Here's the latest report. ---------- Forwarded message --------- From: <scan-ad...@coverity.com> Date: Mon, Feb 10, 2025 at 4:12 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: <tom.r...@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot
found with Coverity Scan.
3 new defect(s) introduced to Das U-Boot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 541281: Insecure data handling (TAINTED_SCALAR)
/lib/tpm-v2.c: 77 in tpm2_scan_masks()
________________________________________________________________________________________________________
*** CID 541281: Insecure data handling (TAINTED_SCALAR)
/lib/tpm-v2.c: 77 in tpm2_scan_masks()
71 *mask = 0;
72
73 rc = tpm2_get_pcr_info(dev, &pcrs);
74 if (rc)
75 return rc;
76
>>> CID 541281: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "pcrs.count" as a loop boundary.
77 for (i = 0; i < pcrs.count; i++) {
78 struct tpms_pcr_selection *sel = &pcrs.selection[i];
79 size_t j;
80 u32 hash_mask = 0;
81
82 for (j = 0; j < ARRAY_SIZE(hash_algo_list); j++) {
** CID 541280: Insecure data handling (TAINTED_SCALAR)
/cmd/tpm-v2.c: 307 in do_tpm2_pcrallocate()
________________________________________________________________________________________________________
*** CID 541280: Insecure data handling (TAINTED_SCALAR)
/cmd/tpm-v2.c: 307 in do_tpm2_pcrallocate()
301 * first call
302 */
303 ret = tpm2_get_pcr_info(dev, &pcr);
304 if (ret)
305 return ret;
306
>>> CID 541280: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "pcr.count" as a loop boundary.
307 for (i = 0; i < pcr.count; i++) {
308 struct tpms_pcr_selection *sel =
&pcr.selection[i];
309 const char *name;
310
311 if (!tpm2_is_active_bank(sel))
312 continue;
** CID 541279: (TAINTED_SCALAR)
/drivers/led/led-uclass.c: 284 in led_get_function_name()
/drivers/led/led-uclass.c: 279 in led_get_function_name()
________________________________________________________________________________________________________
*** CID 541279: (TAINTED_SCALAR)
/drivers/led/led-uclass.c: 284 in led_get_function_name()
278 if (!ret) {
279 snprintf(uc_plat->name, LED_MAX_NAME_SIZE,
280 "%s:%s-%d",
281 cp ? "" : led_colors[color],
282 func ? func : "", enumerator);
283 } else {
>>> CID 541279: (TAINTED_SCALAR)
>>> Using tainted variable "color" as an index into an array
"led_colors".
284 snprintf(uc_plat->name, LED_MAX_NAME_SIZE,
285 "%s:%s",
286 cp ? "" : led_colors[color],
287 func ? func : "");
288 }
289 uc_plat->label = uc_plat->name;
/drivers/led/led-uclass.c: 279 in led_get_function_name()
273 /* Now try to detect function label name */
274 func = dev_read_string(dev, "function");
275 cp = dev_read_u32(dev, "color", &color);
276 if (cp == 0 || func) {
277 ret = dev_read_u32(dev, "function-enumerator",
&enumerator);
278 if (!ret) {
>>> CID 541279: (TAINTED_SCALAR)
>>> Using tainted variable "color" as an index into an array
"led_colors".
279 snprintf(uc_plat->name, LED_MAX_NAME_SIZE,
280 "%s:%s-%d",
281 cp ? "" : led_colors[color],
282 func ? func : "", enumerator);
283 } else {
284 snprintf(uc_plat->name, LED_MAX_NAME_SIZE,
----- End forwarded message -----
--
Tom
signature.asc
Description: PGP signature
