Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :219668] Dereference after null check in drivers/espi/host_subs_npcx.c #33024

Closed
zephyrbot opened this issue Mar 7, 2021 · 1 comment · Fixed by #33166
Closed

[Coverity CID :219668] Dereference after null check in drivers/espi/host_subs_npcx.c #33024

zephyrbot opened this issue Mar 7, 2021 · 1 comment · Fixed by #33166
Assignees
@MulinChao
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https:/zephyrproject-rtos/zephyr/tree/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/drivers/espi/host_subs_npcx.c#L801

Category: Null pointer dereferences
Function: npcx_host_periph_write_request
Component: Drivers
CID: 219668

Details:

https:/zephyrproject-rtos/zephyr/blob/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/drivers/espi/host_subs_npcx.c

829                 /* FW shouldn't modify these flags directly */
830                 *data &= ~NPCX_KBC_STS_MASK;
831                 inst_kbc->HIKMST |= *data;
832                 break;
833             case E8042_CLEAR_FLAG:
834                 /* FW shouldn't modify these flags directly */
>>>     CID 219668:    (FORWARD_NULL)
>>>     Dereferencing null pointer "data".
835                 *data &= ~NPCX_KBC_STS_MASK;
836                 inst_kbc->HIKMST &= ~(*data);
837                 break;
838             default:
839                 return -EINVAL;
840             }
803                  * Enable KBC OBE interrupt after putting data in
804                  * keyboard data register.
805                  */
806                 inst_kbc->HICTRL |= BIT(NPCX_HICTRL_OBECIE);
807                 break;
808             case E8042_WRITE_MB_CHAR:
>>>     CID 219668:    (FORWARD_NULL)
>>>     Dereferencing null pointer "data".
809                 inst_kbc->HIMDO = *data & 0xff;
810                 /*
811                  * Enable KBC OBE interrupt after putting data in
812                  * mouse data register.
813                  */
814                 inst_kbc->HICTRL |= BIT(NPCX_HICTRL_OBECIE);
824             case E8042_CLEAR_OBF:
825                 /* Clear OBF flag in both STATUS and HIKMST to 0 */
826                 inst_kbc->HICTRL |= BIT(NPCX_HICTRL_FW_OBF);
827                 break;
828             case E8042_SET_FLAG:
829                 /* FW shouldn't modify these flags directly */
>>>     CID 219668:    (FORWARD_NULL)
>>>     Dereferencing null pointer "data".
830                 *data &= ~NPCX_KBC_STS_MASK;
831                 inst_kbc->HIKMST |= *data;
832                 break;
833             case E8042_CLEAR_FLAG:
834                 /* FW shouldn't modify these flags directly */
835                 *data &= ~NPCX_KBC_STS_MASK;
795                 LOG_INF("%s: op 0x%x data %x", __func__, op, *data);
796             else
797                 LOG_INF("%s: op 0x%x only", __func__, op);
798    
799             switch (op) {
800             case E8042_WRITE_KB_CHAR:
>>>     CID 219668:    (FORWARD_NULL)
>>>     Dereferencing null pointer "data".
801                 inst_kbc->HIKDO = *data & 0xff;
802                 /*
803                  * Enable KBC OBE interrupt after putting data in
804                  * keyboard data register.
805                  */
806                 inst_kbc->HICTRL |= BIT(NPCX_HICTRL_OBECIE);

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Mar 7, 2021
@nashif nashif assigned MulinChao and unassigned albertofloyd and scottwcpg Mar 7, 2021
@MulinChao
Copy link
Collaborator

If my assumption is correct, the driver shouldn't change data content in line 830 and refer it in the other section line 809. If so, I will submit a PR to declare 'data' as const pointer and add related modifications.

BTW, I have no permission to access https://scan9.coverity.com/reports.htm#v32951/p12996. Do I need to do something for authority?

@MulinChao MulinChao mentioned this issue Mar 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MulinChao MulinChao

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

driver: espi: npcx: prevent changing data content in host write func. MulinChao/zephyr
4 participants
@albertofloyd @zephyrbot @scottwcpg @MulinChao