Hi,
Please find the latest report on new defect(s) introduced to coreboot found
with Coverity Scan.
4 new defect(s) introduced to coreboot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1490983: Control flow issues (DEADCODE)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1210 in edp_ctrl_calc_tu()
________________________________________________________________________________________________________
*** CID 1490983: Control flow issues (DEADCODE)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1210 in edp_ctrl_calc_tu()
1204 temp_fp = LCLK_FAST_SKEW_fp * tu->lwidth;
1205 temp = DIV_ROUND_UP(temp_fp, f);
1206 temp_fp = ((tu->bpp * f / 8) / (tu->nlanes *
tu->original_ratio_fp)) * f * temp;
1207 temp = temp_fp / f;
1208
1209 if (async_en)
>>> CID 1490983: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "tu->delay_start_link += (in...".
1210 tu->delay_start_link += (int)temp;
1211 tu->delay_start_time_fp = (tu->delay_start_link * f) / tu->lclk;
1212
1213 /* OUTPUTS */
1214 tu_table->valid_boundary_link = tu->valid_boundary_link;
1215 tu_table->delay_start_link = tu->delay_start_link;
** CID 1490982: (RESOURCE_LEAK)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
________________________________________________________________________________________________________
*** CID 1490982: (RESOURCE_LEAK)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229 tu_table->valid_lower_boundary_link);
1230 printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231 tu_table->upper_boundary_count);
1232 printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233 tu_table->lower_boundary_count);
1234 printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982: (RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239 struct edp_ctrl_tu tu_config;
1240
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229 tu_table->valid_lower_boundary_link);
1230 printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231 tu_table->upper_boundary_count);
1232 printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233 tu_table->lower_boundary_count);
1234 printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982: (RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239 struct edp_ctrl_tu tu_config;
1240
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229 tu_table->valid_lower_boundary_link);
1230 printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231 tu_table->upper_boundary_count);
1232 printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233 tu_table->lower_boundary_count);
1234 printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982: (RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239 struct edp_ctrl_tu tu_config;
1240
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 1235 in edp_ctrl_calc_tu()
1229 tu_table->valid_lower_boundary_link);
1230 printk(BIOS_INFO, "TU: upper_boundary_count: %d\n",
1231 tu_table->upper_boundary_count);
1232 printk(BIOS_INFO, "TU: lower_boundary_count: %d\n",
1233 tu_table->lower_boundary_count);
1234 printk(BIOS_INFO, "TU: tu_size_minus1: %d\n",
tu_table->tu_size_minus1);
>>> CID 1490982: (RESOURCE_LEAK)
>>> Variable "tu" going out of scope leaks the storage it points to.
1235 }
1236
1237 static void edp_ctrl_config_TU(struct edp_ctrl *ctrl, struct edid
*edid)
1238 {
1239 struct edp_ctrl_tu tu_config;
1240
** CID 1490981: Integer handling issues (DIVIDE_BY_ZERO)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 936 in
edp_ctrl_pixel_clock_dividers()
________________________________________________________________________________________________________
*** CID 1490981: Integer handling issues (DIVIDE_BY_ZERO)
/src/soc/qualcomm/sc7280/display/edp_ctrl.c: 936 in
edp_ctrl_pixel_clock_dividers()
930 pixel_div = 2;
931 else if (rate == DP_LINK_BW_5_4)
932 pixel_div = 4;
933 else
934 printk(BIOS_ERR, "Invalid pixel mux divider\n");
935
>>> CID 1490981: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "ctrl->link_rate_khz * 10U / pixel_div", division by
>>> expression "pixel_div" which may be zero has undefined behavior.
936 dispcc_input_rate = (ctrl->link_rate_khz * 10) / pixel_div;
937
938 rational_best_approximation(dispcc_input_rate, stream_rate_khz,
939 (unsigned long)(1 << 16) - 1,
940 (unsigned long)(1 << 16) - 1, &den,
&num);
941 *pixel_m = num;
** CID 1490980: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1490980: (TAINTED_SCALAR)
/3rdparty/vboot/firmware/2lib/2load_kernel.c: 629 in vb2api_load_kernel()
623 if (AllocAndReadGptData(disk_info->handle, &gpt)) {
624 VB2_DEBUG("Unable to read GPT data\n");
625 goto gpt_done;
626 }
627
628 /* Initialize GPT library */
>>> CID 1490980: (TAINTED_SCALAR)
>>> Passing tainted expression "*gpt.primary_header" to "GptInit", which
>>> uses it as a loop boundary.
629 if (GptInit(&gpt)) {
630 VB2_DEBUG("Error parsing GPT\n");
631 goto gpt_done;
632 }
633
634 /* Loop over candidate kernel partitions */
/3rdparty/vboot/firmware/2lib/2load_kernel.c: 629 in vb2api_load_kernel()
623 if (AllocAndReadGptData(disk_info->handle, &gpt)) {
624 VB2_DEBUG("Unable to read GPT data\n");
625 goto gpt_done;
626 }
627
628 /* Initialize GPT library */
>>> CID 1490980: (TAINTED_SCALAR)
>>> Passing tainted expression "*gpt.secondary_header" to "GptInit", which
>>> uses it as a loop boundary.
629 if (GptInit(&gpt)) {
630 VB2_DEBUG("Error parsing GPT\n");
631 goto gpt_done;
632 }
633
634 /* Loop over candidate kernel partitions */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yq2SfQfrHt3Prsn4qSLrYIrajINpiFX8l0vrlNSf8iCrS27qY0Cr0DkycwNUgGZJj8-3Dp98W_L-2FDzr14mnrsJO5b1wX1hp9b1MAQygl7x-2B74RAaH2cn0-2BnZV2bPAgvjARKHFDcLWipgMc-2Fgd3zVo1yiRgU9exgOiD1dCzc8CivyAhSq9aMpwqYsij0rorOmJeHJCU5Z7HXK-2B0mAxLoWNqIpf-2FUrdwFrT13M7uwJH0ja4CqMJGO-2BvblFhsKUFF66fFqnurdX3pxD7O237wIVU3SmNW9siptA-3D-3D
_______________________________________________
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
