[coreboot] New Defects reported by Coverity Scan for coreboot
scan-admin at coverity.com
scan-admin at coverity.com
Tue May 17 13:40:01 CEST 2016
Hi,
Please find the latest report on new defect(s) introduced to coreboot found with Coverity Scan.
83 new defect(s) introduced to coreboot found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 83 defect(s)
** CID 1355263: Null pointer dereferences (FORWARD_NULL)
/src/arch/x86/acpigen.c: 209 in acpigen_emit_string()
________________________________________________________________________________________________________
*** CID 1355263: Null pointer dereferences (FORWARD_NULL)
/src/arch/x86/acpigen.c: 209 in acpigen_emit_string()
203 acpigen_emit_byte(data[i]);
204 }
205 }
206
207 void acpigen_emit_string(const char *string)
208 {
>>> CID 1355263: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "string" to "strlen", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.]
209 acpigen_emit_stream(string, string ? 0 : strlen(string));
210 acpigen_emit_byte('\0'); /* NUL */
211 }
212
213 void acpigen_write_string(const char *string)
214 {
** CID 1353361: Code maintainability issues (UNUSED_VALUE)
/3rdparty/chromeec/driver/accelgyro_bmi160.c: 382 in set_data_rate()
________________________________________________________________________________________________________
*** CID 1353361: Code maintainability issues (UNUSED_VALUE)
/3rdparty/chromeec/driver/accelgyro_bmi160.c: 382 in set_data_rate()
376 if (s->type == MOTIONSENSE_TYPE_MAG)
377 moc->batch_size = 0;
378 #endif
379 return ret;
380 } else if (data->odr == 0) {
381 /* back from suspend mode. */
>>> CID 1353361: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "raw_write8(s->addr, 126, 0x10U | (s->type << 2) | 1U)" to "ret" here, but that stored value is overwritten before it can be used.
382 ret = raw_write8(s->addr, BMI160_CMD_REG,
383 BMI160_CMD_MODE_NORMAL(s->type));
384 msleep(wakeup_time[s->type]);
385 }
386 ctrl_reg = BMI160_CONF_REG(s->type);
387 reg_val = BMI160_ODR_TO_REG(rate);
** CID 1353359: Control flow issues (UNREACHABLE)
/3rdparty/chromeec/common/spi_flash.c: 94 in spi_flash_get_status2()
________________________________________________________________________________________________________
*** CID 1353359: Control flow issues (UNREACHABLE)
/3rdparty/chromeec/common/spi_flash.c: 94 in spi_flash_get_status2()
88
89 /* Second status register not present */
90 #ifndef CONFIG_SPI_FLASH_HAS_SR2
91 return 0;
92 #endif
93
>>> CID 1353359: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "if (spi_transaction(&spi_de...".
94 if (spi_transaction(SPI_FLASH_DEVICE, &cmd, 1, &resp, 1) != EC_SUCCESS)
95 return -1;
96
97 return resp;
98 }
99
** CID 1353357: Control flow issues (UNREACHABLE)
/3rdparty/chromeec/common/charge_manager.c: 625 in charge_manager_make_change()
________________________________________________________________________________________________________
*** CID 1353357: Control flow issues (UNREACHABLE)
/3rdparty/chromeec/common/charge_manager.c: 625 in charge_manager_make_change()
619 */
620 #ifndef CONFIG_CHARGE_MANAGER_DRP_CHARGING
621 if (dualrole_capability[port] != CAP_DEDICATED)
622 #endif
623 return;
624 /* Clear override only if a charge is present on the port */
>>> CID 1353357: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "i = 0;".
625 for (i = 0; i < CHARGE_SUPPLIER_COUNT; ++i)
626 if (available_charge[i][port].current > 0) {
627 clear_override = 1;
628 break;
629 }
630 /*
** CID 1353345: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353345: (OVERRUN)
/3rdparty/chromeec/common/host_command_master.c: 82 in pd_host_command_internal()
76
77 /*
78 * Transmit all data and receive 2 bytes for return value and response
79 * length.
80 */
81 i2c_lock(I2C_PORT_PD_MCU, 1);
>>> CID 1353345: (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C1" in call to "i2c_set_timeout".
82 i2c_set_timeout(I2C_PORT_PD_MCU, PD_HOST_COMMAND_TIMEOUT_US);
83 ret = i2c_xfer(I2C_PORT_PD_MCU, CONFIG_USB_PD_I2C_SLAVE_ADDR,
84 &req_buf[0], outsize + sizeof(rq) + 1, &resp_buf[0],
85 2, I2C_XFER_START);
86 i2c_set_timeout(I2C_PORT_PD_MCU, 0);
87 if (ret) {
/3rdparty/chromeec/common/host_command_master.c: 86 in pd_host_command_internal()
80 */
81 i2c_lock(I2C_PORT_PD_MCU, 1);
82 i2c_set_timeout(I2C_PORT_PD_MCU, PD_HOST_COMMAND_TIMEOUT_US);
83 ret = i2c_xfer(I2C_PORT_PD_MCU, CONFIG_USB_PD_I2C_SLAVE_ADDR,
84 &req_buf[0], outsize + sizeof(rq) + 1, &resp_buf[0],
85 2, I2C_XFER_START);
>>> CID 1353345: (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C1" in call to "i2c_set_timeout".
86 i2c_set_timeout(I2C_PORT_PD_MCU, 0);
87 if (ret) {
88 i2c_lock(I2C_PORT_PD_MCU, 0);
89 CPRINTF("[%T i2c transaction 1 failed: %d]\n", ret);
90 return -EC_RES_BUS_ERROR;
91 }
/3rdparty/chromeec/common/host_command_master.c: 83 in pd_host_command_internal()
77 /*
78 * Transmit all data and receive 2 bytes for return value and response
79 * length.
80 */
81 i2c_lock(I2C_PORT_PD_MCU, 1);
82 i2c_set_timeout(I2C_PORT_PD_MCU, PD_HOST_COMMAND_TIMEOUT_US);
>>> CID 1353345: (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C1" in call to "i2c_xfer".
83 ret = i2c_xfer(I2C_PORT_PD_MCU, CONFIG_USB_PD_I2C_SLAVE_ADDR,
84 &req_buf[0], outsize + sizeof(rq) + 1, &resp_buf[0],
85 2, I2C_XFER_START);
86 i2c_set_timeout(I2C_PORT_PD_MCU, 0);
87 if (ret) {
88 i2c_lock(I2C_PORT_PD_MCU, 0);
/3rdparty/chromeec/common/host_command_master.c: 97 in pd_host_command_internal()
91 }
92
93 resp_len = resp_buf[1];
94
95 if (resp_len > (insize + sizeof(rs))) {
96 /* Do a dummy read to generate stop condition */
>>> CID 1353345: (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C1" in call to "i2c_xfer".
97 i2c_xfer(I2C_PORT_PD_MCU, CONFIG_USB_PD_I2C_SLAVE_ADDR,
98 0, 0, &resp_buf[2], 1, I2C_XFER_STOP);
99 i2c_lock(I2C_PORT_PD_MCU, 0);
100 CPRINTF("[%T response size is too large %d > %d]\n",
101 resp_len, insize + sizeof(rs));
102 return -EC_RES_RESPONSE_TOO_BIG;
/3rdparty/chromeec/common/host_command_master.c: 106 in pd_host_command_internal()
100 CPRINTF("[%T response size is too large %d > %d]\n",
101 resp_len, insize + sizeof(rs));
102 return -EC_RES_RESPONSE_TOO_BIG;
103 }
104
105 /* Receive remaining data */
>>> CID 1353345: (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C1" in call to "i2c_xfer".
106 ret = i2c_xfer(I2C_PORT_PD_MCU, CONFIG_USB_PD_I2C_SLAVE_ADDR, 0, 0,
107 &resp_buf[2], resp_len, I2C_XFER_STOP);
108 i2c_lock(I2C_PORT_PD_MCU, 0);
109 if (ret) {
110 CPRINTF("[%T i2c transaction 2 failed: %d]\n", ret);
111 return -EC_RES_BUS_ERROR;
** CID 1353329: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/host_command_master.c: 59 in pd_host_command_internal()
________________________________________________________________________________________________________
*** CID 1353329: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/host_command_master.c: 59 in pd_host_command_internal()
53 rq.command_version = version;
54 rq.reserved = 0;
55 rq.data_len = outsize;
56
57 /* Copy data and start checksum */
58 for (i = 0, c = (const uint8_t *)outdata; i < outsize; i++, c++) {
>>> CID 1353329: Memory - corruptions (OVERRUN)
>>> Overrunning array "req_buf" of 256 bytes at byte offset 256 using index "9U + i" (which evaluates to 256).
59 req_buf[sizeof(rq) + 1 + i] = *c;
60 sum += *c;
61 }
62
63 /* Finish checksum */
64 for (i = 0, c = (const uint8_t *)&rq; i < sizeof(rq); i++, c++)
** CID 1353324: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/driver/temp_sensor/bd99992gw.c: 74 in bd99992gw_init()
________________________________________________________________________________________________________
*** CID 1353324: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/driver/temp_sensor/bd99992gw.c: 74 in bd99992gw_init()
68
69 /* Make sure we don't have too many active channels. */
70 ASSERT(active_channel_count <= ARRAY_SIZE(active_channels));
71
72 /* Mark the first unused channel so we know where to stop searching */
73 if (active_channel_count != ARRAY_SIZE(active_channels))
>>> CID 1353324: Memory - corruptions (OVERRUN)
>>> Overrunning array "active_channels" of 8 4-byte elements at element index 9 (byte offset 36) using index "active_channel_count" (which evaluates to 9).
74 active_channels[active_channel_count] =
75 BD99992GW_ADC_CHANNEL_NONE;
76
77 /* Now write pointer regs with channel to monitor */
78 for (i = 0; i < active_channel_count; ++i)
79 /* Write stop bit on last channel */
** CID 1353323: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/pd_log.c: 176 in hc_pd_get_log_entry()
________________________________________________________________________________________________________
*** CID 1353323: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/pd_log.c: 176 in hc_pd_get_log_entry()
170 dequeue_retry:
171 args->response_size = pd_log_dequeue(r);
172 /* if the MCU log no longer has entries, try connected accessories */
173 if (r->type == PD_EVENT_NO_ENTRY) {
174 int i, res;
175 incoming_logs = 0;
>>> CID 1353323: Memory - corruptions (OVERRUN)
>>> Checking "i < 2" implies that "i" may be up to 1 on the true branch.
176 for (i = 0; i < CONFIG_USB_PD_PORT_COUNT; ++i) {
177 /* only accessories who knows Google logging format */
178 if (pd_get_identity_vid(i) != USB_VID_GOOGLE)
179 continue;
180 res = pd_fetch_acc_log_entry(i);
181 if (res == EC_RES_BUSY) /* host should retry */
** CID 1353321: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353321: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/driver/charger/isl9237.c: 58 in raw_write16()
52 {
53 return i2c_read16(I2C_PORT_CHARGER, I2C_ADDR_CHARGER, offset, value);
54 }
55
56 static inline int raw_write16(int offset, int value)
57 {
>>> CID 1353321: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C3" in call to "i2c_write16".
58 return i2c_write16(I2C_PORT_CHARGER, I2C_ADDR_CHARGER, offset, value);
59 }
60
61 static int isl9237_set_current(uint16_t current)
62 {
63 return raw_write16(ISL9237_REG_CHG_CURRENT, CURRENT_TO_REG(current));
** CID 1353320: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353320: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/driver/charger/isl9237.c: 53 in raw_read16()
47 {
48 return i2c_read8(I2C_PORT_CHARGER, I2C_ADDR_CHARGER, offset, value);
49 }
50
51 static inline int raw_read16(int offset, int *value)
52 {
>>> CID 1353320: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 2 by passing argument "MEC1322_I2C3" in call to "i2c_read16".
53 return i2c_read16(I2C_PORT_CHARGER, I2C_ADDR_CHARGER, offset, value);
54 }
55
56 static inline int raw_write16(int offset, int value)
57 {
58 return i2c_write16(I2C_PORT_CHARGER, I2C_ADDR_CHARGER, offset, value);
** CID 1353309: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 260 in gpio_command_get()
________________________________________________________________________________________________________
*** CID 1353309: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 260 in gpio_command_get()
254 args->response_size = sizeof(r_v1->get_count);
255 break;
256 case EC_GPIO_GET_INFO:
257 if (p_v1->get_info.index >= GPIO_COUNT)
258 return EC_RES_ERROR;
259
>>> CID 1353309: Memory - corruptions (OVERRUN)
>>> Assigning: "i" = "(*p_v1).get_info.index". The value of "i" may now be up to 77.
260 i = p_v1->get_info.index;
261 len = strlen(g[i].name);
262 memcpy(r_v1->get_info.name, g[i].name, len+1);
263 r_v1->get_info.val = gpio_get_level(i);
264 r_v1->get_info.flags = g[i].flags;
265 args->response_size = sizeof(r_v1->get_info);
** CID 1353308: Memory - illegal accesses (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 261 in gpio_command_get()
________________________________________________________________________________________________________
*** CID 1353308: Memory - illegal accesses (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 261 in gpio_command_get()
255 break;
256 case EC_GPIO_GET_INFO:
257 if (p_v1->get_info.index >= GPIO_COUNT)
258 return EC_RES_ERROR;
259
260 i = p_v1->get_info.index;
>>> CID 1353308: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 73 16-byte elements at element index 77 (byte offset 1232) by dereferencing pointer "g + i".
261 len = strlen(g[i].name);
262 memcpy(r_v1->get_info.name, g[i].name, len+1);
263 r_v1->get_info.val = gpio_get_level(i);
264 r_v1->get_info.flags = g[i].flags;
265 args->response_size = sizeof(r_v1->get_info);
266 break;
** CID 1353307: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 169 in command_gpio_get()
________________________________________________________________________________________________________
*** CID 1353307: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 169 in command_gpio_get()
163 ccprintf(" %d%c %s\n", v, (changed ? '*' : ' '), g->name);
164
165 return EC_SUCCESS;
166 }
167
168 /* Otherwise print them all */
>>> CID 1353307: Memory - corruptions (OVERRUN)
>>> Checking "i < GPIO_COUNT" implies that "i" may be up to 77 on the true branch.
169 for (i = 0; i < GPIO_COUNT; i++, g++) {
170 if (!g->mask)
171 continue; /* Skip unsupported signals */
172
173 v = gpio_get_level(i);
174 changed = last_val_changed(i, v);
** CID 1353306: Memory - illegal accesses (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 170 in command_gpio_get()
________________________________________________________________________________________________________
*** CID 1353306: Memory - illegal accesses (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 170 in command_gpio_get()
164
165 return EC_SUCCESS;
166 }
167
168 /* Otherwise print them all */
169 for (i = 0; i < GPIO_COUNT; i++, g++) {
>>> CID 1353306: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 73 16-byte elements at element index 77 (byte offset 1232) by dereferencing pointer "g".
170 if (!g->mask)
171 continue; /* Skip unsupported signals */
172
173 v = gpio_get_level(i);
174 changed = last_val_changed(i, v);
175 ccprintf(" %d%c %s\n", v, (changed ? '*' : ' '), g->name);
** CID 1353305: Memory - illegal accesses (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 33 in find_signal_by_name()
________________________________________________________________________________________________________
*** CID 1353305: Memory - illegal accesses (OVERRUN)
/3rdparty/chromeec/common/gpio.c: 33 in find_signal_by_name()
27 int i;
28
29 if (!name || !*name)
30 return GPIO_COUNT;
31
32 for (i = 0; i < GPIO_COUNT; i++, g++) {
>>> CID 1353305: Memory - illegal accesses (OVERRUN)
>>> Overrunning array of 73 16-byte elements at element index 77 (byte offset 1232) by dereferencing pointer "g".
33 if (g->mask && !strcasecmp(name, g->name))
34 return i;
35 }
36
37 return GPIO_COUNT;
38 }
** CID 1353283: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353283: (OVERRUN)
/3rdparty/chromeec/board/strago/led.c: 72 in led_set_brightness()
66 brightness_range[EC_LED_COLOR_GREEN] = 100;
67 }
68
69 int led_set_brightness(enum ec_led_id led_id, const uint8_t *brightness)
70 {
71 pwm_set_duty(PWM_CH_LED_RED, brightness[EC_LED_COLOR_RED]);
>>> CID 1353283: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_BLUE" in call to "pwm_set_duty".
72 pwm_set_duty(PWM_CH_LED_BLUE, brightness[EC_LED_COLOR_BLUE]);
73 pwm_set_duty(PWM_CH_LED_GREEN, brightness[EC_LED_COLOR_GREEN]);
74 return EC_SUCCESS;
75 }
76
77 static void strago_led_set_power(void)
/3rdparty/chromeec/board/strago/led.c: 73 in led_set_brightness()
67 }
68
69 int led_set_brightness(enum ec_led_id led_id, const uint8_t *brightness)
70 {
71 pwm_set_duty(PWM_CH_LED_RED, brightness[EC_LED_COLOR_RED]);
72 pwm_set_duty(PWM_CH_LED_BLUE, brightness[EC_LED_COLOR_BLUE]);
>>> CID 1353283: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_GREEN" in call to "pwm_set_duty".
73 pwm_set_duty(PWM_CH_LED_GREEN, brightness[EC_LED_COLOR_GREEN]);
74 return EC_SUCCESS;
75 }
76
77 static void strago_led_set_power(void)
78 {
/3rdparty/chromeec/board/rambi/led.c: 58 in led_set_brightness()
52 brightness_range[EC_LED_COLOR_RED] = 100;
53 brightness_range[EC_LED_COLOR_GREEN] = 100;
54 }
55
56 int led_set_brightness(enum ec_led_id led_id, const uint8_t *brightness)
57 {
>>> CID 1353283: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_RED" in call to "pwm_set_duty".
58 pwm_set_duty(PWM_CH_LED_RED, brightness[EC_LED_COLOR_RED]);
59 pwm_set_duty(PWM_CH_LED_GREEN, brightness[EC_LED_COLOR_GREEN]);
60 return EC_SUCCESS;
61 }
62
63 static void led_init(void)
** CID 1353282: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353282: (OVERRUN)
/3rdparty/chromeec/board/strago/led.c: 138 in led_init()
132 /*
133 * Enable PWMs and set to 0% duty cycle. If they're disabled,
134 * seems to ground the pins instead of letting them float.
135 */
136 pwm_enable(PWM_CH_LED_RED, 1);
137 pwm_enable(PWM_CH_LED_GREEN, 1);
>>> CID 1353282: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_BLUE" in call to "pwm_enable".
138 pwm_enable(PWM_CH_LED_BLUE, 1);
139
140 set_color(LED_OFF);
141 }
142 DECLARE_HOOK(HOOK_INIT, led_init, HOOK_PRIO_DEFAULT);
143
/3rdparty/chromeec/board/strago/led.c: 137 in led_init()
131 {
132 /*
133 * Enable PWMs and set to 0% duty cycle. If they're disabled,
134 * seems to ground the pins instead of letting them float.
135 */
136 pwm_enable(PWM_CH_LED_RED, 1);
>>> CID 1353282: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_GREEN" in call to "pwm_enable".
137 pwm_enable(PWM_CH_LED_GREEN, 1);
138 pwm_enable(PWM_CH_LED_BLUE, 1);
139
140 set_color(LED_OFF);
141 }
142 DECLARE_HOOK(HOOK_INIT, led_init, HOOK_PRIO_DEFAULT);
/3rdparty/chromeec/board/rambi/led.c: 69 in led_init()
63 static void led_init(void)
64 {
65 /*
66 * Enable PWMs and set to 0% duty cycle. If they're disabled, the LM4
67 * seems to ground the pins instead of letting them float.
68 */
>>> CID 1353282: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_RED" in call to "pwm_enable".
69 pwm_enable(PWM_CH_LED_RED, 1);
70 pwm_enable(PWM_CH_LED_GREEN, 1);
71 set_color(LED_OFF);
72 }
73 DECLARE_HOOK(HOOK_INIT, led_init, HOOK_PRIO_DEFAULT);
74
** CID 1353281: (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353281: (OVERRUN)
/3rdparty/chromeec/board/strago/led.c: 58 in set_color()
52 *
53 * @param color Enumerated color value
54 */
55 static void set_color(enum led_color color)
56 {
57 pwm_set_duty(PWM_CH_LED_RED, color_brightness[color][0]);
>>> CID 1353281: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_BLUE" in call to "pwm_set_duty".
58 pwm_set_duty(PWM_CH_LED_BLUE, color_brightness[color][1]);
59 pwm_set_duty(PWM_CH_LED_GREEN, color_brightness[color][2]);
60 }
61
62 void led_get_brightness_range(enum ec_led_id led_id, uint8_t *brightness_range)
63 {
/3rdparty/chromeec/board/strago/led.c: 59 in set_color()
53 * @param color Enumerated color value
54 */
55 static void set_color(enum led_color color)
56 {
57 pwm_set_duty(PWM_CH_LED_RED, color_brightness[color][0]);
58 pwm_set_duty(PWM_CH_LED_BLUE, color_brightness[color][1]);
>>> CID 1353281: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_GREEN" in call to "pwm_set_duty".
59 pwm_set_duty(PWM_CH_LED_GREEN, color_brightness[color][2]);
60 }
61
62 void led_get_brightness_range(enum ec_led_id led_id, uint8_t *brightness_range)
63 {
64 brightness_range[EC_LED_COLOR_RED] = 100;
/3rdparty/chromeec/board/rambi/led.c: 46 in set_color()
40 * Set LED color
41 *
42 * @param color Enumerated color value
43 */
44 static void set_color(enum led_color color)
45 {
>>> CID 1353281: (OVERRUN)
>>> Overrunning callee's array of size 1 by passing argument "PWM_CH_LED_RED" in call to "pwm_set_duty".
46 pwm_set_duty(PWM_CH_LED_RED, color_brightness[color][0]);
47 pwm_set_duty(PWM_CH_LED_GREEN, color_brightness[color][1]);
48 }
49
50 void led_get_brightness_range(enum ec_led_id led_id, uint8_t *brightness_range)
51 {
** CID 1353260: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353260: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/power/skylake.c: 164 in handle_slp_sus()
158 {
159 /* If we're down or going down don't do anythin with SLP_SUS_L. */
160 if (state == POWER_G3 || state == POWER_S5G3)
161 return;
162
163 /* Always mimic PCH SLP_SUS request for all other states. */
>>> CID 1353260: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 73 by passing argument "GPIO_PMIC_SLP_SUS_L" in call to "gpio_set_level".
164 gpio_set_level(GPIO_PMIC_SLP_SUS_L, gpio_get_level(GPIO_PCH_SLP_SUS_L));
165 }
166
167 #ifdef CONFIG_BOARD_HAS_RTC_RESET
168 static enum power_state power_wait_s5_rtc_reset(void)
169 {
** CID 1353259: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1353259: Memory - corruptions (OVERRUN)
/3rdparty/chromeec/power/skylake.c: 79 in chipset_force_g3()
73 }
74
75 static void chipset_force_g3(void)
76 {
77 CPRINTS("Forcing fake G3.");
78
>>> CID 1353259: Memory - corruptions (OVERRUN)
>>> Overrunning callee's array of size 73 by passing argument "GPIO_PMIC_SLP_SUS_L" in call to "gpio_set_level".
79 gpio_set_level(GPIO_PMIC_SLP_SUS_L, 0);
80 }
81
82 void chipset_reset(int cold_reset)
83 {
84 CPRINTS("%s(%d)", __func__, cold_reset);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/coreboot?tab=overview
To manage Coverity Scan email notifications for "coreboot at coreboot.org", click https://scan.coverity.com/subscriptions/edit?email=coreboot%40coreboot.org&token=49533df725f93b78361afb7b89ccde93
More information about the coreboot
mailing list