[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Mon Dec 29 19:22:02 CET 2014
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
300 new defect(s) introduced to coreboot found with Coverity Scan.
17 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 300 defect(s)
** CID 272525: Use after free (USE_AFTER_FREE)
/payloads/libpayload/libc/malloc.c: 313 in realloc()
/payloads/libpayload/libc/malloc.c: 313 in realloc()
** CID 1018195: Buffer not null terminated (BUFFER_SIZE_WARNING)
/payloads/libpayload/curses/form/frm_req_name.c: 154 in form_request_by_name()
** CID 1018196: Buffer not null terminated (BUFFER_SIZE_WARNING)
/payloads/libpayload/curses/menu/m_req_name.c: 109 in menu_request_by_name()
** CID 1129162: Logically dead code (DEADCODE)
/util/cbfstool/lzma/C/LzmaEnc.c: 1512 in WriteEndMarker()
** CID 1129155: Division or modulo by zero (DIVIDE_BY_ZERO)
/payloads/libpayload/util/kconfig/conf.c: 379 in conf_choice()
** CID 1129142: Missing break in switch (MISSING_BREAK)
/payloads/libpayload/util/kconfig/conf.c: 111 in conf_askvalue()
** CID 1129141: Missing break in switch (MISSING_BREAK)
/payloads/libpayload/util/kconfig/conf.c: 380 in conf_choice()
** CID 1129140: Missing break in switch (MISSING_BREAK)
/payloads/libpayload/util/kconfig/conf.c: 574 in main()
** CID 1129103: Dereference before null check (REVERSE_INULL)
/util/cbfstool/cbfs_image.c: 571 in cbfs_print_header_info()
** CID 1260723: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 312 in PcieGetLinkSpeedCapKB()
** CID 1260721: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f16kb/Proc/Common/AmdInitEarly.c: 239 in AmdInitEarly()
/src/vendorcode/amd/agesa/f15/Proc/Common/AmdInitEarly.c: 240 in AmdInitEarly()
/src/vendorcode/amd/agesa/f12/Proc/Common/AmdInitEarly.c: 240 in AmdInitEarly()
/src/vendorcode/amd/agesa/f15tn/Proc/Common/AmdInitEarly.c: 239 in AmdInitEarly()
/src/vendorcode/amd/agesa/f15/Proc/Common/AmdInitEarly.c: 240 in AmdInitEarly()
/src/vendorcode/amd/agesa/f15tn/Proc/Common/AmdInitEarly.c: 239 in AmdInitEarly()
** CID 1260722: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PciePortServices.c: 427 in PcieEnableSlotPowerLimit()
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PciePortServices.c: 426 in PcieEnableSlotPowerLimit()
** CID 1260719: Resource leak (RESOURCE_LEAK)
/payloads/libpayload/drivers/storage/ahci.c: 124 in ahci_dev_init()
/payloads/libpayload/drivers/storage/ahci.c: 128 in ahci_dev_init()
** CID 1260720: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieEarlyInitTN.c: 686 in PcieEarlyPortInitCallbackTN()
** CID 1260718: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15/Proc/Recovery/HT/htInitRecovery.c: 93 in NewNodeAndSocketTablesRecovery()
/src/vendorcode/amd/agesa/f12/Proc/Recovery/HT/htInitRecovery.c: 88 in NewNodeAndSocketTablesRecovery()
** CID 1260717: Uninitialized scalar variable (UNINIT)
/payloads/libpayload/drivers/storage/ata.c: 210 in ata_attach_device()
** CID 1260716: Resource leak (RESOURCE_LEAK)
/src/southbridge/intel/lynxpoint/me_9.x.c: 1062 in intel_me_read_mbp()
** CID 1260714: Dereference before null check (REVERSE_INULL)
/payloads/libpayload/curses/PDCurses-3.4/pdcurses/clear.c: 94 in wclrtobot()
** CID 1260715: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f16kb/Proc/Mem/NB/KB/mnphykb.c: 858 in MemNCalcWrDqDqsEarlyKB()
** CID 1260713: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Feat/DMI/mfDMI.c: 489 in MemFDMISupport2()
/src/vendorcode/amd/agesa/f14/Proc/Mem/Feat/DMI/mfDMI.c: 422 in MemFDMISupport2()
/src/vendorcode/amd/agesa/f12/Proc/Mem/Feat/DMI/mfDMI.c: 427 in MemFDMISupport2()
/src/vendorcode/amd/agesa/f15/Proc/Mem/Feat/DMI/mfDMI.c: 462 in MemFDMISupport2()
________________________________________________________________________________________________________
*** CID 272525: Use after free (USE_AFTER_FREE)
/payloads/libpayload/libc/malloc.c: 313 in realloc()
307 * if ret == ptr then woo-hoo! no copy needed.
308 */
309 if (ret == NULL || ret == ptr)
310 return ret;
311
312 /* Copy the memory to the new location. */
>>> CID 272525: Use after free (USE_AFTER_FREE)
>>> Calling "memcpy" dereferences freed pointer "ptr". [Note: The source code implementation of the function has been overridden by a builtin model.]
313 memcpy(ret, ptr, osize > size ? size : osize);
314
315 return ret;
316 }
317
318 struct align_region_t
/payloads/libpayload/libc/malloc.c: 313 in realloc()
307 * if ret == ptr then woo-hoo! no copy needed.
308 */
309 if (ret == NULL || ret == ptr)
310 return ret;
311
312 /* Copy the memory to the new location. */
>>> CID 272525: Use after free (USE_AFTER_FREE)
>>> Passing freed pointer "ptr" as an argument to "memcpy".
313 memcpy(ret, ptr, osize > size ? size : osize);
314
315 return ret;
316 }
317
318 struct align_region_t
________________________________________________________________________________________________________
*** CID 1018195: Buffer not null terminated (BUFFER_SIZE_WARNING)
/payloads/libpayload/curses/form/frm_req_name.c: 154 in form_request_by_name()
148 char buf[16];
149
150 T((T_CALLED("form_request_by_name(%s)"), _nc_visbuf(str)));
151
152 if (str)
153 {
>>> CID 1018195: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on destination array "buf" of size 16 bytes might leave the destination string unterminated.
154 strncpy(buf, str, sizeof(buf));
155 while ((i < sizeof(buf)) && (buf[i] != '\0'))
156 {
157 buf[i] = (char)toupper(UChar(buf[i]));
158 i++;
159 }
________________________________________________________________________________________________________
*** CID 1018196: Buffer not null terminated (BUFFER_SIZE_WARNING)
/payloads/libpayload/curses/menu/m_req_name.c: 109 in menu_request_by_name()
103 char buf[16];
104
105 T((T_CALLED("menu_request_by_name(%s)"), _nc_visbuf(str)));
106
107 if (str)
108 {
>>> CID 1018196: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on destination array "buf" of size 16 bytes might leave the destination string unterminated.
109 strncpy(buf, str, sizeof(buf));
110 while ((i < sizeof(buf)) && (buf[i] != '\0'))
111 {
112 buf[i] = (char)toupper(UChar(buf[i]));
113 i++;
114 }
________________________________________________________________________________________________________
*** CID 1129162: Logically dead code (DEADCODE)
/util/cbfstool/lzma/C/LzmaEnc.c: 1512 in WriteEndMarker()
1506 uint32_t len;
1507 RangeEnc_EncodeBit(&p->rc, &p->isMatch[p->state][posState], 1);
1508 RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
1509 p->state = kMatchNextStates[p->state];
1510 len = LZMA_MATCH_LEN_MIN;
1511 LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
>>> CID 1129162: Logically dead code (DEADCODE)
>>> Execution cannot reach the expression "3U" inside this statement: "RcTree_Encode(&p->rc, p->po...".
1512 RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, (1 << kNumPosSlotBits) - 1);
1513 RangeEnc_EncodeDirectBits(&p->rc, (((uint32_t)1 << 30) - 1) >> kNumAlignBits, 30 - kNumAlignBits);
1514 RcTree_ReverseEncode(&p->rc, p->posAlignEncoder, kNumAlignBits, kAlignMask);
1515 }
1516
1517 static SRes CheckErrors(struct CLzmaEnc *p)
________________________________________________________________________________________________________
*** CID 1129155: Division or modulo by zero (DIVIDE_BY_ZERO)
/payloads/libpayload/util/kconfig/conf.c: 379 in conf_choice()
373 cnt = atoi(line);
374 else
375 continue;
376 break;
377 case set_random:
378 if (is_new)
>>> CID 1129155: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "rand() % cnt", modulo by expression "cnt" which may be zero has undefined behavior.
379 def = (rand() % cnt) + 1;
380 case set_default:
381 case set_yes:
382 case set_mod:
383 case set_no:
384 cnt = def;
________________________________________________________________________________________________________
*** CID 1129142: Missing break in switch (MISSING_BREAK)
/payloads/libpayload/util/kconfig/conf.c: 111 in conf_askvalue()
105 case ask_silent:
106 if (sym_has_value(sym)) {
107 printf("%s\n", def);
108 return 0;
109 }
110 check_stdin();
>>> CID 1129142: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
111 case ask_all:
112 fflush(stdout);
113 fgets(line, 128, stdin);
114 return 1;
115 case set_default:
116 printf("%s\n", def);
________________________________________________________________________________________________________
*** CID 1129141: Missing break in switch (MISSING_BREAK)
/payloads/libpayload/util/kconfig/conf.c: 380 in conf_choice()
374 else
375 continue;
376 break;
377 case set_random:
378 if (is_new)
379 def = (rand() % cnt) + 1;
>>> CID 1129141: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
380 case set_default:
381 case set_yes:
382 case set_mod:
383 case set_no:
384 cnt = def;
385 printf("%d\n", cnt);
________________________________________________________________________________________________________
*** CID 1129140: Missing break in switch (MISSING_BREAK)
/payloads/libpayload/util/kconfig/conf.c: 574 in main()
568 "***\n"
569 "*** Please run some configurator (e.g. \"make oldconfig\" or\n"
570 "*** \"make menuconfig\" or \"make xconfig\").\n"
571 "***\n"));
572 exit(1);
573 }
>>> CID 1129140: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
574 case ask_all:
575 case ask_new:
576 conf_read(NULL);
577 break;
578 case set_no:
579 case set_mod:
________________________________________________________________________________________________________
*** CID 1129103: Dereference before null check (REVERSE_INULL)
/util/cbfstool/cbfs_image.c: 571 in cbfs_print_header_info()
565 return 0;
566 }
567
568 int cbfs_print_header_info(struct cbfs_image *image)
569 {
570 char *name = strdup(image->buffer.name);
>>> CID 1129103: Dereference before null check (REVERSE_INULL)
>>> Null-checking "image" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
571 assert(image && image->header);
572 printf("%s: %zd kB, bootblocksize %d, romsize %d, offset 0x%x\n"
573 "alignment: %d bytes, architecture: %s\n\n",
574 basename(name),
575 image->buffer.size / 1024,
576 image->header->bootblocksize,
________________________________________________________________________________________________________
*** CID 1260723: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Modules/GnbInitKB/PcieLibKB.c: 312 in PcieGetLinkSpeedCapKB()
306 }
307 if (Engine->Type.Port.PortData.LinkSpeedCapability < LinkSpeedCapability) {
308 LinkSpeedCapability = Engine->Type.Port.PortData.LinkSpeedCapability;
309 }
310 if ((Flags & PCIE_PORT_GEN_CAP_BOOT) != 0) {
311
>>> CID 1260723: Dereference before null check (REVERSE_INULL)
>>> Null-checking "Engine" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
312 if (( Pcie->PsppPolicy == PsppBalanceLow ||
313 Engine->Type.Port.PortData.MiscControls.LinkSafeMode == PcieGen1)
314 && !PcieConfigIsSbPcieEngine (Engine)) {
315
316 LinkSpeedCapability = PcieGen1;
317 }
________________________________________________________________________________________________________
*** CID 1260721: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f16kb/Proc/Common/AmdInitEarly.c: 239 in AmdInitEarly()
233
234 //
235 // WARNING: AGESA's own IDT is at heap which would be moved from one place to another
236 // so we MUST restore IDT every time before moving heap.
237 //
238 IDS_EXCEPTION_TRAP (IDS_IDT_REPLACE_IDTR_FOR_BSC, NULL, &EarlyParams->StdHeader);
>>> CID 1260721: Dereference before null check (REVERSE_INULL)
>>> Null-checking "EarlyParams" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
239 ASSERT (EarlyParams != NULL);
240 PrevRequestBit = FALSE;
241 PrevStateBits = WR_STATE_COLD;
242 IDS_HDT_CONSOLE (MAIN_FLOW, "\nAmdInitEarly: Start %x \n\n", PrevStateBits);
243 // If a previously requested warm reset cannot be triggered in the
244 // current stage, store the previous state of request and reset the
/src/vendorcode/amd/agesa/f15/Proc/Common/AmdInitEarly.c: 240 in AmdInitEarly()
234 //
235 // WARNING: AGESA's own IDT is at heap which would be moved from one place to another
236 // so we MUST restore IDT every time before moving heap.
237 //
238 IDS_EXCEPTION_TRAP (IDS_IDT_REPLACE_IDTR_FOR_BSC, NULL, &EarlyParams->StdHeader);
239 IDS_PERF_TIME_MEASURE (&EarlyParams->StdHeader);
>>> CID 1260721: Dereference before null check (REVERSE_INULL)
>>> Null-checking "EarlyParams" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
240 ASSERT (EarlyParams != NULL);
241 PrevRequestBit = FALSE;
242 PrevStateBits = WR_STATE_COLD;
243 IDS_HDT_CONSOLE (MAIN_FLOW, "\nAmdInitEarly: Start %x \n\n", PrevStateBits);
244 // If a previously requested warm reset cannot be triggered in the
245 // current stage, store the previous state of request and reset the
/src/vendorcode/amd/agesa/f12/Proc/Common/AmdInitEarly.c: 240 in AmdInitEarly()
234 //
235 // WARNING: AGESA's own IDT is at heap which would be moved from one place to another
236 // so we MUST restore IDT every time before moving heap.
237 //
238 // IDS_EXCEPTION_TRAP (IDS_IDT_REPLACE_IDTR_FOR_BSC, NULL, &EarlyParams->StdHeader);
239 IDS_PERF_TIME_MEASURE (&EarlyParams->StdHeader);
>>> CID 1260721: Dereference before null check (REVERSE_INULL)
>>> Null-checking "EarlyParams" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
240 ASSERT (EarlyParams != NULL);
241 PrevRequestBit = FALSE;
242 PrevStateBits = WR_STATE_COLD;
243 IDS_HDT_CONSOLE (MAIN_FLOW, "\nAmdInitEarly: Start %x \n\n", PrevStateBits);
244 // If a previously requested warm reset cannot be triggered in the
245 // current stage, store the previous state of request and reset the
/src/vendorcode/amd/agesa/f15tn/Proc/Common/AmdInitEarly.c: 239 in AmdInitEarly()
233
234 //
235 // WARNING: AGESA's own IDT is at heap which would be moved from one place to another
236 // so we MUST restore IDT every time before moving heap.
237 //
238 IDS_EXCEPTION_TRAP (IDS_IDT_REPLACE_IDTR_FOR_BSC, NULL, &EarlyParams->StdHeader);
>>> CID 1260721: Dereference before null check (REVERSE_INULL)
>>> Null-checking "EarlyParams" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
239 ASSERT (EarlyParams != NULL);
240 PrevRequestBit = FALSE;
241 PrevStateBits = WR_STATE_COLD;
242 IDS_HDT_CONSOLE (MAIN_FLOW, "\nAmdInitEarly: Start %x \n\n", PrevStateBits);
243 // If a previously requested warm reset cannot be triggered in the
244 // current stage, store the previous state of request and reset the
/src/vendorcode/amd/agesa/f15/Proc/Common/AmdInitEarly.c: 240 in AmdInitEarly()
234 //
235 // WARNING: AGESA's own IDT is at heap which would be moved from one place to another
236 // so we MUST restore IDT every time before moving heap.
237 //
238 IDS_EXCEPTION_TRAP (IDS_IDT_REPLACE_IDTR_FOR_BSC, NULL, &EarlyParams->StdHeader);
239 IDS_PERF_TIME_MEASURE (&EarlyParams->StdHeader);
>>> CID 1260721: Dereference before null check (REVERSE_INULL)
>>> Null-checking "EarlyParams" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
240 ASSERT (EarlyParams != NULL);
241 PrevRequestBit = FALSE;
242 PrevStateBits = WR_STATE_COLD;
243 IDS_HDT_CONSOLE (MAIN_FLOW, "\nAmdInitEarly: Start %x \n\n", PrevStateBits);
244 // If a previously requested warm reset cannot be triggered in the
245 // current stage, store the previous state of request and reset the
/src/vendorcode/amd/agesa/f15tn/Proc/Common/AmdInitEarly.c: 239 in AmdInitEarly()
233
234 //
235 // WARNING: AGESA's own IDT is at heap which would be moved from one place to another
236 // so we MUST restore IDT every time before moving heap.
237 //
238 IDS_EXCEPTION_TRAP (IDS_IDT_REPLACE_IDTR_FOR_BSC, NULL, &EarlyParams->StdHeader);
>>> CID 1260721: Dereference before null check (REVERSE_INULL)
>>> Null-checking "EarlyParams" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
239 ASSERT (EarlyParams != NULL);
240 PrevRequestBit = FALSE;
241 PrevStateBits = WR_STATE_COLD;
242 IDS_HDT_CONSOLE (MAIN_FLOW, "\nAmdInitEarly: Start %x \n\n", PrevStateBits);
243 // If a previously requested warm reset cannot be triggered in the
244 // current stage, store the previous state of request and reset the
________________________________________________________________________________________________________
*** CID 1260722: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbPcieInitLibV1/PciePortServices.c: 427 in PcieEnableSlotPowerLimit()
421 PcieEnableSlotPowerLimit (
422 IN PCIe_ENGINE_CONFIG *Engine,
423 IN PCIe_PLATFORM_CONFIG *Pcie
424 )
425 {
426 ASSERT (Engine->EngineData.EngineType == PciePortEngine);
>>> CID 1260722: Dereference before null check (REVERSE_INULL)
>>> Null-checking "Engine" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
427 if (PcieLibIsEngineAllocated (Engine) && Engine->Type.Port.PortData.PortPresent != PortDisabled && !PcieConfigIsSbPcieEngine (Engine)) {
428 IDS_HDT_CONSOLE (PCIE_MISC, " Enable Slot Power Limit for Port % d\n", Engine->Type.Port.Address.Address.Device);
429 GnbLibPciIndirectRMW (
430 MAKE_SBDFO (0, 0, 0, 0, D0F0x60_ADDRESS),
431 (0x51 + (Engine->Type.Port.Address.Address.Device - 2) * 2) | IOC_WRITE_ENABLE,
432 AccessS3SaveWidth32,
/src/vendorcode/amd/agesa/f12/Proc/GNB/Modules/GnbPcieInitLibV1/PciePortServices.c: 426 in PcieEnableSlotPowerLimit()
420 PcieEnableSlotPowerLimit (
421 IN PCIe_ENGINE_CONFIG *Engine,
422 IN PCIe_PLATFORM_CONFIG *Pcie
423 )
424 {
425 ASSERT (Engine->EngineData.EngineType == PciePortEngine);
>>> CID 1260722: Dereference before null check (REVERSE_INULL)
>>> Null-checking "Engine" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
426 if (PcieLibIsEngineAllocated (Engine) && Engine->Type.Port.PortData.PortPresent != PortDisabled && !PcieConfigIsSbPcieEngine (Engine)) {
427 IDS_HDT_CONSOLE (PCIE_MISC, " Enable Slot Power Limit for Port % d\n", Engine->Type.Port.Address.Address.Device);
428 GnbLibPciIndirectRMW (
429 MAKE_SBDFO (0, 0, 0, 0, D0F0x60_ADDRESS),
430 (D0F0x64_x51_ADDRESS + (Engine->Type.Port.Address.Address.Device - 2) * 2) | IOC_WRITE_ENABLE,
431 AccessS3SaveWidth32,
________________________________________________________________________________________________________
*** CID 1260719: Resource leak (RESOURCE_LEAK)
/payloads/libpayload/drivers/storage/ahci.c: 124 in ahci_dev_init()
118 memset((void *)cmdlist, '\0', ncs * sizeof(cmd_t));
119 memset((void *)cmdtable, '\0', sizeof(*cmdtable));
120 memset((void *)rcvd_fis, '\0', sizeof(*rcvd_fis));
121
122 /* Set command list base and received FIS base. */
123 if (ahci_cmdengine_stop(port))
>>> CID 1260719: Resource leak (RESOURCE_LEAK)
>>> Variable "dev" going out of scope leaks the storage it points to.
124 return 1;
125 port->cmdlist_base = virt_to_phys(cmdlist);
126 port->frameinfo_base = virt_to_phys(rcvd_fis);
127 if (ahci_cmdengine_start(port))
128 return 1;
129 /* Put port into active state. */
/payloads/libpayload/drivers/storage/ahci.c: 128 in ahci_dev_init()
122 /* Set command list base and received FIS base. */
123 if (ahci_cmdengine_stop(port))
124 return 1;
125 port->cmdlist_base = virt_to_phys(cmdlist);
126 port->frameinfo_base = virt_to_phys(rcvd_fis);
127 if (ahci_cmdengine_start(port))
>>> CID 1260719: Resource leak (RESOURCE_LEAK)
>>> Variable "dev" going out of scope leaks the storage it points to.
128 return 1;
129 /* Put port into active state. */
130 port->cmd_stat |= HBA_PxCMD_ICC_ACTIVE;
131
132 dev->ctrl = ctrl;
133 dev->port = port;
________________________________________________________________________________________________________
*** CID 1260720: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15tn/Proc/GNB/Modules/GnbInitTN/PcieEarlyInitTN.c: 686 in PcieEarlyPortInitCallbackTN()
680 PcieLinkInitHotplug (Engine, Pcie);
681 //PciePhyChannelCharacteristic (Engine, Pcie);
682 if (Engine->Type.Port.PortData.PortPresent == PortDisabled ||
683 (Engine->Type.Port.PortData.EndpointStatus == EndpointNotPresent &&
684 Engine->Type.Port.PortData.LinkHotplug != HotplugEnhanced &&
685 Engine->Type.Port.PortData.LinkHotplug != HotplugServer)) {
>>> CID 1260720: Dereference before null check (REVERSE_INULL)
>>> Null-checking "Engine" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
686 ASSERT (!PcieConfigIsSbPcieEngine (Engine));
687 //
688 // Pass endpoint tstaus in scratch
689 //
690 PciePortRegisterRMW (
691 Engine,
________________________________________________________________________________________________________
*** CID 1260718: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15/Proc/Recovery/HT/htInitRecovery.c: 93 in NewNodeAndSocketTablesRecovery()
87 AllocHeapParams.RequestedBufferSize = (((MAX_SOCKETS) * (MAX_DIES)) * sizeof (SOCKET_DIE_TO_NODE_ITEM));
88 AllocHeapParams.BufferHandle = SOCKET_DIE_MAP_HANDLE;
89 AllocHeapParams.Persist = HEAP_SYSTEM_MEM;
90 if (HeapAllocateBuffer (&AllocHeapParams, StdHeader) == AGESA_SUCCESS) {
91 // HeapAllocateBuffer must set BufferPtr to valid or NULL.
92 *SocketDieToNodeMap = (SOCKET_DIE_TO_NODE_MAP)AllocHeapParams.BufferPtr;
>>> CID 1260718: Dereference before null check (REVERSE_INULL)
>>> Null-checking "SocketDieToNodeMap" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
93 ASSERT (SocketDieToNodeMap != NULL);
94 // Initialize shared data structures
95 for (i = 0; i < MAX_SOCKETS; i++) {
96 for (j = 0; j < MAX_DIES; j++) {
97 (**SocketDieToNodeMap)[i][j].Node = HT_LIST_TERMINAL;
98 (**SocketDieToNodeMap)[i][j].LowCore = HT_LIST_TERMINAL;
/src/vendorcode/amd/agesa/f12/Proc/Recovery/HT/htInitRecovery.c: 88 in NewNodeAndSocketTablesRecovery()
82 AllocHeapParams.RequestedBufferSize = (((MAX_SOCKETS) * (MAX_DIES)) * sizeof (SOCKET_DIE_TO_NODE_ITEM));
83 AllocHeapParams.BufferHandle = SOCKET_DIE_MAP_HANDLE;
84 AllocHeapParams.Persist = HEAP_SYSTEM_MEM;
85 if (HeapAllocateBuffer (&AllocHeapParams, StdHeader) == AGESA_SUCCESS) {
86 // HeapAllocateBuffer must set BufferPtr to valid or NULL.
87 *SocketDieToNodeMap = (SOCKET_DIE_TO_NODE_MAP)AllocHeapParams.BufferPtr;
>>> CID 1260718: Dereference before null check (REVERSE_INULL)
>>> Null-checking "SocketDieToNodeMap" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
88 ASSERT (SocketDieToNodeMap != NULL);
89 // Initialize shared data structures
90 for (i = 0; i < MAX_SOCKETS; i++) {
91 for (j = 0; j < MAX_DIES; j++) {
92 (**SocketDieToNodeMap)[i][j].Node = HT_LIST_TERMINAL;
93 (**SocketDieToNodeMap)[i][j].LowCore = HT_LIST_TERMINAL;
________________________________________________________________________________________________________
*** CID 1260717: Uninitialized scalar variable (UNINIT)
/payloads/libpayload/drivers/storage/ata.c: 210 in ata_attach_device()
204 u16 id[256];
205
206 dev->identify_cmd = ATA_IDENTIFY_DEVICE;
207 if (dev->identify(dev, (u8 *)id))
208 return -1;
209
>>> CID 1260717: Uninitialized scalar variable (UNINIT)
>>> Declaring variable "model" without initializer.
210 char fw[9], model[41];
211 ata_strncpy(fw, id + 23, sizeof(fw));
212 ata_strncpy(model, id + 27, sizeof(model));
213 printf("ata: Identified %s [%s]\n", model, fw);
214
215 #ifdef CONFIG_LP_STORAGE_64BIT_LBA
________________________________________________________________________________________________________
*** CID 1260716: Resource leak (RESOURCE_LEAK)
/src/southbridge/intel/lynxpoint/me_9.x.c: 1062 in intel_me_read_mbp()
1056 break;
1057 }
1058 i += item->length;
1059 }
1060 #undef ASSIGN_FIELD_PTR
1061
>>> CID 1260716: Resource leak (RESOURCE_LEAK)
>>> Variable "mbp" going out of scope leaks the storage it points to.
1062 return 0;
1063
1064 mbp_failure:
1065 intel_me_mbp_give_up(dev);
1066 return -1;
1067 }
1068
________________________________________________________________________________________________________
*** CID 1260714: Dereference before null check (REVERSE_INULL)
/payloads/libpayload/curses/PDCurses-3.4/pdcurses/clear.c: 94 in wclrtobot()
88 {
89 int savey = win->_cury;
90 int savex = win->_curx;
91
92 PDC_LOG(("wclrtobot() - called\n"));
93
>>> CID 1260714: Dereference before null check (REVERSE_INULL)
>>> Null-checking "win" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
94 if (!win)
95 return ERR;
96
97 /* should this involve scrolling region somehow ? */
98
99 if (win->_cury + 1 < win->_maxy)
________________________________________________________________________________________________________
*** CID 1260715: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f16kb/Proc/Mem/NB/KB/mnphykb.c: 858 in MemNCalcWrDqDqsEarlyKB()
852 ASSERT ((NBPtr->IsSupported[WLSeedAdjust]) && (NBPtr->IsSupported[WLNegativeDelay]));
853
854 TechPtr = NBPtr->TechPtr;
855 ChannelPtr = NBPtr->ChannelPtr;
856 DCTPtr = NBPtr->DCTPtr;
857
>>> CID 1260715: Dereference before null check (REVERSE_INULL)
>>> Null-checking "NBPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
858 ASSERT (NBPtr != NULL);
859 ASSERT (ChannelPtr != NULL);
860 ASSERT (DCTPtr != NULL);
861 //
862 // For each DIMM:
863 // - The Critical Gross Delay (CGD) is the minimum GrossDly of all byte lanes and all DIMMs.
________________________________________________________________________________________________________
*** CID 1260713: Dereference before null check (REVERSE_INULL)
/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Feat/DMI/mfDMI.c: 489 in MemFDMISupport2()
483 MCTPtr = NBPtr->MCTPtr;
484 RefPtr = MemPtr->ParameterListPtr;
485
486 // Initialize local variables
487 MaxDimms = 0;
488
>>> CID 1260713: Dereference before null check (REVERSE_INULL)
>>> Null-checking "NBPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
489 ASSERT (NBPtr != NULL);
490
491 MaxSockets = (UINT8) (0x000000FF & GetPlatformNumberOfSockets ());
492 for (Socket = 0; Socket < MaxSockets; Socket++) {
493 for (Channel = 0; Channel < GetMaxChannelsPerSocket (RefPtr->PlatformMemoryConfiguration, Socket, &MemPtr->StdHeader); Channel++) {
494 temp = GetMaxDimmsPerChannel (RefPtr->PlatformMemoryConfiguration, Socket, Channel);
/src/vendorcode/amd/agesa/f14/Proc/Mem/Feat/DMI/mfDMI.c: 422 in MemFDMISupport2()
416 MCTPtr = NBPtr->MCTPtr;
417 RefPtr = MemPtr->ParameterListPtr;
418
419 // Initialize local variables
420 MaxDimms = 0;
421
>>> CID 1260713: Dereference before null check (REVERSE_INULL)
>>> Null-checking "NBPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
422 ASSERT (NBPtr != NULL);
423
424 MaxSockets = (UINT8) (0x000000FF & GetPlatformNumberOfSockets ());
425 for (Socket = 0; Socket < MaxSockets; Socket++) {
426 for (Channel = 0; Channel < GetMaxChannelsPerSocket (RefPtr->PlatformMemoryConfiguration, Socket, &MemPtr->StdHeader); Channel++) {
427 temp = GetMaxDimmsPerChannel (RefPtr->PlatformMemoryConfiguration, Socket, Channel);
/src/vendorcode/amd/agesa/f12/Proc/Mem/Feat/DMI/mfDMI.c: 427 in MemFDMISupport2()
421 MCTPtr = NBPtr->MCTPtr;
422 RefPtr = MemPtr->ParameterListPtr;
423
424 // Initialize local variables
425 MaxDimms = 0;
426
>>> CID 1260713: Dereference before null check (REVERSE_INULL)
>>> Null-checking "NBPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
427 ASSERT (NBPtr != NULL);
428
429 MaxSockets = (UINT8) (0x000000FF & GetPlatformNumberOfSockets ());
430 for (Socket = 0; Socket < MaxSockets; Socket++) {
431 for (Channel = 0; Channel < GetMaxChannelsPerSocket (RefPtr->PlatformMemoryConfiguration, Socket, &MemPtr->StdHeader); Channel++) {
432 temp = GetMaxDimmsPerChannel (RefPtr->PlatformMemoryConfiguration, Socket, Channel);
/src/vendorcode/amd/agesa/f15/Proc/Mem/Feat/DMI/mfDMI.c: 462 in MemFDMISupport2()
456 MCTPtr = NBPtr->MCTPtr;
457 RefPtr = MemPtr->ParameterListPtr;
458
459 // Initialize local variables
460 MaxDimms = 0;
461
>>> CID 1260713: Dereference before null check (REVERSE_INULL)
>>> Null-checking "NBPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
462 ASSERT (NBPtr != NULL);
463
464 MaxSockets = (UINT8) (0x000000FF & GetPlatformNumberOfSockets ());
465 for (Socket = 0; Socket < MaxSockets; Socket++) {
466 for (Channel = 0; Channel < GetMaxChannelsPerSocket (RefPtr->PlatformMemoryConfiguration, Socket, &MemPtr->StdHeader); Channel++) {
467 temp = GetMaxDimmsPerChannel (RefPtr->PlatformMemoryConfiguration, Socket, Channel);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/1016?tab=overview
To manage Coverity Scan email notifications for "coreboot at coreboot.org", click http://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=8ddd1fe26945626880b796e94d465567 .
More information about the coreboot
mailing list