[scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]

Tom Rini Mon, 15 Nov 2021 10:02:55 -0800

Now I'm not 100% sure if this is actually new or due to the code moving,
since there's a new helper function involved, and I also know I had to
hand-merge this section due to the zboot related changes.


----- Forwarded message from scan-ad...@coverity.com -----

Date: Mon, 15 Nov 2021 17:10:36 +0000 (UTC)
From: scan-ad...@coverity.com
To: tom.r...@gmail.com
Subject: New Defects reported by Coverity Scan for Das U-Boot

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot found 
with Coverity Scan.

1 new defect(s) introduced to Das U-Boot found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 131256:  Security best practices violations  (STRING_OVERFLOW)
/boot/pxe_utils.c: 468 in label_boot()


________________________________________________________________________________________________________
*** CID 131256:  Security best practices violations  (STRING_OVERFLOW)
/boot/pxe_utils.c: 468 in label_boot()
462                             printf("Skipping %s for failure retrieving 
initrd\n",
463                                    label->name);
464                             return 1;
465                     }
466     
467                     initrd_addr_str = env_get("ramdisk_addr_r");
>>>     CID 131256:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 10-character fixed-size string "initrd_filesize" 
>>> by copying the return value of "simple_xtoa" without checking the length.
468                     strcpy(initrd_filesize, simple_xtoa(size));
469     
470                     strncpy(initrd_str, initrd_addr_str, 18);
471                     strcat(initrd_str, ":");
472                     strncat(initrd_str, initrd_filesize, 9);
473             }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3DqDBS_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTs3WaBv80RE1DzruJJZi6BnrEYmnrpcEhMD7i6Nn71mQEiN89q-2B05dnIrl-2F-2FLg-2FyyKhNlhf8f6j98klrBBZkTjKpvVHRnkKQV4P8RJHrC-2FTlH-2FnR3hd-2B-2FB4Xs9jPdh0o38re9-2FCcUQKHUJRCJuEiM0XGs5hL9sNTUyuPqeCqFN29A-3D-3D

  To manage Coverity Scan email notifications for "tom.r...@gmail.com", click 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFw4elYDyedRVZOC-2ButxjBZdouVmTGuWB6Aj6G7lm7t25-2Biv1B-2B9082pHzCCex2kqMs-3DijCU_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTs3WaBv80RE1DzruJJZi6BnLcSIt4qRszMu8-2Fc6KHwE4eIspInu-2BW-2BBj23zAvCJHJy3kqoIbz4ydm6YAo63IB6MH66h52-2BUSdSSZFOCcaOcTEKYnCZ7XyrLuHLqrOy9IJQ0bUxbb-2F7xYHStimToW4RrC0VtoGZ4LNyOVS-2FVJOdQaw-3D-3D


----- End forwarded message -----

-- 
Tom

signature.asc
Description: PGP signature

[scan-admin@coverity.com: New Defects reported by Coverity Scan for Das U-Boot]

Reply via email to