diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2017-03-15 09:16:41 +0100 |
---|---|---|
committer | Markus Armbruster <armbru@redhat.com> | 2017-03-15 13:59:16 +0100 |
commit | 4d0e72396b69656f36f484b54ffe64893d793a80 (patch) | |
tree | 99de627cfcb765e40d4e2ffa536aae502d4b488d /scripts | |
parent | 157db293ebf640d0ad04498ca469dcd3839a4e41 (diff) | |
download | qemu-4d0e72396b69656f36f484b54ffe64893d793a80.zip qemu-4d0e72396b69656f36f484b54ffe64893d793a80.tar.gz qemu-4d0e72396b69656f36f484b54ffe64893d793a80.tar.bz2 |
coverity-model: model address_space_read/write
Commit eb7eeb8 ("memory: split address_space_read and
address_space_write", 2015-12-17) made address_space_rw
dispatch to one of address_space_read or address_space_write,
rather than vice versa.
For callers of address_space_read and address_space_write this
causes false positive defects when Coverity sees a length-8 write in
address_space_read and a length-4 (e.g. int*) buffer to read into.
As long as the size of the buffer is okay, this is a false positive.
Reflect the code change into the model.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20170315081641.20588-1-pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/coverity-model.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c index ee5bf9d..c702804 100644 --- a/scripts/coverity-model.c +++ b/scripts/coverity-model.c @@ -67,18 +67,27 @@ static void __bufread(uint8_t *buf, ssize_t len) int last = buf[len-1]; } -MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs, - uint8_t *buf, int len, bool is_write) +MemTxResult address_space_read(AddressSpace *as, hwaddr addr, + MemTxAttrs attrs, + uint8_t *buf, int len) { MemTxResult result; - // TODO: investigate impact of treating reads as producing // tainted data, with __coverity_tainted_data_argument__(buf). - if (is_write) __bufread(buf, len); else __bufwrite(buf, len); + __bufwrite(buf, len); + return result; +} +MemTxResult address_space_write(AddressSpace *as, hwaddr addr, + MemTxAttrs attrs, + const uint8_t *buf, int len) +{ + MemTxResult result; + __bufread(buf, len); return result; } + /* Tainting */ typedef struct {} name2keysym_t; |