[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] coverity-model: replay data is considered trust
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH] coverity-model: replay data is considered trusted |
Date: |
Tue, 15 May 2018 14:06:19 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
On 15/05/2018 14:00, Markus Armbruster wrote:
> Paolo Bonzini <address@hidden> writes:
>
>> Replay data is not considered a possible attack vector; add a model that
>> does not use getc so that "tainted data" warnings are suppressed.
>>
>> Signed-off-by: Paolo Bonzini <address@hidden>
>> ---
>> scripts/coverity-model.c | 13 +++++++++++++
>> 1 file changed, 13 insertions(+)
>>
>> diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
>> index c702804f41..576f48de33 100644
>> --- a/scripts/coverity-model.c
>> +++ b/scripts/coverity-model.c
>> @@ -103,6 +103,19 @@ static int get_keysym(const name2keysym_t *table,
> /* Tainting */
>
> typedef struct {} name2keysym_t;
> static int get_keysym(const name2keysym_t *table,
> const char *name)
> {
> int result;
> if (result > 0) {
> __coverity_tainted_string_sanitize_content__(name);
> return result;
> } else {
> return 0;
>> }
>> }
>>
>> +
>
> Does the new model go under /* Tainting */ ?
Yes, it does. Any chance you can do the change yourself?...
Paolo
> If yes, I'd like to have just one blank line here.
>
>> +/* Replay data is considered trusted. */
>
> If no, I'd like to insert one here.
>
>> +uint8_t replay_get_byte(void)
>> +{
>> + uint8_t byte = 0;
>> + if (replay_file) {
>> + uint8_t c;
>> + byte = c;
>> + }
>> + return byte;
>> +}
>> +
>> +
>> /*
>> * GLib memory allocation functions.
>> *