[Gluster-devel] Help needed with Coverity - How to remove tainted_data_argument?
Krishnan Parthasarathi
kparthas at redhat.com
Wed Dec 17 08:51:21 UTC 2014
Thanks Lala and Niels, I marked the issue as intentional with a comment.
FWIW, this exercise inspired me to refactor the code near the false positive
site. For those interested in reviewing, http://review.gluster.org/9288
~kp
----- Original Message -----
> As long as we can precisely 'teach' Coverity our usage patterns that are
> known
> to be correct, it is OK to address a family of issues. If there is an
> advertised
> interface in Coverity to do that then we should be able to 'undo' it as well.
>
> OTOH, closing a bunch of similar looking (but incorrectly grouped as same)
> may
> not be safe. I am assuming you are talking about this kind of grouping.
>
> ----- Original Message -----
> > On 12/17/2014 01:54 PM, Atin Mukherjee wrote:
> > >
> > > On 12/17/2014 01:01 PM, Lalatendu Mohanty wrote:
> > >> On 12/17/2014 12:56 PM, Krishnan Parthasarathi wrote:
> > >>> I was looking into a Coverity issue (CID 1228603) in GlusterFS.
> > >>> I sent a patch[1] before I fully understood why this was an issue.
> > >>> After searching around in the internet for explanations, I identified
> > >>> that
> > >>> the core issue was that a character buffer, storing parts of a file
> > >>> (external I/O),
> > >>> was marked tainted. This taint spread wherever the buffer was used.
> > >>> This seems
> > >>> acceptable in the context of static analysis. How do we indicate to
> > >>> Coverity that
> > >>> the 'taint' would cause no harm as speculated?
> > >>>
> > >>> [1] - Coverity fix attempt: http://review.gluster.org/#/c/9286/
> > >>> [2] - CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR):
> > >>> glusterd-utils.c: 2131 in glusterd_readin_file()
> > >>>
> > >>> thanks,
> > >>> kp
> > >>> _______________________________________________
> > >>> Gluster-devel mailing list
> > >>> Gluster-devel at gluster.org
> > >>> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
> > >> KP,
> > >>
> > >> We can mark the CID in Coverity scan website that it is not an issue
> > >> (i.e. as designed) and it would stop reporting it as a bug.
> > > Question is whether coverity will stop reporting on such occurrences in
> > > other places in future, my guess is no. Idea is to make coverity
> > > understand that this pattern should not be reported further.
> > >
> > > ~Atin
> >
> > Atin,
> >
> > Thanks for clarifying. I don't how if we can tell Coverity about a pattern.
> >
> > However IMO we should not consider a family of issue e.g. in this case
> > "Use of untrusted scalar value" as non-issue. I would rather go through
> > each of them and decide if it an issue or non-issue.
> >
> > Thanks,
> > Lala
> > >> Let me if you need any help to mark it as not a bug.
> > >>
> > >> Thanks,
> > >> Lala
> > >> _______________________________________________
> > >> Gluster-devel mailing list
> > >> Gluster-devel at gluster.org
> > >> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
> >
> >
>
More information about the Gluster-devel
mailing list