From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [tom.rini@gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot]
Date: Mon, 27 Mar 2023 15:19:46 -0400 [thread overview]
Message-ID: <20230327191946.GF2040436@bill-the-cat> (raw)
[-- Attachment #1: Type: text/plain, Size: 14976 bytes --]
Here's the latest report.
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Mon, Mar 27, 2023 at 2:36 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.
6 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 451089: Incorrect expression (EVALUATION_ORDER)
/lib/efi_loader/efi_device_path.c: 752 in dp_fill()
________________________________________________________________________________________________________
*** CID 451089: Incorrect expression (EVALUATION_ORDER)
/lib/efi_loader/efi_device_path.c: 752 in dp_fill()
746 memcpy(&dp->ns_id, &ns_id, sizeof(ns_id));
747 return &dp[1];
748 }
749 #endif
750 #if defined(CONFIG_USB)
751 case UCLASS_MASS_STORAGE: {
>>> CID 451089: Incorrect expression (EVALUATION_ORDER)
>>> In "desc = desc = dev_get_uclass_plat(dev)", "desc" is written twice with the same value.
752 struct blk_desc *desc = desc =
dev_get_uclass_plat(dev);
753 struct efi_device_path_controller *dp =
754 dp_fill(buf, dev->parent);
755
756 dp->dp.type =
DEVICE_PATH_TYPE_HARDWARE_DEVICE;
757 dp->dp.sub_type =
DEVICE_PATH_SUB_TYPE_CONTROLLER;
** CID 450973: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 450973: (TAINTED_SCALAR)
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
/test/cmd/fdt.c: 133 in make_fuller_fdt()
127 ut_assertok(fdt_property_cell(fdt, "#size-cells", 0));
128 ut_assertok(fdt_property_string(fdt, "compatible",
"u-boot,fdt-subnode-test-device"));
129 ut_assertok(fdt_end_node(fdt));
130 ut_assertok(fdt_end_node(fdt));
131
132 ut_assertok(fdt_end_node(fdt));
>>> CID 450973: (TAINTED_SCALAR)
>>> Passing tainted expression "fdt->size_dt_strings" to "fdt_finish", which uses it as an offset.
133 ut_assertok(fdt_finish(fdt));
134
135 return 0;
136 }
137
138 /* Test 'fdt addr' getting/setting address */
** CID 450972: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450972: (PRINTF_ARGS)
/test/cmd/fdt.c: 267 in fdt_test_move()
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
>>> CID 450972: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
267 ut_assertok(run_commandf("cmp.b %08x %08x %x", addr,
newaddr, ts));
268 ut_assert_nextline("Total of %d byte(s) were the same", ts);
269 ut_assertok(ut_check_console_end(uts));
270
271 return 0;
272 }
/test/cmd/fdt.c: 261 in fdt_test_move()
255 /* Moved target DT location */
256 buf = map_sysmem(newaddr, size);
257 memset(buf, 0, size);
258
259 /* Test moving the working FDT to a new location */
260 ut_assertok(console_record_reset_enable());
>>> CID 450972: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
** CID 450970: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450970: (PRINTF_ARGS)
/test/cmd/fdt.c: 224 in fdt_test_addr_resize()
218 ut_assertok(console_record_reset_enable());
219 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220 ut_assert_nextline("Working FDT set to %lx", addr);
221 ut_assertok(ut_check_console_end(uts));
222
223 /* Try shrinking it */
>>> CID 450970: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
224 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
/test/cmd/fdt.c: 219 in fdt_test_addr_resize()
213 ut_assertok(make_test_fdt(uts, fdt, sizeof(fdt)));
214 addr = map_to_sysmem(fdt);
215 set_working_fdt_addr(addr);
216
217 /* Test setting and resizing the working FDT to a larger size */
218 ut_assertok(console_record_reset_enable());
>>> CID 450970: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
219 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220 ut_assert_nextline("Working FDT set to %lx", addr);
221 ut_assertok(ut_check_console_end(uts));
222
223 /* Try shrinking it */
224 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
/test/cmd/fdt.c: 231 in fdt_test_addr_resize()
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
230 /* ...quietly */
>>> CID 450970: (PRINTF_ARGS)
>>> Argument "addr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
231 ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
232 ut_assert_nextline("Working FDT set to %lx", addr);
233 ut_assertok(ut_check_console_end(uts));
234
235 /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
236
** CID 450968: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450968: (PRINTF_ARGS)
/test/cmd/fdt.c: 224 in fdt_test_addr_resize()
218 ut_assertok(console_record_reset_enable());
219 ut_assertok(run_commandf("fdt addr %08x %x", addr, newsize));
220 ut_assert_nextline("Working FDT set to %lx", addr);
221 ut_assertok(ut_check_console_end(uts));
222
223 /* Try shrinking it */
>>> CID 450968: (PRINTF_ARGS)
>>> Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
224 ut_assertok(run_commandf("fdt addr %08x %x", addr,
sizeof(fdt) / 4));
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
/test/cmd/fdt.c: 231 in fdt_test_addr_resize()
225 ut_assert_nextline("Working FDT set to %lx", addr);
226 ut_assert_nextline("New length %d < existing length
%d, ignoring",
227 (int)sizeof(fdt) / 4, newsize);
228 ut_assertok(ut_check_console_end(uts));
229
230 /* ...quietly */
>>> CID 450968: (PRINTF_ARGS)
>>> Argument "64UL" to format specifier "%x" was expected to have type "unsigned int" but has type "unsigned long".
231 ut_assertok(run_commandf("fdt addr -q %08x %x", addr,
sizeof(fdt) / 4));
232 ut_assert_nextline("Working FDT set to %lx", addr);
233 ut_assertok(ut_check_console_end(uts));
234
235 /* We cannot easily provoke errors in fdt_open_into(),
so ignore that */
236
** CID 450967: (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 450967: (PRINTF_ARGS)
/test/cmd/fdt.c: 261 in fdt_test_move()
255 /* Moved target DT location */
256 buf = map_sysmem(newaddr, size);
257 memset(buf, 0, size);
258
259 /* Test moving the working FDT to a new location */
260 ut_assertok(console_record_reset_enable());
>>> CID 450967: (PRINTF_ARGS)
>>> Argument "newaddr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
/test/cmd/fdt.c: 267 in fdt_test_move()
261 ut_assertok(run_commandf("fdt move %08x %08x %x",
addr, newaddr, ts));
262 ut_assert_nextline("Working FDT set to %lx", newaddr);
263 ut_assertok(ut_check_console_end(uts));
264
265 /* Compare the source and destination DTs */
266 ut_assertok(console_record_reset_enable());
>>> CID 450967: (PRINTF_ARGS)
>>> Argument "newaddr" to format specifier "%08x" was expected to have type "unsigned int" but has type "unsigned long".
267 ut_assertok(run_commandf("cmp.b %08x %08x %x", addr,
newaddr, ts));
268 ut_assert_nextline("Total of %d byte(s) were the same", ts);
269 ut_assertok(ut_check_console_end(uts));
270
271 return 0;
272 }
----- End forwarded message -----
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next reply other threads:[~2023-03-27 19:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-27 19:19 Tom Rini [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-12-18 16:26 [tom.rini@gmail.com: Fwd: New Defects reported by Coverity Scan for Das U-Boot] Tom Rini
2023-12-21 14:48 ` Shantur Rathore
2023-12-21 16:08 ` Tom Rini
2023-11-06 20:27 Tom Rini
2023-11-07 11:18 ` Ilias Apalodimas
2023-11-07 23:18 ` Johan Jonker
2023-11-08 13:54 ` Tom Rini
2023-11-08 3:24 ` Alexander Gendin
2023-11-08 14:29 ` Tom Rini
2023-10-24 1:18 Tom Rini
2023-10-24 15:05 ` Sughosh Ganu
2023-10-24 18:05 ` Tom Rini
2023-07-27 17:38 Tom Rini
2023-05-29 20:04 Tom Rini
2023-01-31 15:02 Tom Rini
2022-12-06 14:51 Tom Rini
2022-08-24 11:40 Tom Rini
2022-09-08 18:19 ` Simon Glass
2022-08-24 11:40 Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230327191946.GF2040436@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox