From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Fri, 12 Apr 2019 16:31:34 -0700 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C1F613082B44; Fri, 12 Apr 2019 23:31:33 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-65.rdu2.redhat.com [10.10.120.65]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4CB7760606; Fri, 12 Apr 2019 23:31:31 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: Anthony Perard , Ard Biesheuvel , Bob Feng , Jordan Justen , Julien Grall , Liming Gao , Michael D Kinney , Yonghong Zhu Subject: [PATCH 00/10] patches for some warnings raised by "RH covscan" Date: Sat, 13 Apr 2019 01:31:18 +0200 Message-Id: <20190412233128.4756-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Fri, 12 Apr 2019 23:31:33 +0000 (UTC) Content-Transfer-Encoding: quoted-printable Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1710 Repo: https://github.com/lersek/edk2.git Branch: covscan_bz_1710 "covscan" is an internal service at Red Hat that lets associates run static analysis tools on Fedora/RHEL packages. It drives a number of static analyzers. While covscan's existence is not "secret" (if you google it, you get a bunch of hits in the Red Hat Bugzilla), I can *not* use or offer covscan as a general upstream tool; for that the TianoCore community will have to build its own service / environment. Anyway, "covscan" happened to drop a bunch of reports on me for... "reasons", and so I turned a short 10 hour workday into yet anoher normal 15 hour workday (stealing some free time whence there was none) in order to do something, up-stream, about the warnings that affected OvmfPkg. No claim is made about the completeness of the scan's coverage. Some of the patches seek to suppress warnings, some strive to remedy valid-looking issues. We should not spend much time on this series. Cc: Anthony Perard Cc: Ard Biesheuvel Cc: Bob Feng Cc: Jordan Justen Cc: Julien Grall Cc: Liming Gao Cc: Michael D Kinney Cc: Yonghong Zhu Thanks Laszlo Laszlo Ersek (10): MdePkg/PiFirmwareFile: express IS_SECTION2 in terms of SECTION_SIZE MdePkg/PiFirmwareFile: fix undefined behavior in SECTION_SIZE BaseTools/PiFirmwareFile: fix undefined behavior in SECTION_SIZE MdePkg/PiFirmwareFile: fix undefined behavior in FFS_FILE_SIZE OvmfPkg/Sec: fix out-of-bounds reads OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer OvmfPkg/AcpiPlatformDxe: suppress invalid "deref of undef pointer" warning OvmfPkg: suppress "Value stored to ... is never read" analyzer warnings OvmfPkg/AcpiPlatformDxe: catch theoretical nullptr deref in Xen code OvmfPkg/BasePciCapLib: suppress invalid "nullptr deref" warning BaseTools/Source/C/Include/Common/PiFirmwareFile.h | 7 +++++= - MdePkg/Include/Pi/PiFirmwareFile.h | 26 +++++= +++++++++++---- OvmfPkg/AcpiPlatformDxe/AcpiPlatform.c | 7 +++++= + OvmfPkg/AcpiPlatformDxe/Xen.c | 14 +++++= +++++- OvmfPkg/Library/BasePciCapLib/BasePciCapLib.c | 7 +++++= + OvmfPkg/Library/PlatformBootManagerLib/QemuKernel.c | 5 ++++ OvmfPkg/Library/SerializeVariablesLib/SerializeVariablesLib.c | 4 +++ OvmfPkg/Library/VirtioLib/VirtioLib.c | 5 ++++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockService.c | 5 ++++ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/FwBlockServiceDxe.c | 5 ++++ OvmfPkg/QemuVideoDxe/VbeShim.c | 2 +- OvmfPkg/SataControllerDxe/SataController.c | 5 ++++ OvmfPkg/Sec/SecMain.c | 6 ++--- OvmfPkg/VirtioGpuDxe/Gop.c | 6 +++++ OvmfPkg/VirtioNetDxe/SnpReceive.c | 5 ++++ 15 files changed, 98 insertions(+), 11 deletions(-) --=20 2.19.1.3.g30247aa5d201