[Gluster-devel] Help needed with Coverity - How to remove tainted_data_argument?

Lalatendu Mohanty lmohanty at redhat.com
Wed Dec 17 08:32:05 UTC 2014


On 12/17/2014 01:54 PM, Atin Mukherjee wrote:
>
> On 12/17/2014 01:01 PM, Lalatendu Mohanty wrote:
>> On 12/17/2014 12:56 PM, Krishnan Parthasarathi wrote:
>>> I was looking into a Coverity issue (CID 1228603) in GlusterFS.
>>> I sent a patch[1] before I fully understood why this was an issue.
>>> After searching around in the internet for explanations, I identified
>>> that
>>> the core issue was that a character buffer, storing parts of a file
>>> (external I/O),
>>> was marked tainted. This taint spread wherever the buffer was used.
>>> This seems
>>> acceptable in the context of static analysis. How do we indicate to
>>> Coverity that
>>> the 'taint' would cause no harm as speculated?
>>>
>>> [1] - Coverity fix attempt: http://review.gluster.org/#/c/9286/
>>> [2] - CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR):
>>>         glusterd-utils.c: 2131 in glusterd_readin_file()
>>>
>>> thanks,
>>> kp
>>> _______________________________________________
>>> Gluster-devel mailing list
>>> Gluster-devel at gluster.org
>>> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
>> KP,
>>
>> We can mark the CID in Coverity scan website that it is not an issue
>> (i.e. as designed) and it would stop reporting it as a bug.
> Question is whether coverity will stop reporting on such occurrences in
> other places in future, my guess is no. Idea is to make coverity
> understand that this pattern should not be reported further.
>
> ~Atin

Atin,

Thanks for clarifying. I don't how if we can tell Coverity about a pattern.

However IMO we should not consider a family of issue e.g. in this case 
"Use of untrusted scalar value" as non-issue. I would rather go through 
each of them and decide if it an issue or non-issue.

Thanks,
Lala
>> Let me if you need any help to mark it as not a bug.
>>
>> Thanks,
>> Lala
>> _______________________________________________
>> Gluster-devel mailing list
>> Gluster-devel at gluster.org
>> http://supercolony.gluster.org/mailman/listinfo/gluster-devel



More information about the Gluster-devel mailing list