On 03/15/2017 03:16 AM, Paolo Bonzini wrote:
> Commit eb7eeb8 ("memory: split address_space_read and
> address_space_write", 2015-12-17) made address_space_rw
> dispatch to one of address_space_read or address_space_write,
> rather than vice versa.
>
> For callers of address_space_read and address_space_write this
> causes false positive defects when Coverity sees a length-8 write in
> address_space_read and a length-4 (e.g. int*) buffer to read into.
> As long as the size of the buffer is okay, this is a false positive.
>
> Reflect the code change into the model.
>
> Signed-off-by: Paolo Bonzini <[email protected]>
> ---
> scripts/coverity-model.c | 17 +++++++++++++----
> 1 file changed, 13 insertions(+), 4 deletions(-)
> -MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs,
> - uint8_t *buf, int len, bool is_write)
> +MemTxResult address_space_read(AddressSpace *as, hwaddr addr,
> + MemTxAttrs attrs,
> + uint8_t *buf, int len)
> {
> MemTxResult result;
> -
> // TODO: investigate impact of treating reads as producing
> // tainted data, with __coverity_tainted_data_argument__(buf).
> - if (is_write) __bufread(buf, len); else __bufwrite(buf, len);
Old code did __bufread for reads,
> + __bufwrite(buf, len);
but the new does __bufwrite.
> + return result;
> +}
>
> +MemTxResult address_space_write(AddressSpace *as, hwaddr addr,
> + MemTxAttrs attrs,
> + const uint8_t *buf, int len)
> +{
> + MemTxResult result;
> + __bufread(buf, len);
And __bufread for writes. Did you get this backwards?
> return result;
> }
>
> +
> /* Tainting */
>
> typedef struct {} name2keysym_t;
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
