Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :219660] Untrusted divisor in drivers/sensor/bme680/bme680.c #33029

Closed
zephyrbot opened this issue Mar 7, 2021 · 3 comments
Closed

[Coverity CID :219660] Untrusted divisor in drivers/sensor/bme680/bme680.c #33029

zephyrbot opened this issue Mar 7, 2021 · 3 comments
Assignees
@MaureenHelm @gmarull
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Milestone
v2.6.0

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/bd97359a5338b2542d19011b6d6aa1d8d1b9cc3f/drivers/sensor/bme680/bme680.c#L382

Category: Insecure data handling
Function: bme680_chip_init
Component: Drivers
CID: 219660

Details:

zephyr/drivers/sensor/bme680/bme680.c

Line 382 in bd97359

err = bme680_reg_write(data, BME680_REG_RES_HEAT0, 

376         err = bme680_reg_write(data, BME680_REG_CTRL_GAS_1,
377                        BME680_CTRL_GAS_1_VAL);
378         if (err < 0) {
379             return err;
380         }
381    
>>>     CID 219660:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "data->res_heat_val" to "bme680_calc_res_heat", which uses it as a divisor or modulus.
382         err = bme680_reg_write(data, BME680_REG_RES_HEAT0,
383                        bme680_calc_res_heat(data, BME680_HEATR_TEMP));
384         if (err < 0) {
385             return err;
386         }
387

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Mar 7, 2021
@MaureenHelm
Copy link
Member

@boschsensortec will you please take a look?

@github-actions
Copy link

github-actions bot commented May 9, 2021

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.

@github-actions github-actions bot added the Stale label May 9, 2021
@galak galak added this to the v2.6.0 milestone May 11, 2021
@nashif nashif removed the Stale label May 17, 2021
@gmarull
Copy link
Member

gmarull commented May 21, 2021

It turned out to be a false positive, so closing.

Details provided in the coverity issue:

Because var5 is used as a divisor, it could be a problem if it is zero. However, var5 will never be zero. It is the result of the expression:

var5 = (131 * data->res_head_val) + 65536.

The minimum value data->res_head_val can take is -128 (int8_t), which leads to var5 = -48768. Even if it was an int16_t or int32_t, 131 is not a divisor of 65536, so var5 would never be zero.

@gmarull gmarull closed this as completed May 21, 2021
@gmarull gmarull self-assigned this May 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MaureenHelm MaureenHelm

@gmarull gmarull

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
v2.6.0
Development

No branches or pull requests
5 participants
@nashif @MaureenHelm @galak @gmarull @zephyrbot