Re: [PATCH 4/6] coverity-model: clean up the models for array allocation

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/6] coverity-model: clean up the models for array allocation

From:	Paolo Bonzini
Subject:	Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions
Date:	Mon, 2 Aug 2021 18:20:55 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0

On 02/08/21 14:36, Peter Maydell wrote:

Reviewed-by: Peter Maydell<peter.maydell@linaro.org>

The real g_malloc_n() returns failure if the multiplication
would overflow; I guess Coverity currently doesn't have any
warnings it generates as a result of assuming overflow
might happen?

I couldn't find any Coverity-specific way to detect overflow, but makingnmemb a tainted sink could be an interesting way to ensure thatuntrusted data does not end up causing such a failure.

Likewise, we should try making __bufwrite taint the buffer it is writingto; there's already a TODO for that but I never followed up on it.


Paolo

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions, Peter Maydell, 2021/08/02
- Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions, Paolo Bonzini <=
  - Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions, Markus Armbruster, 2021/08/04
    - Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions, Peter Maydell, 2021/08/04

Prev by Date: [PULL 8/8] coverity-model: write models fully for non-array allocation functions
Next by Date: Re: [PATCH 0/6] Updates for Coverity modeling file
Previous by thread: Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions
Next by thread: Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions
Index(es):
- Date
- Thread