[U-Boot] [PATCH] libfdt: Initialize the stack variable

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[tien.fong.chee at intel.com]

From: Tien Fong Chee <tien.fong.chee@intel.com>

Report Coverity log:
The code uses a variable that has not
been initialized, leading to unpredictable
or unintended results.

Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
---
 lib/libfdt/fdt_wip.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
index 45fb964..01adad0 100644
--- a/lib/libfdt/fdt_wip.c
+++ b/lib/libfdt/fdt_wip.c
@@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
 		     struct fdt_region region[], int max_regions,
 		     char *path, int path_len, int add_string_tab)
 {
-	int stack[FDT_MAX_DEPTH];
+	int stack[FDT_MAX_DEPTH] = { 0 };
 	char *end;
 	int nextoffset = 0;
 	uint32_t tag;
-- 
1.7.7.4

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[Tom Rini]

On Thu, Aug 24, 2017 at 01:53:57PM +0800, tien.fong.chee at intel.com wrote:

> From: Tien Fong Chee <tien.fong.chee@intel.com>
> 
> Report Coverity log:
> The code uses a variable that has not
> been initialized, leading to unpredictable
> or unintended results.
> 
> Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
> ---
>  lib/libfdt/fdt_wip.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
> index 45fb964..01adad0 100644
> --- a/lib/libfdt/fdt_wip.c
> +++ b/lib/libfdt/fdt_wip.c
> @@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
>  		     struct fdt_region region[], int max_regions,
>  		     char *path, int path_len, int add_string_tab)
>  {
> -	int stack[FDT_MAX_DEPTH];
> +	int stack[FDT_MAX_DEPTH] = { 0 };
>  	char *end;
>  	int nextoffset = 0;
>  	uint32_t tag;

Since this comes from libfdt, have you checked there as well?  And in
general, we use a Reported-by: Coverity (CID: xxxx) for issues.  BTW, if
you would like access to the community version of Coverity, please sign
up at https://scan.coverity.com/projects/das-u-boot?tab=overview thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20170824/f831b64e/attachment.sig>

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[Chee, Tien Fong]

On Kha, 2017-08-24 at 21:04 -0400, Tom Rini wrote:
> On Thu, Aug 24, 2017 at 01:53:57PM +0800, tien.fong.chee at intel.com
> wrote:
> 
> > 
> > From: Tien Fong Chee <tien.fong.chee@intel.com>
> > 
> > Report Coverity log:
> > The code uses a variable that has not
> > been initialized, leading to unpredictable
> > or unintended results.
> > 
> > Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
> > ---
> >  lib/libfdt/fdt_wip.c |    2 +-
> >  1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
> > index 45fb964..01adad0 100644
> > --- a/lib/libfdt/fdt_wip.c
> > +++ b/lib/libfdt/fdt_wip.c
> > @@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char *
> > const inc[], int inc_count,
> >  		     struct fdt_region region[], int max_regions,
> >  		     char *path, int path_len, int add_string_tab)
> >  {
> > -	int stack[FDT_MAX_DEPTH];
> > +	int stack[FDT_MAX_DEPTH] = { 0 };
> >  	char *end;
> >  	int nextoffset = 0;
> >  	uint32_t tag;
> Since this comes from libfdt, have you checked there as well?  And in
> general, we use a Reported-by: Coverity (CID: xxxx) for issues.  BTW,
> if
> you would like access to the community version of Coverity, please
> sign
> up at https://scan.coverity.com/projects/das-u-boot?tab=overview
> thanks!
I think we didn't check all of them, our coverity only check against
our socfpga use cases. But, i failed to "Add me to project", i can't
view all the defects. Does community coverity found the similar warning
as this patch?

Thanks.
> 

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[Chee, Tien Fong]

On Kha, 2017-08-24 at 21:04 -0400, Tom Rini wrote:
> On Thu, Aug 24, 2017 at 01:53:57PM +0800, tien.fong.chee at intel.com
> wrote:
> 
> > 
> > From: Tien Fong Chee <tien.fong.chee@intel.com>
> > 
> > Report Coverity log:
> > The code uses a variable that has not
> > been initialized, leading to unpredictable
> > or unintended results.
> > 
> > Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
> > ---
> >  lib/libfdt/fdt_wip.c |    2 +-
> >  1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
> > index 45fb964..01adad0 100644
> > --- a/lib/libfdt/fdt_wip.c
> > +++ b/lib/libfdt/fdt_wip.c
> > @@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char *
> > const inc[], int inc_count,
> >  		     struct fdt_region region[], int max_regions,
> >  		     char *path, int path_len, int add_string_tab)
> >  {
> > -	int stack[FDT_MAX_DEPTH];
> > +	int stack[FDT_MAX_DEPTH] = { 0 };
> >  	char *end;
> >  	int nextoffset = 0;
> >  	uint32_t tag;
> Since this comes from libfdt, have you checked there as well?  And in
> general, we use a Reported-by: Coverity (CID: xxxx) for issues.  BTW,
> if
> you would like access to the community version of Coverity, please
> sign
> up at https://scan.coverity.com/projects/das-u-boot?tab=overview
> thanks!
> 
Okay, i can add myself to Das U-boot coverity project finally. This
warning is reported by CID: 60519. I will send out another patch with
Reported-by in commit messages.
Thanks.

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[tien.fong.chee at intel.com]

From: Tien Fong Chee <tien.fong.chee@intel.com>

Report Coverity log:
The code uses a variable that has not
been initialized, leading to unpredictable
or unintended results.

Reported-by: Coverity (CID: 60519)
Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
---
 lib/libfdt/fdt_wip.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
index 45fb964..01adad0 100644
--- a/lib/libfdt/fdt_wip.c
+++ b/lib/libfdt/fdt_wip.c
@@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
 		     struct fdt_region region[], int max_regions,
 		     char *path, int path_len, int add_string_tab)
 {
-	int stack[FDT_MAX_DEPTH];
+	int stack[FDT_MAX_DEPTH] = { 0 };
 	char *end;
 	int nextoffset = 0;
 	uint32_t tag;
-- 
1.7.7.4

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[J. William Campbell]

On 8/29/2017 10:15 PM, tien.fong.chee at intel.com wrote:
> From: Tien Fong Chee <tien.fong.chee@intel.com>
>
> Report Coverity log:
> The code uses a variable that has not
> been initialized, leading to unpredictable
> or unintended results.
>
> Reported-by: Coverity (CID: 60519)
> Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
> ---
>   lib/libfdt/fdt_wip.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
> index 45fb964..01adad0 100644
> --- a/lib/libfdt/fdt_wip.c
> +++ b/lib/libfdt/fdt_wip.c
> @@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count,
>   		     struct fdt_region region[], int max_regions,
>   		     char *path, int path_len, int add_string_tab)
>   {
> -	int stack[FDT_MAX_DEPTH];
> +	int stack[FDT_MAX_DEPTH] = { 0 };
It seems to me that one of three things must be true. 1) Coverity can't 
correctly analyze the code and stack[] is not used in an un-initialized 
manner, 2) stack is used in an un-initialized manner but the result is 
not used in that case and is a "don't care" or 3) there is a bug in the 
code. It seems that just initializing the variable to 0 is a "Bad 
Idea(tm)". If it is case 1 or 2, there should be a Coverity code 
annotation comment added to that effect, and if it is case 3, it should 
be fixed. Initializing this variable makes the binary larger to no 
purpose unless there is a bug already.

Best Regards,
J. William Campbell
>   	char *end;
>   	int nextoffset = 0;
>   	uint32_t tag;

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[Chee, Tien Fong]

On Rab, 2017-08-30 at 06:31 -0700, J. William Campbell wrote:
> On 8/29/2017 10:15 PM, tien.fong.chee at intel.com wrote:
> > 
> > From: Tien Fong Chee <tien.fong.chee@intel.com>
> > 
> > Report Coverity log:
> > The code uses a variable that has not
> > been initialized, leading to unpredictable
> > or unintended results.
> > 
> > Reported-by: Coverity (CID: 60519)
> > Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
> > ---
> >   lib/libfdt/fdt_wip.c |    2 +-
> >   1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
> > index 45fb964..01adad0 100644
> > --- a/lib/libfdt/fdt_wip.c
> > +++ b/lib/libfdt/fdt_wip.c
> > @@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char *
> > const inc[], int inc_count,
> >   		     struct fdt_region region[], int max_regions,
> >   		     char *path, int path_len, int
> > add_string_tab)
> >   {
> > -	int stack[FDT_MAX_DEPTH];
> > +	int stack[FDT_MAX_DEPTH] = { 0 };
> It seems to me that one of three things must be true. 1) Coverity
> can't 
> correctly analyze the code and stack[] is not used in an un-
> initialized 
> manner, 2) stack is used in an un-initialized manner but the result
> is 
> not used in that case and is a "don't care" or 3) there is a bug in
> the 
> code. It seems that just initializing the variable to 0 is a "Bad 
> Idea(tm)". If it is case 1 or 2, there should be a Coverity code 
> annotation comment added to that effect, and if it is case 3, it
> should 
> be fixed. Initializing this variable makes the binary larger to no 
> purpose unless there is a bug already.
> 
> Best Regards,
> J. William Campbell
Yeah, i agree with you, state machine design should ensure stack[] is
not used in a uninitialized manner. Hence, i need input from whom
familiar with this function, whether this warning fall in anyone of
these conditions. If we just direct init the stack[], and this solution
will make extra 128 bytes in binary, but having variable with default
value is also good pratice from software quality perspective.
> > 
> >   	char *end;
> >   	int nextoffset = 0;
> >   	uint32_t tag;
> 

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[J. William Campbell]

On 9/4/2017 8:41 PM, Chee, Tien Fong wrote:
> On Rab, 2017-08-30 at 06:31 -0700, J. William Campbell wrote:
>> On 8/29/2017 10:15 PM, tien.fong.chee at intel.com wrote:
>>> From: Tien Fong Chee <tien.fong.chee@intel.com>
>>>
>>> Report Coverity log:
>>> The code uses a variable that has not
>>> been initialized, leading to unpredictable
>>> or unintended results.
>>>
>>> Reported-by: Coverity (CID: 60519)
>>> Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
>>> ---
>>>    lib/libfdt/fdt_wip.c |    2 +-
>>>    1 files changed, 1 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/lib/libfdt/fdt_wip.c b/lib/libfdt/fdt_wip.c
>>> index 45fb964..01adad0 100644
>>> --- a/lib/libfdt/fdt_wip.c
>>> +++ b/lib/libfdt/fdt_wip.c
>>> @@ -115,7 +115,7 @@ int fdt_find_regions(const void *fdt, char *
>>> const inc[], int inc_count,
>>>    		     struct fdt_region region[], int max_regions,
>>>    		     char *path, int path_len, int
>>> add_string_tab)
>>>    {
>>> -	int stack[FDT_MAX_DEPTH];
>>> +	int stack[FDT_MAX_DEPTH] = { 0 };
>> It seems to me that one of three things must be true. 1) Coverity
>> can't
>> correctly analyze the code and stack[] is not used in an un-
>> initialized
>> manner, 2) stack is used in an un-initialized manner but the result
>> is
>> not used in that case and is a "don't care" or 3) there is a bug in
>> the
>> code. It seems that just initializing the variable to 0 is a "Bad
>> Idea(tm)". If it is case 1 or 2, there should be a Coverity code
>> annotation comment added to that effect, and if it is case 3, it
>> should
>> be fixed. Initializing this variable makes the binary larger to no
>> purpose unless there is a bug already.
>>
>> Best Regards,
>> J. William Campbell
> Yeah, i agree with you, state machine design should ensure stack[] is
> not used in a uninitialized manner. Hence, i need input from whom
> familiar with this function, whether this warning fall in anyone of
> these conditions. If we just direct init the stack[], and this solution
> will make extra 128 bytes in binary, but having variable with default
> value is also good pratice from software quality perspective.
Yes, if the default value has a rationale. On the surface, there is no 
way to know that 0 is a "good" initial value. There may be a reason that 
it is, but if we don't know for sure, it is just a "random" number. I 
hope whoever wrote this will speak up and say why the variable is never 
used before it is initialized. Thank you for being so diligent.

Best Regards,
Bill Campbell


>>>    	char *end;
>>>    	int nextoffset = 0;
>>>    	uint32_t tag;

[U-Boot] [PATCH] libfdt: Initialize the stack variable

[sjg at google.com]

On 9/4/2017 8:41 PM, Chee, Tien Fong wrote:
> On Rab, 2017-08-30 at 06:31 -0700, J. William Campbell wrote:
>> On 8/29/2017 10:15 PM, tien.fong.chee at intel.com wrote:
>>> From: Tien Fong Chee <tien.fong.chee@intel.com>
>>>
>>> Report Coverity log:
>>> The code uses a variable that has not
>>> been initialized, leading to unpredictable
>>> or unintended results.
>>>
>>> Reported-by: Coverity (CID: 60519)
>>> Signed-off-by: Tien Fong Chee <tien.fong.chee@intel.com>
>>> ---
>>>    lib/libfdt/fdt_wip.c |    2 +-
>>>    1 files changed, 1 insertions(+), 1 deletions(-)
>>>
Applied to u-boot-fdt thanks!