[Gluster-devel] Help needed with Coverity - How to remove tainted_data_argument?
Krishnan Parthasarathi
kparthas at redhat.com
Wed Dec 17 11:46:25 UTC 2014
----- Original Message -----
> On 12/17/2014 11:29 AM, Niels de Vos wrote:
> > On Wed, Dec 17, 2014 at 10:24:46AM +0100, Xavier Hernandez wrote:
> >> I think the root cause of this particular problem is a pattern like this:
> >>
> >> GF_ASSERT(type <= x);
> >>
> >> array[type] = y
> >>
> >> I think there are several places where this pattern is used. GF_ASSERT()
> >> is
> >> there to detect bugs, however it does not stop the execution, it simply
> >> logs
> >> the problem. So if there's really a bug and 'type' > x, we will do an
> >> incorrect access into the array. Additionally, if 'type' is obtained from
> >> a
> >> tainted pointer, coverity considers this a potential security issue.
> >>
> >> This is also applicable to NULL pointer checks and some others.
This issue is because we are reading contents of a file into a fixed
sized buffer. Coverity considers external sources like I/O as taint by
default. My original question was if there are ways by which we can
programmatically let Coverity know that the data is _not_ tainted. This could
be a Coverity primitive, like explained here https://communities.coverity.com/thread/2303,
or refactoring our code. AFAICS, this pattern is not the same as boundary checks.
(NB. buffer in question is fixed length array and fgets (I/O) was performed
with sizeof (buffer) as the limit.)
More information about the Gluster-devel
mailing list