From: Paolo Bonzini <pbonzini@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [PATCH 4/6] coverity-model: clean up the models for array allocation functions
Date: Mon, 2 Aug 2021 18:20:55 +0200 [thread overview]
Message-ID: <a0cf06ce-55ae-fe35-64ef-f3d66c2708c0@redhat.com> (raw)
In-Reply-To: <CAFEAcA95XPt-2oeKM1gCCRDOjAyf4m0vkoQNGwLZk4swo4gDAA@mail.gmail.com>
On 02/08/21 14:36, Peter Maydell wrote:
> Reviewed-by: Peter Maydell<peter.maydell@linaro.org>
>
> The real g_malloc_n() returns failure if the multiplication
> would overflow; I guess Coverity currently doesn't have any
> warnings it generates as a result of assuming overflow
> might happen?
I couldn't find any Coverity-specific way to detect overflow, but making
nmemb a tainted sink could be an interesting way to ensure that
untrusted data does not end up causing such a failure.
Likewise, we should try making __bufwrite taint the buffer it is writing
to; there's already a TODO for that but I never followed up on it.
Paolo
next prev parent reply other threads:[~2021-08-02 16:21 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-31 6:27 [PATCH 0/6] Updates for Coverity modeling file Paolo Bonzini
2021-07-31 6:27 ` [PATCH 1/6] coverity-model: update address_space_read/write models Paolo Bonzini
2021-08-02 12:31 ` Peter Maydell
2021-07-31 6:27 ` [PATCH 2/6] coverity-model: make g_free a synonym of free Paolo Bonzini
2021-08-02 12:32 ` Peter Maydell
2021-07-31 6:27 ` [PATCH 3/6] coverity-model: remove model for more allocation functions Paolo Bonzini
2021-08-02 12:34 ` Peter Maydell
2021-07-31 6:27 ` [PATCH 4/6] coverity-model: clean up the models for array " Paolo Bonzini
2021-08-02 12:36 ` Peter Maydell
2021-08-02 16:20 ` Paolo Bonzini [this message]
2021-08-04 8:35 ` Markus Armbruster
2021-08-04 8:43 ` Peter Maydell
2021-07-31 6:27 ` [PATCH 5/6] coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL Paolo Bonzini
2021-08-02 12:37 ` Peter Maydell
2021-07-31 6:27 ` [PATCH 6/6] coverity-model: write models fully for non-array allocation functions Paolo Bonzini
2021-08-02 12:38 ` Peter Maydell
2021-08-02 12:46 ` [PATCH 0/6] Updates for Coverity modeling file Peter Maydell
2021-08-02 16:22 ` Paolo Bonzini
2021-08-03 6:04 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0cf06ce-55ae-fe35-64ef-f3d66c2708c0@redhat.com \
--to=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.