Here's the latest report. ---------- Forwarded message --------- From: <scan-ad...@coverity.com> Date: Mon, Jan 29, 2024 at 6:51 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: <tom.r...@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das
U-Boot found with Coverity Scan.
1 new defect(s) introduced to Das U-Boot found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 480240: Insecure data handling (TAINTED_SCALAR)
/cmd/efidebug.c: 192 in do_efi_capsule_esrt()
________________________________________________________________________________________________________
*** CID 480240: Insecure data handling (TAINTED_SCALAR)
/cmd/efidebug.c: 192 in do_efi_capsule_esrt()
186
187 printf("========================================\n");
188 printf("ESRT: fw_resource_count=%d\n", esrt->fw_resource_count);
189 printf("ESRT: fw_resource_count_max=%d\n",
esrt->fw_resource_count_max);
190 printf("ESRT: fw_resource_version=%lld\n",
esrt->fw_resource_version);
191
>>> CID 480240: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "esrt->fw_resource_count" as a loop boundary.
192 for (int idx = 0; idx < esrt->fw_resource_count; idx++) {
193 printf("[entry
%d]==============================\n", idx);
194 printf("ESRT: fw_class=%pUL\n",
&esrt->entries[idx].fw_class);
195 printf("ESRT: fw_type=%s\n",
EFI_FW_TYPE_STR_GET(esrt->entries[idx].fw_type));
196 printf("ESRT: fw_version=%d\n",
esrt->entries[idx].fw_version);
197 printf("ESRT: lowest_supported_fw_version=%d\n",
----- End forwarded message -----
--
Tom
signature.asc
Description: PGP signature
