On Sun, Jul 20, 2014 at 11:44:53PM +0200, Stefan Beller wrote: > We're currently seeing lots of false positives > as the xmalloc/xrealloc function is handled not properly > by coverity. There are lots of errors "Allocation too small for type" Hmm. Actually, I think this report from coverity kind of makes sense. If you pass zero bytes to xmalloc, like: const char **foo = xmalloc(0); and your system malloc returns NULL, we convert that into a single-byte allocation, and it is the caller's responsibility not to actually dereference it. Coverity doesn't know that, and says "wait, one byte isn't enough to store *foo", which is right. Most cases of this are something like: const char **foo = xmalloc(nr * sizeof(*foo)); /* do something nr times */ What coverity _should_ be able to do is realize that we only trigger this when "nr" is zero, and then make sure that we only dereference foo when nr is non-zero. But I guess it's not that smart (yet). As a fallback, we should be able to say "xrealloc is opaque; just trust us that it will allocate the right amount", which I think is what you are getting at with the modeling file. > However I have reviewed the function and I'd be pretty sure it would work as expected. > According to https://scan.coverity.com/tune we can upload a modelling file, > which will allow us to supress such false positive errors. > I believe we'd need to put in the modelling file something like: > > // coverity[+alloc] > void *xrealloc(void *ptr, size_t size); > > and that should do. We'd not need to modify the git.git sources, > but just add such a declaration to the modelling file. I think that is how we would comment it in the source code. For the modeling file, we would actually provide a "fake" implementation of xmalloc that just calls malloc. I think you shouldn't generally need to model functions which are actually in your code base (as coverity looks across all files, not just what gets included when compiling any single one), but I assume that a model would take precedence over the "real" one for cases like this. > Does anyone of you administrators want to experiment with that? I don't think anybody is actively submitting builds to coverity. I played with it a while ago and have meant to look again when I got more time (as there were many false positives that I figured could be removed with some modeling), but haven't gotten around to it. I'm happy to upload any model file you want, or if you want to actively work on this, I can bump you to "maintainer" status and you can fiddle with the project settings as necessary. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html