[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] coverity-model: replay data is considered trust
From: |
Markus Armbruster |
Subject: |
Re: [Qemu-devel] [PATCH] coverity-model: replay data is considered trusted |
Date: |
Tue, 15 May 2018 16:33:38 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Paolo Bonzini <address@hidden> writes:
> On 15/05/2018 14:00, Markus Armbruster wrote:
>> Paolo Bonzini <address@hidden> writes:
>>
>>> Replay data is not considered a possible attack vector; add a model that
>>> does not use getc so that "tainted data" warnings are suppressed.
>>>
>>> Signed-off-by: Paolo Bonzini <address@hidden>
>>> ---
>>> scripts/coverity-model.c | 13 +++++++++++++
>>> 1 file changed, 13 insertions(+)
>>>
>>> diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
>>> index c702804f41..576f48de33 100644
>>> --- a/scripts/coverity-model.c
>>> +++ b/scripts/coverity-model.c
>>> @@ -103,6 +103,19 @@ static int get_keysym(const name2keysym_t *table,
>> /* Tainting */
>>
>> typedef struct {} name2keysym_t;
>> static int get_keysym(const name2keysym_t *table,
>> const char *name)
>> {
>> int result;
>> if (result > 0) {
>> __coverity_tainted_string_sanitize_content__(name);
>> return result;
>> } else {
>> return 0;
>>> }
>>> }
>>>
>>> +
>>
>> Does the new model go under /* Tainting */ ?
>
> Yes, it does. Any chance you can do the change yourself?...
Gladly :)
Reviewed-by: Markus Armbruster <address@hidden>