Here's the latest report ---------- Forwarded message --------- From: <scan-ad...@coverity.com> Date: Mon, Dec 5, 2022, 3:35 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: <tom.r...@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot
found with Coverity Scan.
4 new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 430977: Null pointer dereferences (FORWARD_NULL)
/net/ndisc.c: 268 in ndisc_receive()
________________________________________________________________________________________________________
*** CID 430977: Null pointer dereferences (FORWARD_NULL)
/net/ndisc.c: 268 in ndisc_receive()
262 sizeof(struct in6_addr)) == 0) &&
263 ndisc_has_option(ip6, ND_OPT_TARGET_LL_ADDR)) {
264 ndisc_extract_enetaddr(ndisc,
neigh_eth_addr);
265
266 /* save address for later use */
267 if (!net_nd_packet_mac)
>>> CID 430977: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "net_nd_packet_mac" to "memcpy", which
dereferences it. [Note: The source code implementation of the function has
been overridden by a builtin model.]
268 memcpy(net_nd_packet_mac,
neigh_eth_addr, 7);
269
270 /* modify header, and transmit it */
271 memcpy(((struct ethernet_hdr
*)net_nd_tx_packet)->et_dest,
272 neigh_eth_addr, 6);
273
** CID 430976: Control flow issues (DEADCODE)
/net/tftp.c: 744 in sanitize_tftp_block_size_option()
________________________________________________________________________________________________________
*** CID 430976: Control flow issues (DEADCODE)
/net/tftp.c: 744 in sanitize_tftp_block_size_option()
738 }
739 /*
740 * If not CONFIG_IP_DEFRAG, cap at the same value as
741 * for tftp put, namely normal MTU minus protocol
742 * overhead.
743 */
>>> CID 430976: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "[[fallthrough]];".
744 fallthrough;
745 case TFTPPUT:
746 default:
747 /*
748 * U-Boot does not support IP fragmentation on TX,
so
749 * this must be small enough that it fits normal MTU
** CID 430975: Control flow issues (MISSING_BREAK)
/net/net.c: 1270 in net_process_received_packet()
________________________________________________________________________________________________________
*** CID 430975: Control flow issues (MISSING_BREAK)
/net/net.c: 1270 in net_process_received_packet()
1264 #ifdef CONFIG_CMD_RARP
1265 case PROT_RARP:
1266 rarp_receive(ip, len);
1267 break;
1268 #endif
1269 #if IS_ENABLED(CONFIG_IPV6)
>>> CID 430975: Control flow issues (MISSING_BREAK)
>>> The case for value "34525" is not terminated by a "break" statement.
1270 case PROT_IP6:
1271 net_ip6_handler(et, (struct ip6_hdr *)ip, len);
1272 #endif
1273 case PROT_IP:
1274 debug_cond(DEBUG_NET_PKT, "Got IP\n");
1275 /* Before we start poking the header, make sure it
is there */
** CID 430974: Memory - corruptions (OVERRUN)
/net/ndisc.c: 268 in ndisc_receive()
________________________________________________________________________________________________________
*** CID 430974: Memory - corruptions (OVERRUN)
/net/ndisc.c: 268 in ndisc_receive()
262 sizeof(struct in6_addr)) == 0) &&
263 ndisc_has_option(ip6, ND_OPT_TARGET_LL_ADDR)) {
264 ndisc_extract_enetaddr(ndisc,
neigh_eth_addr);
265
266 /* save address for later use */
267 if (!net_nd_packet_mac)
>>> CID 430974: Memory - corruptions (OVERRUN)
>>> Overrunning array "neigh_eth_addr" of 6 bytes by passing it to a
function which accesses it at byte offset 6 using argument "7UL". [Note:
The source code implementation of the function has been overridden by a
builtin model.]
268 memcpy(net_nd_packet_mac,
neigh_eth_addr, 7);
269
270 /* modify header, and transmit it */
271 memcpy(((struct ethernet_hdr
*)net_nd_tx_packet)->et_dest,
272 neigh_eth_addr, 6);
273
--
Tom
signature.asc
Description: PGP signature
