ` Tom Rini
2025-04-30 18:23 ` Heinrich Schuchardt
2025-04-30 19:14 ` Tom Rini
2025-03-11 1:49 Tom Rini
2025-02-25 2:39 Tom Rini
2025-02-25 6:06 ` Heiko Schocher
2025-02-25 10:48 ` Quentin Schulz
2025-02-25 10:54 ` Heiko Schocher
2025-02-10 22:26 Tom Rini
2025-02-11 6:14 ` Heiko Schocher
2025-02-11 22:30 ` Tom Rini
2024-12-31 13:55 Tom Rini
2024-12-24 17:14 Tom Rini
2024-11-15 13:27 Tom Rini
2024-11-12 2:11 Tom Rini
2024-10-28 3:11 Tom Rini
2024-10-19 16:16 Tom Rini
2024-10-16 3:47 Tom Rini
2024-10-16 5:56 ` Tudor Ambarus
2024-10-07 17:15 Tom Rini
2024-07-23 14:18 Tom Rini
2024-07-24 9:21 ` Mattijs Korpershoek
2024-07-24 9:45 ` Heinrich Schuchardt
2024-07-24 9:56 ` Mattijs Korpershoek
2024-07-24 10:06 ` Heinrich Schuchardt
2024-07-24 22:40 ` Tom Rini
2024-07-25 8:04 ` Mattijs Korpershoek
2024-07-25 17:16 ` Tom Rini
2024-07-24 9:53 ` Mattijs Korpershoek
2024-04-22 21:48 Tom Rini
2024-01-29 23:55 Tom Rini
2024-01-30 8:14 ` Heinrich Schuchardt
[not found] <20240127154018.GC785631@bill-the-cat>
2024-01-27 20:56 ` Heinrich Schuchardt
2024-01-28 8:51 ` Heinrich Schuchardt
2024-01-22 23:52 Tom Rini
2024-01-22 23:30 Tom Rini
2024-01-23 8:15 ` Hugo Cornelis
[not found] <65a933ab652b3_da12cbd3e77f998728e5@prd-scan-dashboard-0.mail>
2024-01-19 8:47 ` Heinrich Schuchardt
2024-01-18 14:35 Tom Rini
2024-01-08 17:45 Tom Rini
2024-01-09 5:26 ` Sean Anderson
2024-01-09 22:18 ` Tom Rini
2023-08-21 21:09 Tom Rini
2023-08-24 9:27 ` Abdellatif El Khlifi
2023-08-28 16:09 ` Alvaro Fernando García
2023-08-28 16:11 ` Tom Rini
2023-10-20 11:57 ` Abdellatif El Khlifi
2023-10-25 14:57 ` Tom Rini
2023-10-25 15:12 ` Abdellatif El Khlifi
2023-10-25 15:15 ` Tom Rini
2023-10-31 14:21 ` Abdellatif El Khlifi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260223195109.GG3233182@bill-the-cat \
--to=trini@konsulko.com \
--cc=james.hilliard1@gmail.com \
--cc=marek.vasut@mailbox.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.