From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Cc: Vignesh R <vigneshr@ti.com>,
Takahiro Kuwano <Takahiro.Kuwano@infineon.com>,
Tudor Ambarus <tudor.ambarus@linaro.org>,
Venkatesh Yadav Abbarapu <venkatesh.abbarapu@amd.com>,
Pratyush Yadav <p.yadav@ti.com>,
Ashok Reddy Soma <ashok.reddy.soma@amd.com>,
Joakim Tjernlund <joakim.tjernlund@infinera.com>,
Raymond Mao <raymond.mao@linaro.org>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>
Subject: Fwd: New Defects reported by Coverity Scan for Das U-Boot
Date: Tue, 15 Oct 2024 21:47:25 -0600 [thread overview]
Message-ID: <20241016034725.GD6412@bill-the-cat> (raw)
[-- Attachment #1: Type: text/plain, Size: 28517 bytes --]
Hey all, here's the latest report.
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Tue, Oct 15, 2024 at 5:06 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.
22 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 22 defect(s)
** CID 510813: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read()
________________________________________________________________________________________________________
*** CID 510813: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1652 in spi_nor_read()
1646 goto read_err;
1647 }
1648 if (ret < 0)
1649 goto read_err;
1650
1651 if (is_ofst_odd == true) {
>>> CID 510813: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "memmove(buf, buf + 1, len -...".
1652 memmove(buf, (buf + 1), (len - 1));
1653 *retlen += (ret - 1);
1654 buf += ret - 1;
1655 is_ofst_odd = false;
1656 } else {
1657 *retlen += ret;
** CID 510812: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase()
/drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase()
/drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase()
/drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase()
________________________________________________________________________________________________________
*** CID 510812: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 3573 in spi_nor_select_erase()
3567 /*
3568 * In parallel-memories the erase operation is
3569 * performed on both the flashes simultaneously
3570 * so, double the erasesize.
3571 */
3572 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510812: (DEADCODE)
>>> Execution cannot reach this statement: "mtd->erasesize = 8192U;".
3573 mtd->erasesize = 4096 * 2;
3574 else
3575 mtd->erasesize = 4096;
3576 } else if (info->flags & SECT_4K_PMC) {
3577 nor->erase_opcode = SPINOR_OP_BE_4K_PMC;
3578 /*
/drivers/mtd/spi/spi-nor-core.c: 3584 in spi_nor_select_erase()
3578 /*
3579 * In parallel-memories the erase operation is
3580 * performed on both the flashes simultaneously
3581 * so, double the erasesize.
3582 */
3583 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510812: (DEADCODE)
>>> Execution cannot reach this statement: "mtd->erasesize = 8192U;".
3584 mtd->erasesize = 4096 * 2;
3585 else
3586 mtd->erasesize = 4096;
3587 } else
3588 #endif
3589 {
/drivers/mtd/spi/spi-nor-core.c: 3610 in spi_nor_select_erase()
3604 /*
3605 * In parallel-memories the erase operation is
3606 * performed on both the flashes simultaneously
3607 * so, double the erasesize.
3608 */
3609 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510812: (DEADCODE)
>>> Execution cannot reach this statement: "mtd->erasesize = 8192U;".
3610 mtd->erasesize = 4096 * 2;
3611 else
3612 mtd->erasesize = 4096;
3613 }
3614
3615 return 0;
/drivers/mtd/spi/spi-nor-core.c: 3597 in spi_nor_select_erase()
3591 /*
3592 * In parallel-memories the erase operation is
3593 * performed on both the flashes simultaneously
3594 * so, double the erasesize.
3595 */
3596 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510812: (DEADCODE)
>>> Execution cannot reach this statement: "mtd->erasesize = info->sect...".
3597 mtd->erasesize = info->sector_size * 2;
3598 else
3599 mtd->erasesize = info->sector_size;
3600 }
3601
3602 if ((JEDEC_MFR(info) == SNOR_MFR_SST) && info->flags &
SECT_4K) {
** CID 510811: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase()
/drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase()
________________________________________________________________________________________________________
*** CID 510811: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1134 in spi_nor_erase()
1128 addr_known = false;
1129 ret = -EINTR;
1130 goto erase_err;
1131 }
1132 offset = addr;
1133 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510811: (DEADCODE)
>>> Execution cannot reach this statement: "offset /= 2U;".
1134 offset /= 2;
1135
1136 if (nor->flags & SNOR_F_HAS_STACKED) {
1137 if (offset >= (mtd->size / 2)) {
1138 offset = offset - (mtd->size / 2);
1139 nor->spi->flags |= SPI_XFER_U_PAGE;
/drivers/mtd/spi/spi-nor-core.c: 1137 in spi_nor_erase()
1131 }
1132 offset = addr;
1133 if (nor->flags & SNOR_F_HAS_PARALLEL)
1134 offset /= 2;
1135
1136 if (nor->flags & SNOR_F_HAS_STACKED) {
>>> CID 510811: (DEADCODE)
>>> Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
1137 if (offset >= (mtd->size / 2)) {
1138 offset = offset - (mtd->size / 2);
1139 nor->spi->flags |= SPI_XFER_U_PAGE;
1140 } else {
1141 nor->spi->flags &= ~SPI_XFER_U_PAGE;
1142 }
** CID 510810: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
________________________________________________________________________________________________________
*** CID 510810: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
1550 {
1551 int tmp;
1552 u8 id[SPI_NOR_MAX_ID_LEN];
1553 const struct flash_info *info;
1554
1555 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510810: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "nor->spi->flags |= 0x100;".
1556 nor->spi->flags |= SPI_XFER_LOWER;
1557
1558 tmp = nor->read_reg(nor, SPINOR_OP_RDID, id,
SPI_NOR_MAX_ID_LEN);
1559 if (tmp < 0) {
1560 dev_dbg(nor->dev, "error %d reading JEDEC ID\n", tmp);
1561 return ERR_PTR(tmp);
** CID 510809: Resource leaks (RESOURCE_LEAK)
/lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo()
________________________________________________________________________________________________________
*** CID 510809: Resource leaks (RESOURCE_LEAK)
/lib/mbedtls/pkcs7_parser.c: 385 in x509_populate_sinfo()
379 signed_info);
380 if (ret)
381 goto out_err_sinfo;
382
383 no_authattrs:
384 *sinfo = signed_info;
>>> CID 510809: Resource leaks (RESOURCE_LEAK)
>>> Variable "mctx" going out of scope leaks the storage it points to.
385 return 0;
386
387 out_err_sinfo:
388 pkcs7_free_sinfo_mbedtls_ctx(mctx);
389 out_no_mctx:
390 public_key_signature_free(s);
** CID 510808: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes()
________________________________________________________________________________________________________
*** CID 510808: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 724 in spi_nor_set_4byte_opcodes()
718 static void spi_nor_set_4byte_opcodes(struct spi_nor *nor,
719 const struct flash_info *info)
720 {
721 bool shift = 0;
722
723 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510808: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "shift = true;".
724 shift = 1;
725
726 /* Do some manufacturer fixups first */
727 switch (JEDEC_MFR(info)) {
728 case SNOR_MFR_SPANSION:
729 /* No small sector erase for 4-byte command set */
** CID 510807: Control flow issues (DEADCODE)
/lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in x509_inet_pton_ipv6()
________________________________________________________________________________________________________
*** CID 510807: Control flow issues (DEADCODE)
/lib/mbedtls/external/mbedtls/library/x509_crt.c: 2750 in x509_inet_pton_ipv6()
2744 MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups);
2745 nonzero_groups++;
2746 if (*p == '\0') {
2747 break;
2748 } else if (*p == '.') {
2749 /* Don't accept IPv4 too early or late */
>>> CID 510807: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "zero_group_start == -1" inside this statement: "if ((nonzero_groups == 0 &&...".
2750 if ((nonzero_groups == 0 && zero_group_start == -1) ||
2751 nonzero_groups >= 7) {
2752 break;
2753 }
2754
2755 /* Walk back to prior ':', then parse as IPv4-mapped */
** CID 510806: Control flow issues (DEADCODE)
/lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse()
________________________________________________________________________________________________________
*** CID 510806: Control flow issues (DEADCODE)
/lib/mbedtls/pkcs7_parser.c: 209 in authattrs_parse()
203 return -EINVAL;
204 }
205
206 p += seq_len;
207 }
208
>>> CID 510806: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "ret != -96" inside this statement: "if (ret && ret != -96)
re...".
209 if (ret && ret != MBEDTLS_ERR_ASN1_OUT_OF_DATA)
210 return ret;
211
212 msg->have_authattrs = true;
213
214 /*
** CID 510805: Memory - illegal accesses (OVERRUN)
/lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop()
________________________________________________________________________________________________________
*** CID 510805: Memory - illegal accesses (OVERRUN)
/lib/rsa/rsa-keyprop.c: 678 in rsa_gen_key_prop()
672 (*prop)->num_bits = (rsa_key.n_sz - i) * 8;
673 (*prop)->modulus = malloc(rsa_key.n_sz - i);
674 if (!(*prop)->modulus) {
675 ret = -ENOMEM;
676 goto out;
677 }
>>> CID 510805: Memory - illegal accesses (OVERRUN)
>>> Overrunning dynamic array "rsa_key.n" at offset corresponding to index variable "i".
678 memcpy((void *)(*prop)->modulus, &rsa_key.n[i],
rsa_key.n_sz - i);
679
680 n = calloc(sizeof(uint32_t), 1 + ((*prop)->num_bits >> 5));
681 rr = calloc(sizeof(uint32_t), 1 + (((*prop)->num_bits
* 2) >> 5));
682 rrtmp = calloc(sizeof(uint32_t), 2 +
(((*prop)->num_bits * 2) >> 5));
683 if (!n || !rr || !rrtmp) {
** CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
________________________________________________________________________________________________________
*** CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/drivers/mtd/spi/spi-nor-core.c: 1556 in spi_nor_read_id()
1550 {
1551 int tmp;
1552 u8 id[SPI_NOR_MAX_ID_LEN];
1553 const struct flash_info *info;
1554
1555 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510804: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> In "nor->spi->flags |= 256 /* 1 << 8 */", wider "256 /* 1 << 8 */" has high-order bits (0x100) that don't affect the narrower left-hand side.
1556 nor->spi->flags |= SPI_XFER_LOWER;
1557
1558 tmp = nor->read_reg(nor, SPINOR_OP_RDID, id,
SPI_NOR_MAX_ID_LEN);
1559 if (tmp < 0) {
1560 dev_dbg(nor->dev, "error %d reading JEDEC ID\n", tmp);
1561 return ERR_PTR(tmp);
** CID 510803: Code maintainability issues (UNUSED_VALUE)
/drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase()
________________________________________________________________________________________________________
*** CID 510803: Code maintainability issues (UNUSED_VALUE)
/drivers/mtd/spi/spi-nor-core.c: 1138 in spi_nor_erase()
1132 offset = addr;
1133 if (nor->flags & SNOR_F_HAS_PARALLEL)
1134 offset /= 2;
1135
1136 if (nor->flags & SNOR_F_HAS_STACKED) {
1137 if (offset >= (mtd->size / 2)) {
>>> CID 510803: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "offset - mtd->size / 2ULL" to "offset" here, but that stored value is overwritten before it can be used.
1138 offset = offset - (mtd->size / 2);
1139 nor->spi->flags |= SPI_XFER_U_PAGE;
1140 } else {
1141 nor->spi->flags &= ~SPI_XFER_U_PAGE;
1142 }
1143 }
** CID 510802: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 504 in read_sr()
________________________________________________________________________________________________________
*** CID 510802: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 504 in read_sr()
498 * discard the second byte.
499 */
500 if (spi_nor_protocol_is_dtr(nor->reg_proto))
501 op.data.nbytes = 2;
502
503 if (nor->flags & SNOR_F_HAS_PARALLEL) {
>>> CID 510802: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "op.data.nbytes = 2U;".
504 op.data.nbytes = 2;
505 ret = spi_nor_read_write_reg(nor, &op, &val[0]);
506 if (ret < 0) {
507 pr_debug("error %d reading SR\n", (int)ret);
508 return ret;
509 }
** CID 510801: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 510801: Null pointer dereferences (FORWARD_NULL)
/lib/ecdsa/ecdsa-libcrypto.c: 365 in ecdsa_add_verify_data()
359 struct signer ctx;
360 int ret;
361
362 fdt_key_name = info->keyname ? info->keyname : "default-key";
363 ret = prepare_ctx(&ctx, info);
364 if (ret >= 0) {
>>> CID 510801: Null pointer dereferences (FORWARD_NULL)
>>> Passing "info" to "do_add", which dereferences null "info->keyname".
365 ret = do_add(&ctx, fdt, fdt_key_name, info);
366 if (ret < 0)
367 ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
368 }
369
370 free_ctx(&ctx);
371 return ret;
** CID 510800: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read()
/drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read()
/drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read()
/drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read()
________________________________________________________________________________________________________
*** CID 510800: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1620 in spi_nor_read()
1614 } else {
1615 nor->spi->flags &= ~SPI_XFER_U_PAGE;
1616 }
1617 }
1618
1619 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510800: (DEADCODE)
>>> Execution cannot reach this statement: "offset /= 2LL;".
1620 offset /= 2;
1621
1622 if (nor->addr_width == 3) {
1623 #ifdef CONFIG_SPI_FLASH_BAR
1624 ret = write_bar(nor, offset);
1625 if (ret < 0)
/drivers/mtd/spi/spi-nor-core.c: 1590 in spi_nor_read()
1584 u32 rem_bank_len = 0;
1585 u8 bank;
1586 bool is_ofst_odd = false;
1587
1588 dev_dbg(nor->dev, "from 0x%08x, len %zd\n", (u32)from, len);
1589
>>> CID 510800: (DEADCODE)
>>> Execution cannot reach the expression "offset & 1LL" inside this statement: "if (nor->flags & SNOR_F_HAS...".
1590 if ((nor->flags & SNOR_F_HAS_PARALLEL) && (offset & 1)) {
1591 /* We can hit this case when we use file system
like ubifs */
1592 from--;
1593 len++;
1594 is_ofst_odd = true;
1595 }
/drivers/mtd/spi/spi-nor-core.c: 1611 in spi_nor_read()
1605 rem_bank_len = (SZ_16M * (bank
+ 1)) - from;
1606 }
1607 }
1608 offset = from;
1609
1610 if (nor->flags & SNOR_F_HAS_STACKED) {
>>> CID 510800: (DEADCODE)
>>> Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
1611 if (offset >= (mtd->size / 2)) {
1612 offset = offset - (mtd->size / 2);
1613 nor->spi->flags |= SPI_XFER_U_PAGE;
1614 } else {
1615 nor->spi->flags &= ~SPI_XFER_U_PAGE;
1616 }
/drivers/mtd/spi/spi-nor-core.c: 1600 in spi_nor_read()
1594 is_ofst_odd = true;
1595 }
1596
1597 while (len) {
1598 if (nor->addr_width == 3) {
1599 if (nor->flags & SNOR_F_HAS_PARALLEL) {
>>> CID 510800: (DEADCODE)
>>> Execution cannot reach this statement: "bank = (u32)from / 33554432U;".
1600 bank = (u32)from / (SZ_16M << 0x01);
1601 rem_bank_len = ((SZ_16M << 0x01) *
1602 (bank + 1)) - from;
1603 } else {
1604 bank = (u32)from / SZ_16M;
1605 rem_bank_len = (SZ_16M * (bank
+ 1)) - from;
** CID 510799: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write()
/drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write()
/drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write()
________________________________________________________________________________________________________
*** CID 510799: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 1971 in spi_nor_write()
1965 return 0;
1966
1967 /*
1968 * Cannot write to odd offset in parallel mode,
1969 * so write 2 bytes first
1970 */
>>> CID 510799: (DEADCODE)
>>> Execution cannot reach the expression "to & 1LL" inside this statement: "if (nor->flags & SNOR_F_HAS...".
1971 if ((nor->flags & SNOR_F_HAS_PARALLEL) && (to & 1)) {
1972 u8 two[2] = {0xff, buf[0]};
1973 size_t local_retlen;
1974
1975 ret = spi_nor_write(mtd, to & ~1, 2,
&local_retlen, two);
1976 if (ret < 0)
/drivers/mtd/spi/spi-nor-core.c: 2007 in spi_nor_write()
2001 }
2002 offset = (to + i);
2003 if (nor->flags & SNOR_F_HAS_PARALLEL)
2004 offset /= 2;
2005
2006 if (nor->flags & SNOR_F_HAS_STACKED) {
>>> CID 510799: (DEADCODE)
>>> Execution cannot reach this statement: "if (offset >= mtd->size / 2...".
2007 if (offset >= (mtd->size / 2)) {
2008 offset = offset - (mtd->size / 2);
2009 nor->spi->flags |= SPI_XFER_U_PAGE;
2010 } else {
2011 nor->spi->flags &= ~SPI_XFER_U_PAGE;
2012 }
/drivers/mtd/spi/spi-nor-core.c: 2004 in spi_nor_write()
1998 u64 aux = addr;
1999
2000 page_offset = do_div(aux, nor->page_size);
2001 }
2002 offset = (to + i);
2003 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510799: (DEADCODE)
>>> Execution cannot reach this statement: "offset /= 2U;".
2004 offset /= 2;
2005
2006 if (nor->flags & SNOR_F_HAS_STACKED) {
2007 if (offset >= (mtd->size / 2)) {
2008 offset = offset - (mtd->size / 2);
2009 nor->spi->flags |= SPI_XFER_U_PAGE;
** CID 510798: Resource leaks (RESOURCE_LEAK)
/lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params()
________________________________________________________________________________________________________
*** CID 510798: Resource leaks (RESOURCE_LEAK)
/lib/mbedtls/x509_cert_parser.c: 220 in x509_populate_signature_params()
214 }
215
216 ret = hash_calculate(s->hash_algo, ®ion, 1, s->digest);
217 if (!ret)
218 *sig = s;
219
>>> CID 510798: Resource leaks (RESOURCE_LEAK)
>>> Variable "s" going out of scope leaks the storage it points to.
220 return ret;
221
222 error_sig:
223 public_key_signature_free(s);
224 return ret;
225 }
** CID 510797: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan()
/drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan()
________________________________________________________________________________________________________
*** CID 510797: (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 4628 in spi_nor_scan()
4622 /* Send all the required SPI flash commands to
initialize device */
4623 ret = spi_nor_init(nor);
4624 if (ret)
4625 return ret;
4626
4627 if (nor->flags & SNOR_F_HAS_STACKED) {
>>> CID 510797: (DEADCODE)
>>> Execution cannot reach this statement: "nor->spi->flags |= 0x10UL;".
4628 nor->spi->flags |= SPI_XFER_U_PAGE;
4629 ret = spi_nor_init(nor);
4630 if (ret)
4631 return ret;
4632 nor->spi->flags &= ~SPI_XFER_U_PAGE;
4633 }
/drivers/mtd/spi/spi-nor-core.c: 4598 in spi_nor_scan()
4592 nor->addr_width = info->addr_width;
4593 } else {
4594 nor->addr_width = 3;
4595 }
4596
4597 if (nor->flags & (SNOR_F_HAS_PARALLEL | SNOR_F_HAS_STACKED))
>>> CID 510797: (DEADCODE)
>>> Execution cannot reach this statement: "shift = true;".
4598 shift = 1;
4599 if (nor->addr_width == 3 && (mtd->size >> shift) > SZ_16M) {
4600 #ifndef CONFIG_SPI_FLASH_BAR
4601 /* enable 4-byte addressing if the device
exceeds 16MiB */
4602 nor->addr_width = 4;
4603 if (JEDEC_MFR(info) == SNOR_MFR_SPANSION ||
** CID 510796: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 510796: Insecure data handling (TAINTED_SCALAR)
/lib/mbedtls/external/mbedtls/library/rsa.c: 1316 in rsa_prepare_blinding()
1310 }
1311
1312 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf,
ctx->len - 1, f_rng, p_rng));
1313
1314 /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from
inv_mod. */
1315 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len
- 1, f_rng, p_rng));
>>> CID 510796: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "*ctx->Vf.p" to "mbedtls_mpi_mul_mpi", which uses it as an offset.
1316 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R));
1317 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi,
&ctx->Vi, &ctx->N));
1318
1319 /* At this point, Vi is invertible mod N if and only
if both Vf and R
1320 * are invertible mod N. If one of them isn't, we
don't need to know
1321 * which one, we just loop and choose new values for
both of them.
** CID 510795: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init()
________________________________________________________________________________________________________
*** CID 510795: Control flow issues (DEADCODE)
/drivers/mtd/spi/spi-nor-core.c: 4271 in spi_nor_init()
4265
4266 static int spi_nor_init(struct spi_nor *nor)
4267 {
4268 int err;
4269
4270 if (nor->flags & SNOR_F_HAS_PARALLEL)
>>> CID 510795: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "nor->spi->flags |= 3UL;".
4271 nor->spi->flags |= SPI_NOR_ENABLE_MULTI_CS;
4272
4273 err = spi_nor_octal_dtr_enable(nor);
4274 if (err) {
4275 dev_dbg(nor->dev, "Octal DTR mode not supported\n");
4276 return err;
** CID 510794: Control flow issues (NO_EFFECT)
/lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string()
________________________________________________________________________________________________________
*** CID 510794: Control flow issues (NO_EFFECT)
/lib/mbedtls/x509_cert_parser.c: 78 in x509_populate_dn_name_string()
72 do {
73 name_str = kzalloc(len, GFP_KERNEL);
74 if (!name_str)
75 return NULL;
76
77 wb = mbedtls_x509_dn_gets(name_str, len, name);
>>> CID 510794: Control flow issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "wb < 0UL".
78 if (wb < 0) {
79 pr_err("Get DN string failed, ret:-0x%04x\n",
80 (unsigned int)-wb);
81 kfree(name_str);
82 len = len * 2; /* Try with a bigger buffer */
83 }
----- End forwarded message -----
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next reply other threads:[~2024-10-16 3:47 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-16 3:47 Tom Rini [this message]
2024-10-16 5:56 ` Fwd: New Defects reported by Coverity Scan for Das U-Boot Tudor Ambarus
2024-10-16 6:12 ` Ilias Apalodimas
2024-10-16 8:20 ` Abbarapu, Venkatesh
2024-10-16 15:23 ` Raymond Mao
-- strict thread matches above, loose matches on Subject: below --
2026-04-06 19:12 Fwd: " Tom Rini
2026-03-09 21:23 Tom Rini
2026-03-09 22:05 ` Raphaël Gallais-Pou
2026-03-09 22:13 ` Tom Rini
2026-02-23 19:51 Tom Rini
2026-02-13 22:09 Tom Rini
2026-02-18 23:02 ` Chris Morgan
2026-02-20 16:11 ` Tom Rini
2026-02-20 16:23 ` Chris Morgan
2026-01-16 19:43 Tom Rini
2026-02-09 11:05 ` Guillaume La Roque
2026-02-20 16:11 ` Tom Rini
2026-01-06 20:36 Tom Rini
2026-01-05 23:58 Tom Rini
2026-01-06 9:37 ` Mattijs Korpershoek
2026-01-06 17:15 ` Tom Rini
2026-01-06 10:03 ` Heiko Schocher
2025-12-08 19:38 Tom Rini
2025-11-23 19:03 Tom Rini
2025-11-10 18:55 Tom Rini
2025-10-11 18:06 Tom Rini
2025-10-12 14:22 ` Mikhail Kshevetskiy
2025-10-12 19:07 ` Tom Rini
2025-11-01 6:32 ` Mikhail Kshevetskiy
2025-11-03 15:17 ` Tom Rini
2025-11-03 15:24 ` Michael Nazzareno Trimarchi
2025-08-06 18:35 Tom Rini
2025-08-07 9:17 ` Heiko Schocher
2025-08-08 3:37 ` Maniyam, Dinesh
2025-08-08 4:01 ` Heiko Schocher
2025-07-29 16:32 Tom Rini
2025-07-25 13:26 Tom Rini
2025-07-25 13:34 ` Michal Simek
2025-08-04 9:11 ` Alexander Dahl
2025-07-14 23:29 Tom Rini
2025-07-15 13:45 ` Rasmus Villemoes
2025-07-08 14:10 Tom Rini
2025-04-28 21:59 Tom Rini
2025-04-29 12:07 ` Jerome Forissier
2025-04-30 16:50 ` Marek Vasut
2025-04-30 17:01 ` Tom Rini
2025-04-30 18:23 ` Heinrich Schuchardt
2025-04-30 19:14 ` Tom Rini
2025-03-11 1:49 Tom Rini
2025-02-25 2:39 Tom Rini
2025-02-25 6:06 ` Heiko Schocher
2025-02-25 10:48 ` Quentin Schulz
2025-02-25 10:54 ` Heiko Schocher
2025-02-10 22:26 Tom Rini
2025-02-11 6:14 ` Heiko Schocher
2025-02-11 22:30 ` Tom Rini
2024-12-31 13:55 Tom Rini
2024-12-24 17:14 Tom Rini
2024-11-15 13:27 Tom Rini
2024-11-12 2:11 Tom Rini
2024-10-28 3:11 Tom Rini
2024-10-19 16:16 Tom Rini
2024-10-07 17:15 Tom Rini
2024-07-23 14:18 Tom Rini
2024-07-24 9:21 ` Mattijs Korpershoek
2024-07-24 9:45 ` Heinrich Schuchardt
2024-07-24 9:56 ` Mattijs Korpershoek
2024-07-24 10:06 ` Heinrich Schuchardt
2024-07-24 22:40 ` Tom Rini
2024-07-25 8:04 ` Mattijs Korpershoek
2024-07-25 17:16 ` Tom Rini
2024-07-24 9:53 ` Mattijs Korpershoek
2024-04-22 21:48 Tom Rini
2024-01-29 23:55 Tom Rini
2024-01-30 8:14 ` Heinrich Schuchardt
[not found] <20240127154018.GC785631@bill-the-cat>
2024-01-27 20:56 ` Heinrich Schuchardt
2024-01-28 8:51 ` Heinrich Schuchardt
2024-01-22 23:52 Tom Rini
2024-01-22 23:30 Tom Rini
2024-01-23 8:15 ` Hugo Cornelis
[not found] <65a933ab652b3_da12cbd3e77f998728e5@prd-scan-dashboard-0.mail>
2024-01-19 8:47 ` Heinrich Schuchardt
2024-01-18 14:35 Tom Rini
2024-01-08 17:45 Tom Rini
2024-01-09 5:26 ` Sean Anderson
2024-01-09 22:18 ` Tom Rini
2023-08-21 21:09 Tom Rini
2023-08-24 9:27 ` Abdellatif El Khlifi
2023-08-28 16:09 ` Alvaro Fernando García
2023-08-28 16:11 ` Tom Rini
2023-10-20 11:57 ` Abdellatif El Khlifi
2023-10-25 14:57 ` Tom Rini
2023-10-25 15:12 ` Abdellatif El Khlifi
2023-10-25 15:15 ` Tom Rini
2023-10-31 14:21 ` Abdellatif El Khlifi
2023-05-08 20:20 Tom Rini
2023-05-15 21:59 ` Ehsan Mohandesi
2023-05-18 21:04 ` Sean Edmond
2023-02-14 14:26 Tom Rini
2022-11-21 19:43 Tom Rini
2022-11-09 15:40 Tom Rini
[not found] <62df3a0cb9fd2_30ed5f2acd4da7b9a431758@prd-scan-dashboard-0.mail>
2022-07-26 4:22 ` Heinrich Schuchardt
[not found] <611aaf735d268_21438d2b07184e399c79439@prd-scan-dashboard-0.mail>
2021-08-17 5:21 ` Heinrich Schuchardt
2021-08-17 15:17 ` Tom Rini
[not found] <6082f7faa423_5762a2b148d4af9a86820@prd-scan-dashboard-0.mail>
2021-04-24 4:52 ` Heinrich Schuchardt
[not found] <5ecd3c8249d1_d6f562acb748daf5820386@appnode-2.mail>
[not found] ` <CA+M6bX=AmT+SyM0Snt2POLy0-vpD__6CD4j6ifqMqh63yYJBLA@mail.gmail.com>
[not found] ` <8ea1ca2f-2826-58f2-4b6b-ed5cfe977467@gmx.de>
[not found] ` <20200526184027.GJ12717@bill-the-cat>
2020-05-26 20:02 ` Heinrich Schuchardt
2020-05-26 20:10 ` Tom Rini
2020-05-26 20:36 ` Heinrich Schuchardt
2020-05-26 20:48 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241016034725.GD6412@bill-the-cat \
--to=trini@konsulko.com \
--cc=Takahiro.Kuwano@infineon.com \
--cc=ashok.reddy.soma@amd.com \
--cc=ilias.apalodimas@linaro.org \
--cc=joakim.tjernlund@infinera.com \
--cc=p.yadav@ti.com \
--cc=raymond.mao@linaro.org \
--cc=tudor.ambarus@linaro.org \
--cc=u-boot@lists.denx.de \
--cc=venkatesh.abbarapu@amd.com \
--cc=vigneshr@ti.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox