----- Forwarded message from scan-ad...@coverity.com -----

Date: Tue, 06 Sep 2022 01:07:45 +0000 (UTC)
From: scan-ad...@coverity.com
To: tom.r...@gmail.com
Subject: New Defects reported by Coverity Scan for Das U-Boot

Hi,

Please find the latest report on new defect(s) introduced to Das U-Boot found 
with Coverity Scan.

2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent 
build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 356664:  API usage errors  (BUFFER_SIZE)
/lib/tpm-v2.c: 703 in tpm2_report_state()


________________________________________________________________________________________________________
*** CID 356664:  API usage errors  (BUFFER_SIZE)
/lib/tpm-v2.c: 703 in tpm2_report_state()
697             log_debug("ret=%s, %x\n", dev->name, ret);
698             if (ret)
699                     return ret;
700             if (*recv_size < 12)
701                     return -ENODATA;
702             *recv_size -= 12;
>>>     CID 356664:  API usage errors  (BUFFER_SIZE)
>>>     The source buffer "recvbuf + 12" potentially overlaps with the 
>>> destination buffer "recvbuf", which results in undefined behavior for 
>>> "memcpy".
703             memcpy(recvbuf, recvbuf + 12, *recv_size);
704     
705             return 0;
706     }
707     
708     u32 tpm2_enable_nvcommits(struct udevice *dev, uint vendor_cmd,

** CID 183377:    (TAINTED_SCALAR)
/drivers/tpm/tpm2_tis_sandbox.c: 735 in sandbox_tpm2_xfer()
/drivers/tpm/tpm2_tis_sandbox.c: 586 in sandbox_tpm2_xfer()


________________________________________________________________________________________________________
*** CID 183377:    (TAINTED_SCALAR)
/drivers/tpm/tpm2_tis_sandbox.c: 735 in sandbox_tpm2_xfer()
729                     seq = sb_tpm_index_to_seq(index);
730                     if (seq < 0)
731                             return log_msg_ret("index", -EINVAL);
732                     printf("tpm: nvread index=%#02x, len=%#02x, 
seq=%#02x\n", index,
733                            length, seq);
734                     *recv_len = TPM2_HDR_LEN + 6 + length;
>>>     CID 183377:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*recv_len" to "memset", which uses it as an 
>>> offset. [Note: The source code implementation of the function has been 
>>> overridden by a builtin model.]
735                     memset(recvbuf, '\0', *recv_len);
736                     put_unaligned_be32(length, recvbuf + 2);
737                     sb_tpm_read_data(tpm->nvdata, seq, recvbuf,
738                                      TPM2_HDR_LEN + 4 + 2, length);
739                     break;
740             }
/drivers/tpm/tpm2_tis_sandbox.c: 586 in sandbox_tpm2_xfer()
580     
581                     /* Give the number of properties that follow */
582                     put_unaligned_be32(property_count, recv);
583                     recv += sizeof(property_count);
584     
585                     /* Fill with the properties */
>>>     CID 183377:    (TAINTED_SCALAR)
>>>     Using tainted variable "property_count" as a loop boundary.
586                     for (i = 0; i < property_count; i++) {
587                             put_unaligned_be32(TPM2_PROPERTIES_OFFSET + 
property +
588                                                i, recv);
589                             recv += sizeof(property);
590                             put_unaligned_be32(tpm->properties[property + 
i],
591                                                recv);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoA22WlOQ-2By3ieUvdbKmOyw68TMVT4Kip-2BBzfOGWXJ5yIiYplmPF9KAnKIja4Zd7tU-3D4Xh0_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTtsqJ39YESEW2nKPYCMHF70wsixkMVibSCjQ-2FGaGw5huIkg7-2FWaEDzqOUGcMyrbAAtsYzFGNDW0J6oj0eM4yvinWio8GHNygWR2n19gx10LjZwDEeBkQkwqkhNLGzEBh5ka4haIShtRdBfXm97-2BH2LxChYnqy6cvN-2BxDI2jW9HZJA-3D-3D

  To manage Coverity Scan email notifications for "tom.r...@gmail.com", click 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxWeIHzDeopm-2BEWQ6S6K-2FtUHv9ZTk8qZbuzkkz9sa-2BJFzf226DuRd-2B2ygQlLnerl-2BA3jN1AOYejXZ-2FNZ62waJHedPFGpqqjTx8fawy9KPJBno-3DsyQ2_EEm8SbLgSDsaDZif-2Bv7ch8WqhKpLoKErHi4nXpwDNTtsqJ39YESEW2nKPYCMHF700mhadf4YcMAqAcj9oPFjTlJ2s4EcIQU2bFVkOb10WKv-2FZ2t9vT4MUzH6ZOeXZ7qzOdr4JI8cQEPg4D8Tf3kLp0qolYqirx5tuUYCJh6JJ8ik6zvle859z9fd8Tb07Eb4SVxS10DXjSaXXriNevOzvQ-3D-3D


----- End forwarded message -----

-- 
Tom

Attachment: signature.asc
Description: PGP signature

Reply via email to