Merge branch 'fix/fix_coverity_issues' into 'master'

fix(system): Fixes some false-positive coverity issues

Closes IDF-11768, IDF-11760, and IDF-11740

See merge request espressif/esp-idf!35288

components/bootloader_support/src/bootloader_utility.c

@@ -1234,7 +1234,16 @@ esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len,
 
     while (len > 0) {
         uint32_t mmu_page_offset = ((flash_offset & MMAP_ALIGNED_MASK) != 0) ? 1 : 0; /* Skip 1st MMU Page if it is already populated */
-        uint32_t partial_image_len = MIN(len, ((mmu_free_pages_count - mmu_page_offset) * SPI_FLASH_MMU_PAGE_SIZE)); /* Read the image that fits in the free MMU pages */
+        uint32_t max_pages = (mmu_free_pages_count > mmu_page_offset) ? (mmu_free_pages_count - mmu_page_offset) : 0;
+        if (max_pages == 0) {
+            ESP_LOGE(TAG, "No free MMU pages are available");
+            return ESP_ERR_NO_MEM;
+        }
+        uint32_t max_image_len;
+        if (__builtin_mul_overflow(max_pages, SPI_FLASH_MMU_PAGE_SIZE, &max_image_len)) {
+            max_image_len = UINT32_MAX;
+        }
+        uint32_t partial_image_len = MIN(len, max_image_len); /* Read the image that fits in the free MMU pages */
 
         const void * image = bootloader_mmap(flash_offset, partial_image_len);
         if (image == NULL) {

components/bootloader_support/src/esp_image_format.c

@@ -616,7 +616,16 @@ static esp_err_t process_segment(int index, uint32_t flash_addr, esp_image_segme
 #endif
         uint32_t offset_page = ((data_addr & MMAP_ALIGNED_MASK) != 0) ? 1 : 0;
         /* Data we could map in case we are not aligned to PAGE boundary is one page size lesser. */
-        data_len = MIN(data_len_remain, ((free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE));
+        uint32_t max_pages = (free_page_count > offset_page) ? (free_page_count - offset_page) : 0;
+        if (max_pages == 0) {
+            ESP_LOGE(TAG, "No free MMU pages are available");
+            return ESP_ERR_NO_MEM;
+        }
+        uint32_t max_image_len;
+        if (__builtin_mul_overflow(max_pages, SPI_FLASH_MMU_PAGE_SIZE, &max_image_len)) {
+            max_image_len = UINT32_MAX;
+        }
+        data_len = MIN(data_len_remain, max_image_len);
         CHECK_ERR(process_segment_data(index, load_addr, data_addr, data_len, do_load, sha_handle, checksum, metadata));
         data_addr += data_len;
         data_len_remain -= data_len;

components/esp_system/esp_ipc.c

@@ -89,12 +89,6 @@ static void IRAM_ATTR ipc_task(void* arg)
         }
 #endif // !CONFIG_FREERTOS_UNICORE
     }
-    // TODO: currently this is unreachable code. Introduce esp_ipc_uninit
-    // function which will signal to both tasks that they can shut down.
-    // Not critical at this point, we don't have a use case for stopping
-    // IPC yet.
-    // Also need to delete the semaphore here.
-    vTaskDelete(NULL);
 }
 
 /*