Thanks Lala and Niels, I marked the issue as intentional with a comment. FWIW, this exercise inspired me to refactor the code near the false positive site. For those interested in reviewing, http://review.gluster.org/9288 ~kp ----- Original Message ----- > As long as we can precisely 'teach' Coverity our usage patterns that are > known > to be correct, it is OK to address a family of issues. If there is an > advertised > interface in Coverity to do that then we should be able to 'undo' it as well. > > OTOH, closing a bunch of similar looking (but incorrectly grouped as same) > may > not be safe. I am assuming you are talking about this kind of grouping. > > ----- Original Message ----- > > On 12/17/2014 01:54 PM, Atin Mukherjee wrote: > > > > > > On 12/17/2014 01:01 PM, Lalatendu Mohanty wrote: > > >> On 12/17/2014 12:56 PM, Krishnan Parthasarathi wrote: > > >>> I was looking into a Coverity issue (CID 1228603) in GlusterFS. > > >>> I sent a patch[1] before I fully understood why this was an issue. > > >>> After searching around in the internet for explanations, I identified > > >>> that > > >>> the core issue was that a character buffer, storing parts of a file > > >>> (external I/O), > > >>> was marked tainted. This taint spread wherever the buffer was used. > > >>> This seems > > >>> acceptable in the context of static analysis. How do we indicate to > > >>> Coverity that > > >>> the 'taint' would cause no harm as speculated? > > >>> > > >>> [1] - Coverity fix attempt: http://review.gluster.org/#/c/9286/ > > >>> [2] - CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR): > > >>> glusterd-utils.c: 2131 in glusterd_readin_file() > > >>> > > >>> thanks, > > >>> kp > > >>> _______________________________________________ > > >>> Gluster-devel mailing list > > >>> Gluster-devel@xxxxxxxxxxx > > >>> http://supercolony.gluster.org/mailman/listinfo/gluster-devel > > >> KP, > > >> > > >> We can mark the CID in Coverity scan website that it is not an issue > > >> (i.e. as designed) and it would stop reporting it as a bug. > > > Question is whether coverity will stop reporting on such occurrences in > > > other places in future, my guess is no. Idea is to make coverity > > > understand that this pattern should not be reported further. > > > > > > ~Atin > > > > Atin, > > > > Thanks for clarifying. I don't how if we can tell Coverity about a pattern. > > > > However IMO we should not consider a family of issue e.g. in this case > > "Use of untrusted scalar value" as non-issue. I would rather go through > > each of them and decide if it an issue or non-issue. > > > > Thanks, > > Lala > > >> Let me if you need any help to mark it as not a bug. > > >> > > >> Thanks, > > >> Lala > > >> _______________________________________________ > > >> Gluster-devel mailing list > > >> Gluster-devel@xxxxxxxxxxx > > >> http://supercolony.gluster.org/mailman/listinfo/gluster-devel > > > > > _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-devel
