New Defects reported by Coverity Scan for RTEMS

scan-admin at coverity.com scan-admin at coverity.com
Tue Jan 6 00:13:53 UTC 2026 

Hi,

Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan.

3 new defect(s) introduced to RTEMS found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1679602:         (RESOURCE_LEAK)
/bsps/shared/dev/flash/flash_sim_flashdev.c: 426           in flash_sim_flashdev_init()
/bsps/shared/dev/flash/flash_sim_flashdev.c: 418           in flash_sim_flashdev_init()


_____________________________________________________________________________________________
*** CID 1679602:           (RESOURCE_LEAK)
/bsps/shared/dev/flash/flash_sim_flashdev.c: 426             in flash_sim_flashdev_init()
420       memset( ntable->area, 0xff, total_pages * ntable->attr.page_size_bytes );
421     
422       if ( ntable->attr.type == RTEMS_FLASHDEV_NAND ) {
423         ntable->oob = flashdev_malloc( &ntable->attr, total_pages * ntable->attr.page_oob_bytes );
424         if ( ntable->oob == NULL ) {
425           free_nand_priv( ntable );
>>>     CID 1679602:           (RESOURCE_LEAK)
>>>     Variable "ftable" going out of scope leaks the storage it points to.
426           return NULL;
427         }
428         memset( ntable->oob, 0xff, total_pages * ntable->attr.page_oob_bytes );
429       }
430     
431       ftable->regions = &ntable->regions[ 0 ];
/bsps/shared/dev/flash/flash_sim_flashdev.c: 418             in flash_sim_flashdev_init()
412     
413       total_pages = ntable->attr.total_sectors * ntable->attr.pages_per_sector;
414     
415       ntable->area = flashdev_malloc( &ntable->attr, total_pages * ntable->attr.page_size_bytes );
416       if ( ntable->area == NULL ) {
417         free_nand_priv( ntable );
>>>     CID 1679602:           (RESOURCE_LEAK)
>>>     Variable "ftable" going out of scope leaks the storage it points to.
418         return NULL;
419       }
420       memset( ntable->area, 0xff, total_pages * ntable->attr.page_size_bytes );
421     
422       if ( ntable->attr.type == RTEMS_FLASHDEV_NAND ) {
423         ntable->oob = flashdev_malloc( &ntable->attr, total_pages * ntable->attr.page_oob_bytes );

** CID 1679601:       Integer handling issues  (DIVIDE_BY_ZERO)
/bsps/shared/dev/nor/config-parser.c: 193           in rtems_flash_CFI_parse_from_buffer()


_____________________________________________________________________________________________
*** CID 1679601:         Integer handling issues  (DIVIDE_BY_ZERO)
/bsps/shared/dev/nor/config-parser.c: 193             in rtems_flash_CFI_parse_from_buffer()
187       }
188     
189       if (num_regions == 1) {
190         /* Device size for at least s25fl512s is off by 1, calculate with sectors */
191         data->device_size = data->num_sectors * data->sector_size;
192       } else {
>>>     CID 1679601:         Integer handling issues  (DIVIDE_BY_ZERO)
>>>     In expression "data->device_size / data->sector_size", division by expression "data->sector_size" which may be zero has undefined behavior.
193         data->num_sectors = data->device_size / data->sector_size;
194       }
195     
196       return RTEMS_SUCCESSFUL;
197     }
198     

** CID 1679600:       Insecure data handling  (TAINTED_SCALAR)
/bsps/shared/dev/nor/config-parser.c: 172           in rtems_flash_CFI_parse_from_buffer()


_____________________________________________________________________________________________
*** CID 1679600:         Insecure data handling  (TAINTED_SCALAR)
/bsps/shared/dev/nor/config-parser.c: 172             in rtems_flash_CFI_parse_from_buffer()
166         return RTEMS_INVALID_ADDRESS;
167       }
168     
169       /* Get largest block */
170       num_regions = bufbyte;
171       data->sector_size = 0;
>>>     CID 1679600:         Insecure data handling  (TAINTED_SCALAR)
>>>     Using tainted variable "num_regions" as a loop boundary.
172       for (region = 0; region < num_regions; ++region) {
173         if (read_config_short(cfi_raw, cfi_raw_len, datalen, 0x2d + (region * 4),
174               &num_sectors_sub)) {
175           return RTEMS_INVALID_ADDRESS;
176         }
177     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/rtems?tab=overview

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/build/attachments/20260106/4afe85e3/attachment.htm>

More information about the build mailing list