Hi,
Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan.
6 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 6 of 6 defect(s)
** CID 443168: Error handling issues (CHECKED_RETURN) /plat/st/stm32mp2/bl2_plat_setup.c: 183 in bl2_el3_plat_arch_setup()
________________________________________________________________________________________________________ *** CID 443168: Error handling issues (CHECKED_RETURN) /plat/st/stm32mp2/bl2_plat_setup.c: 183 in bl2_el3_plat_arch_setup() 177 BL_CODE_END - BL_CODE_BASE, 178 MT_CODE | MT_SECURE); 179 180 configure_mmu(); 181 182 /* Prevent corruption of preloaded Device Tree */
CID 443168: Error handling issues (CHECKED_RETURN) Calling "mmap_add_dynamic_region" without checking return value (as is done elsewhere 25 out of 29 times).
183 mmap_add_dynamic_region(DTB_BASE, DTB_BASE, 184 DTB_LIMIT - DTB_BASE, 185 MT_RO_DATA | MT_SECURE); 186 187 if (dt_open_and_check(STM32MP_DTB_BASE) < 0) { 188 panic();
** CID 443167: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 578 in rk3588_b0pll_get_rate()
________________________________________________________________________________________________________ *** CID 443167: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 578 in rk3588_b0pll_get_rate() 572 573 rate64 *= m; 574 rate64 = rate64 / p; 575 576 if (k != 0) { 577 /* fractional mode */
CID 443167: Integer handling issues (OVERFLOW_BEFORE_WIDEN) Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
578 uint64_t frac_rate64 = 24000000 * k; 579 580 postdiv = p * 65535; 581 frac_rate64 = frac_rate64 / postdiv; 582 rate64 += frac_rate64; 583 }
** CID 443166: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________ *** CID 443166: Memory - corruptions (OVERRUN) /plat/intel/soc/common/socfpga_vab.c: 97 in socfpga_vab_authentication() 91 if (!IS_BYTE_ALIGNED(img_sz, sizeof(uint32_t))) { 92 ERROR("Image size (%d bytes) not aliged to 4 bytes!\n", img_sz); 93 return -EIMGERR; 94 } 95 96 /* Generate HASH384 from the image */
CID 443166: Memory - corruptions (OVERRUN) Overrunning array "hash384" of 12 bytes by passing it to a function which accesses it at byte offset 47.
97 sha384_start((uint8_t *)img_addr, img_sz, hash384, CHUNKSZ_PER_WD_RESET); 98 cert_hash_ptr = (uint8_t *)(img_addr + img_sz + VAB_CERT_MAGIC_OFFSET + 99 VAB_CERT_FIT_SHA384_OFFSET); 100 101 /* 102 * Compare the SHA384 found in certificate against the SHA384
** CID 443165: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 747 in rk3588_b1pll_get_rate()
________________________________________________________________________________________________________ *** CID 443165: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 747 in rk3588_b1pll_get_rate() 741 742 rate64 *= m; 743 rate64 = rate64 / p; 744 745 if (k != 0) { 746 /* fractional mode */
CID 443165: Integer handling issues (OVERFLOW_BEFORE_WIDEN) Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
747 uint64_t frac_rate64 = 24000000 * k; 748 749 postdiv = p * 65535; 750 frac_rate64 = frac_rate64 / postdiv; 751 rate64 += frac_rate64; 752 }
** CID 443164: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 408 in rk3588_lpll_get_rate()
________________________________________________________________________________________________________ *** CID 443164: Integer handling issues (OVERFLOW_BEFORE_WIDEN) /plat/rockchip/rk3588/drivers/scmi/rk3588_clk.c: 408 in rk3588_lpll_get_rate() 402 403 rate64 *= m; 404 rate64 = rate64 / p; 405 406 if (k != 0) { 407 /* fractional mode */
CID 443164: Integer handling issues (OVERFLOW_BEFORE_WIDEN) Potentially overflowing expression "24000000U * k" with type "unsigned int" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
408 uint64_t frac_rate64 = 24000000 * k; 409 410 postdiv = p * 65535; 411 frac_rate64 = frac_rate64 / postdiv; 412 rate64 += frac_rate64; 413 }
** CID 254051: Memory - illegal accesses (OVERRUN) /plat/intel/soc/common/lib/sha/sha.c: 206 in sha512_base_do_finalize()
________________________________________________________________________________________________________ *** CID 254051: Memory - illegal accesses (OVERRUN) /plat/intel/soc/common/lib/sha/sha.c: 206 in sha512_base_do_finalize() 200 const int bit_offset = SHA512_BLOCK_SIZE - sizeof(uint64_t[2]); 201 uint64_t *bits = (uint64_t *)(sctx->buf + bit_offset); 202 unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; 203 204 sctx->buf[partial++] = 0x80; 205 if (partial > bit_offset) {
CID 254051: Memory - illegal accesses (OVERRUN) Overrunning array of 128 bytes at byte offset 128 by dereferencing pointer "sctx->buf + partial". [Note: The source code implementation of the function has been overridden by a builtin model.]
206 memset(sctx->buf + partial, 0x0, SHA512_BLOCK_SIZE - partial); 207 partial = 0; 208 209 sha512_block_fn(sctx, sctx->buf, 1); 210 } 211
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...