Re: Help needed with Coverity - How to remove tainted_data_argument?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



As long as we can precisely 'teach' Coverity our usage patterns that are known
to be correct, it is OK to address a family of issues. If there is an advertised
interface in Coverity to do that then we should be able to 'undo' it as well.

OTOH, closing a bunch of similar looking (but incorrectly grouped as same) may
not be safe. I am assuming you are talking about this kind of grouping.

----- Original Message -----
> On 12/17/2014 01:54 PM, Atin Mukherjee wrote:
> >
> > On 12/17/2014 01:01 PM, Lalatendu Mohanty wrote:
> >> On 12/17/2014 12:56 PM, Krishnan Parthasarathi wrote:
> >>> I was looking into a Coverity issue (CID 1228603) in GlusterFS.
> >>> I sent a patch[1] before I fully understood why this was an issue.
> >>> After searching around in the internet for explanations, I identified
> >>> that
> >>> the core issue was that a character buffer, storing parts of a file
> >>> (external I/O),
> >>> was marked tainted. This taint spread wherever the buffer was used.
> >>> This seems
> >>> acceptable in the context of static analysis. How do we indicate to
> >>> Coverity that
> >>> the 'taint' would cause no harm as speculated?
> >>>
> >>> [1] - Coverity fix attempt: http://review.gluster.org/#/c/9286/
> >>> [2] - CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR):
> >>>         glusterd-utils.c: 2131 in glusterd_readin_file()
> >>>
> >>> thanks,
> >>> kp
> >>> _______________________________________________
> >>> Gluster-devel mailing list
> >>> Gluster-devel@xxxxxxxxxxx
> >>> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
> >> KP,
> >>
> >> We can mark the CID in Coverity scan website that it is not an issue
> >> (i.e. as designed) and it would stop reporting it as a bug.
> > Question is whether coverity will stop reporting on such occurrences in
> > other places in future, my guess is no. Idea is to make coverity
> > understand that this pattern should not be reported further.
> >
> > ~Atin
> 
> Atin,
> 
> Thanks for clarifying. I don't how if we can tell Coverity about a pattern.
> 
> However IMO we should not consider a family of issue e.g. in this case
> "Use of untrusted scalar value" as non-issue. I would rather go through
> each of them and decide if it an issue or non-issue.
> 
> Thanks,
> Lala
> >> Let me if you need any help to mark it as not a bug.
> >>
> >> Thanks,
> >> Lala
> >> _______________________________________________
> >> Gluster-devel mailing list
> >> Gluster-devel@xxxxxxxxxxx
> >> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
> 
> 
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://supercolony.gluster.org/mailman/listinfo/gluster-devel




[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux