From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Thu, 18 Apr 2019 07:20:25 -0700
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 407DB306C3F0;
	Thu, 18 Apr 2019 14:20:19 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-179.rdu2.redhat.com [10.10.120.179])
	by smtp.corp.redhat.com (Postfix) with ESMTP id AC8355C207;
	Thu, 18 Apr 2019 14:20:15 +0000 (UTC)
Subject: Re: [edk2-devel] [PATCH 00/10] patches for some warnings raised by "RH covscan"
From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Anthony Perard <anthony.perard@citrix.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>, Bob Feng <bob.c.feng@intel.com>,
 Jordan Justen <jordan.l.justen@intel.com>,
 Julien Grall <julien.grall@arm.com>, Liming Gao <liming.gao@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Yonghong Zhu <yonghong.zhu@intel.com>
Reply-To: devel@edk2.groups.io, lersek@redhat.com
References: <20190412233128.4756-1-lersek@redhat.com>
Message-ID: <d4c7b994-fc0e-9fe4-e2c4-2b3bba175485@redhat.com>
Date: Thu, 18 Apr 2019 16:20:14 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20190412233128.4756-1-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Thu, 18 Apr 2019 14:20:24 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Based on feedback thus far:

On 04/13/19 01:31, Laszlo Ersek wrote:
> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=1710
> Repo:     https://github.com/lersek/edk2.git
> Branch:   covscan_bz_1710
> 
> "covscan" is an internal service at Red Hat that lets associates run
> static analysis tools on Fedora/RHEL packages. It drives a number of
> static analyzers.
> 
> While covscan's existence is not "secret" (if you google it, you get a
> bunch of hits in the Red Hat Bugzilla), I can *not* use or offer
> covscan as a general upstream tool; for that the TianoCore community
> will have to build its own service / environment.
> 
> Anyway, "covscan" happened to drop a bunch of reports on me for...
> "reasons", and so I turned a short 10 hour workday into yet anoher
> normal 15 hour workday (stealing some free time whence there was none)
> in order to do something, up-stream, about the warnings that affected
> OvmfPkg. No claim is made about the completeness of the scan's
> coverage.
> 
> Some of the patches seek to suppress warnings, some strive to remedy
> valid-looking issues. We should not spend much time on this series.
> 
> Cc: Anthony Perard <anthony.perard@citrix.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Bob Feng <bob.c.feng@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Julien Grall <julien.grall@arm.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Yonghong Zhu <yonghong.zhu@intel.com>
> 
> Thanks
> Laszlo
> 
> Laszlo Ersek (10):

I'll submit a v2 subseries with the first 5 patches:

>   MdePkg/PiFirmwareFile: express IS_SECTION2 in terms of SECTION_SIZE
>   MdePkg/PiFirmwareFile: fix undefined behavior in SECTION_SIZE
>   BaseTools/PiFirmwareFile: fix undefined behavior in SECTION_SIZE
>   MdePkg/PiFirmwareFile: fix undefined behavior in FFS_FILE_SIZE
>   OvmfPkg/Sec: fix out-of-bounds reads

This is because patches 2 through 4 have to be reworked, and patches 1
and 5 make no real sense without 2-4.

Regarding the rest (6-10):

>   OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer
>   OvmfPkg/AcpiPlatformDxe: suppress invalid "deref of undef pointer"
>     warning
>   OvmfPkg: suppress "Value stored to ... is never read" analyzer
>     warnings
>   OvmfPkg/AcpiPlatformDxe: catch theoretical nullptr deref in Xen code
>   OvmfPkg/BasePciCapLib: suppress invalid "nullptr deref" warning

I've dropped patch 8 because both Jordan and I dislike it quite a bit,
and it only aims to suppress invalid warnings. I can do that in RH
covscan too.

I've pushed the rest (6-7 and 9-10) with Ard's A-b, and also picked up
Phil's R-b wherever he posted it (933f1990f583..c2f643479eb3):

     1  52d229238b2d OvmfPkg/QemuVideoDxe: avoid arithmetic on null pointer
     2  dc5bbf10741c OvmfPkg/AcpiPlatformDxe: suppress invalid "deref of undef pointer" warning
     3  e30991740d18 OvmfPkg/AcpiPlatformDxe: catch theoretical nullptr deref in Xen code
     4  c2f643479eb3 OvmfPkg/BasePciCapLib: suppress invalid "nullptr deref" warning

Thanks,
Laszlo