From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]
Date: Tue, 26 Jan 2021 12:02:24 -0500 [thread overview]
Message-ID: <20210126170224.GW7530@bill-the-cat> (raw)
In-Reply-To: <20210121020916.GA9519@laputa>
On Thu, Jan 21, 2021 at 11:09:16AM +0900, AKASHI Takahiro wrote:
> Tom,
>
> Regarding EFI capsule update,
[snip]
> > > ** CID 316360: Uninitialized variables (UNINIT)
> > > /tools/mkeficapsule.c: 298 in create_fwbin()
> > >
> > >
> > > ________________________________________________________________________________________________________
> > > *** CID 316360: Uninitialized variables (UNINIT)
> > > /tools/mkeficapsule.c: 298 in create_fwbin()
> > > 292 goto err_3;
> > > 293 }
> > > 294
> > > 295 capsule.version = 0x00000001;
> > > 296 capsule.embedded_driver_count = 0;
> > > 297 capsule.payload_item_count = 1;
> > > > > > CID 316360: Uninitialized variables (UNINIT)
> > > > > > Using uninitialized value "capsule". Field "capsule.item_offset_list" is uninitialized when calling "fwrite".
> > > 298 size = fwrite(&capsule, 1, sizeof(capsule), f);
>
> This code is safe because capsule.item_offset_list is actually
> defined as "item_offset_list[]" (null array) at the end of the structure
> and the data will be filled in by the succeeding fwrite()'s.
>
> What action should be taken to suppress this warning?
>
> > > 299 if (size < (sizeof(capsule))) {
> > > 300 printf("write failed (%lx)\n", size);
> > > 301 goto err_3;
> > > 302 }
> > > 303 offset = sizeof(capsule) + sizeof(u64);
> > >
> > > ** CID 316359: Null pointer dereferences (FORWARD_NULL)
> > >
> > >
> > > ________________________________________________________________________________________________________
> > > *** CID 316359: Null pointer dereferences (FORWARD_NULL)
> > > /lib/efi_loader/efi_capsule.c: 380 in efi_capsule_update_firmware()
> > > 374 ret = EFI_UNSUPPORTED;
> > > 375 goto out;
> > > 376 }
> > > 377
> > > 378 /* find a device for update firmware */
> > > 379 /* TODO: should we pass index as well, or nothing but type? */
> > > > > > CID 316359: Null pointer dereferences (FORWARD_NULL)
> > > > > > Passing null pointer "handles" to "efi_fmp_find", which dereferences it.
> > > 380 fmp = efi_fmp_find(&image->update_image_type_id,
> > > 381 image->update_hardware_instance,
> > > 382 handles, no_handles);
>
> This code is safe because "handles" is actually an array of pointers
> and "no_handles" indicates the number of elements in this array.
> efi_fmp_find() will not dereference handles at all if no_handles is zero.
>
> What action should be taken to suppress this warning?
I've updated Coverity to list both of these as intentional / ignore,
thanks.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210126/446189dd/attachment.sig>
next prev parent reply other threads:[~2021-01-26 17:02 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-20 19:04 [scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot] Tom Rini
2021-01-20 20:43 ` Heinrich Schuchardt
2021-01-20 22:33 ` Heinrich Schuchardt
2021-01-21 2:09 ` AKASHI Takahiro
2021-01-26 17:02 ` Tom Rini [this message]
2021-01-20 21:03 ` Andre Przywara
2021-01-20 21:34 ` Tom Rini
2021-01-21 11:36 ` Sughosh Ganu
2021-01-21 13:44 ` Heinrich Schuchardt
2021-01-22 8:54 ` Sughosh Ganu
2021-01-22 11:37 ` Heinrich Schuchardt
-- strict thread matches above, loose matches on Subject: below --
2022-09-06 15:50 Tom Rini
2022-05-09 17:22 Tom Rini
2022-04-25 23:41 Tom Rini
2022-03-05 18:27 Tom Rini
2022-02-15 19:29 Tom Rini
2022-02-01 0:33 Tom Rini
2021-11-15 18:02 Tom Rini
2021-11-02 16:22 Tom Rini
2021-11-01 20:06 Tom Rini
2021-09-15 14:11 Tom Rini
2021-08-30 17:39 Tom Rini
2021-08-31 15:18 ` Oleh Kravchenko
2021-09-06 14:05 ` Oleh Kravchenko
2021-09-06 15:23 ` Tom Rini
2021-08-16 19:57 Tom Rini
2021-08-16 20:15 ` Pali Rohár
2021-08-16 20:20 ` Tom Rini
2021-07-27 2:52 Tom Rini
2021-07-27 3:26 ` Sean Anderson
2021-07-27 15:04 ` Tom Rini
2021-05-26 16:58 Tom Rini
2021-05-12 22:30 Tom Rini
2021-04-19 12:20 Tom Rini
2021-04-20 0:58 ` Asherah Connor
2021-04-20 1:17 ` Tom Rini
2021-04-20 6:13 ` Dario Binacchi
2021-03-30 19:55 Tom Rini
2021-03-02 14:42 Tom Rini
2021-02-23 16:15 Tom Rini
2021-02-01 19:51 Tom Rini
2021-01-26 16:41 Tom Rini
2020-12-03 17:28 Tom Rini
2020-11-10 21:18 Tom Rini
2020-10-30 19:16 Tom Rini
2020-11-02 11:54 ` Pratyush Yadav
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210126170224.GW7530@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.