Fix Coverity very high issue with medium impact

Solved static scanned issues including unintentional integer overflow, wrong sizeof argument, Dereference before null check and explicit null dereferenced. Tracked-On: OAM-122933 Signed-off-by: Ni, Erchang <[email protected]>
projectceladon · Aug 3, 2024 · a6cb35b · a6cb35b
1 parent 55e874c
commit a6cb35b
Show file tree

Hide file tree

Showing 2 changed files with 174 additions and 0 deletions.
diff --git a/...w/hardware/intel/kernelflinger/0059-Fix-Coverity-very-high-issue-with-medium-impact.patch b/...w/hardware/intel/kernelflinger/0059-Fix-Coverity-very-high-issue-with-medium-impact.patch
@@ -0,0 +1,87 @@
+From 353871c610e8958688321324ed15da27102b6ef8 Mon Sep 17 00:00:00 2001
+From: "Ni, Erchang" <[email protected]>
+Date: Wed, 31 Jul 2024 09:55:09 +0000
+Subject: [PATCH] Fix Coverity very high issue with medium impact
+
+Tracked-On: OAM-122933
+Signed-off-by: Ni, Erchang <[email protected]>
+---
+ avb/libavb/avb_cmdline.c    | 4 ++++
+ libkernelflinger/gpt.c      | 2 +-
+ libkernelflinger/security.c | 3 +--
+ libkernelflinger/slot_avb.c | 2 +-
+ libsslsupport/wrapper.c     | 3 +--
+ 5 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/avb/libavb/avb_cmdline.c b/avb/libavb/avb_cmdline.c
+index 0fad4d2..3386455 100644
+--- a/avb/libavb/avb_cmdline.c
++++ b/avb/libavb/avb_cmdline.c
+@@ -99,6 +99,10 @@ char* avb_sub_cmdline(AvbOps* ops,
+
+   avb_assert(ret != NULL);
+
++  if (ret == NULL) {
++    goto fail;
++  }
++
+   /* Replace any additional substitutions. */
+   if (additional_substitutions != NULL) {
+     for (n = 0; n < additional_substitutions->size; ++n) {
+diff --git a/libkernelflinger/gpt.c b/libkernelflinger/gpt.c
+index 173c722..34ebf42 100644
+--- a/libkernelflinger/gpt.c
++++ b/libkernelflinger/gpt.c
+@@ -742,7 +742,7 @@ static EFI_STATUS gpt_write_partition_tables(void)
+
+ 	gh = &sdisk.gpt_hd;
+
+-	entries_size = gh->number_of_entries * gh->size_of_entry;
++	entries_size = (UINT64)gh->number_of_entries * gh->size_of_entry;
+ 	gh->my_lba = 1;
+ 	gh->alternate_lba = sdisk.bio->Media->LastBlock;
+ 	gh->entries_lba = 2;
+diff --git a/libkernelflinger/security.c b/libkernelflinger/security.c
+index 4264bb6..ce3d3a8 100644
+--- a/libkernelflinger/security.c
++++ b/libkernelflinger/security.c
+@@ -341,8 +341,7 @@ EFI_STATUS update_attestation_ids(IN VOID *vendorbootimage)
+     attestation_ids.serialSize = (strlen(temp_serial) < ATTESTATION_ID_MAX_LENGTH) ? strlen(temp_serial) : ATTESTATION_ID_MAX_LENGTH;
+     CopyMem(attestation_ids.serial, temp_serial, attestation_ids.serialSize);
+
+-    if(configChar)
+-        FreePool(configChar);
++    FreePool(configChar);
+
+     return ret;
+ }
+diff --git a/libkernelflinger/slot_avb.c b/libkernelflinger/slot_avb.c
+index 336dcf0..6e0cc3e 100644
+--- a/libkernelflinger/slot_avb.c
++++ b/libkernelflinger/slot_avb.c
+@@ -231,7 +231,7 @@ EFI_STATUS slot_init(void)
+
+ 	for (i = 0; i < MAX_NB_SLOT; i++) {
+ 		suffixes[i] = _suffixes + i * sizeof(SUFFIX_FMT);
+-		efi_snprintf((CHAR8 *)suffixes[i], sizeof(suffixes[i]),
++		efi_snprintf((CHAR8 *)suffixes[i], sizeof(SUFFIX_FMT),
+ 			     (CHAR8 *)SUFFIX_FMT, SLOT_START_CHAR + i);
+ 	}
+
+diff --git a/libsslsupport/wrapper.c b/libsslsupport/wrapper.c
+index a6e2a13..ca482c8 100644
+--- a/libsslsupport/wrapper.c
++++ b/libsslsupport/wrapper.c
+@@ -420,8 +420,7 @@ struct tm *gmtime_r(const int64_t *timep, struct tm *tmp)
+ 		int leapdays;
+
+ 		tdelta = tdays / DAYSPERLYEAR;
+-		if (! ((! TYPE_SIGNED(int64_t) || INT_MIN <= tdelta)
+-		       && tdelta <= INT_MAX))
++		if (tdelta < INT_MIN || tdelta > INT_MAX)
+ 			return NULL;
+ 		idelta = tdelta;
+ 		if (idelta == 0)
+-- 
+2.34.1
+
diff --git a/...s/hardware/intel/kernelflinger/0059-Fix-Coverity-very-high-issue-with-medium-impact.patch b/...s/hardware/intel/kernelflinger/0059-Fix-Coverity-very-high-issue-with-medium-impact.patch
@@ -0,0 +1,87 @@
+From 353871c610e8958688321324ed15da27102b6ef8 Mon Sep 17 00:00:00 2001
+From: "Ni, Erchang" <[email protected]>
+Date: Wed, 31 Jul 2024 09:55:09 +0000
+Subject: [PATCH] Fix Coverity very high issue with medium impact
+
+Tracked-On: OAM-122933
+Signed-off-by: Ni, Erchang <[email protected]>
+---
+ avb/libavb/avb_cmdline.c    | 4 ++++
+ libkernelflinger/gpt.c      | 2 +-
+ libkernelflinger/security.c | 3 +--
+ libkernelflinger/slot_avb.c | 2 +-
+ libsslsupport/wrapper.c     | 3 +--
+ 5 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/avb/libavb/avb_cmdline.c b/avb/libavb/avb_cmdline.c
+index 0fad4d2..3386455 100644
+--- a/avb/libavb/avb_cmdline.c
++++ b/avb/libavb/avb_cmdline.c
+@@ -99,6 +99,10 @@ char* avb_sub_cmdline(AvbOps* ops,
+
+   avb_assert(ret != NULL);
+
++  if (ret == NULL) {
++    goto fail;
++  }
++
+   /* Replace any additional substitutions. */
+   if (additional_substitutions != NULL) {
+     for (n = 0; n < additional_substitutions->size; ++n) {
+diff --git a/libkernelflinger/gpt.c b/libkernelflinger/gpt.c
+index 173c722..34ebf42 100644
+--- a/libkernelflinger/gpt.c
++++ b/libkernelflinger/gpt.c
+@@ -742,7 +742,7 @@ static EFI_STATUS gpt_write_partition_tables(void)
+
+ 	gh = &sdisk.gpt_hd;
+
+-	entries_size = gh->number_of_entries * gh->size_of_entry;
++	entries_size = (UINT64)gh->number_of_entries * gh->size_of_entry;
+ 	gh->my_lba = 1;
+ 	gh->alternate_lba = sdisk.bio->Media->LastBlock;
+ 	gh->entries_lba = 2;
+diff --git a/libkernelflinger/security.c b/libkernelflinger/security.c
+index 4264bb6..ce3d3a8 100644
+--- a/libkernelflinger/security.c
++++ b/libkernelflinger/security.c
+@@ -341,8 +341,7 @@ EFI_STATUS update_attestation_ids(IN VOID *vendorbootimage)
+     attestation_ids.serialSize = (strlen(temp_serial) < ATTESTATION_ID_MAX_LENGTH) ? strlen(temp_serial) : ATTESTATION_ID_MAX_LENGTH;
+     CopyMem(attestation_ids.serial, temp_serial, attestation_ids.serialSize);
+
+-    if(configChar)
+-        FreePool(configChar);
++    FreePool(configChar);
+
+     return ret;
+ }
+diff --git a/libkernelflinger/slot_avb.c b/libkernelflinger/slot_avb.c
+index 336dcf0..6e0cc3e 100644
+--- a/libkernelflinger/slot_avb.c
++++ b/libkernelflinger/slot_avb.c
+@@ -231,7 +231,7 @@ EFI_STATUS slot_init(void)
+
+ 	for (i = 0; i < MAX_NB_SLOT; i++) {
+ 		suffixes[i] = _suffixes + i * sizeof(SUFFIX_FMT);
+-		efi_snprintf((CHAR8 *)suffixes[i], sizeof(suffixes[i]),
++		efi_snprintf((CHAR8 *)suffixes[i], sizeof(SUFFIX_FMT),
+ 			     (CHAR8 *)SUFFIX_FMT, SLOT_START_CHAR + i);
+ 	}
+
+diff --git a/libsslsupport/wrapper.c b/libsslsupport/wrapper.c
+index a6e2a13..ca482c8 100644
+--- a/libsslsupport/wrapper.c
++++ b/libsslsupport/wrapper.c
+@@ -420,8 +420,7 @@ struct tm *gmtime_r(const int64_t *timep, struct tm *tmp)
+ 		int leapdays;
+
+ 		tdelta = tdays / DAYSPERLYEAR;
+-		if (! ((! TYPE_SIGNED(int64_t) || INT_MIN <= tdelta)
+-		       && tdelta <= INT_MAX))
++		if (tdelta < INT_MIN || tdelta > INT_MAX)
+ 			return NULL;
+ 		idelta = tdelta;
+ 		if (idelta == 0)
+-- 
+2.34.1
+