|
From: | Paolo Bonzini |
Subject: | Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions |
Date: | Mon, 2 Aug 2021 18:20:55 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
On 02/08/21 14:36, Peter Maydell wrote:
Reviewed-by: Peter Maydell<peter.maydell@linaro.org> The real g_malloc_n() returns failure if the multiplication would overflow; I guess Coverity currently doesn't have any warnings it generates as a result of assuming overflow might happen?
I couldn't find any Coverity-specific way to detect overflow, but making nmemb a tainted sink could be an interesting way to ensure that untrusted data does not end up causing such a failure.
Likewise, we should try making __bufwrite taint the buffer it is writing to; there's already a TODO for that but I never followed up on it.
Paolo
[Prev in Thread] | Current Thread | [Next in Thread] |