On 8/24/21 8:11 AM, Darren Kenny wrote:
Is there a specific set of assertions already present that ensure that
the circumstances you outline above are always in place?
If by "assertion" you mean using DEBUG_ASSERT to pacify Coverity, I
think that the answer is currently "no" but if you apply something like
the attached patch then the answer becomes "yes". You'll have to check
this though, as Coverity won't give me access to its tools or source code.
If by "assertion" you mean using <assert.h> to verify each of the
statements I made, then this is not the sort of thing that one can
easily ensure via assertions. It'd be like asking "Is there a specific
set of <assert.h> assertions that I can add to 'grep' to ensure that the
output of 'grep' is correct?" The answer to that question is "No,
there's no practical way to do it."
At present at least, we're not building GRUB with DEBUG, but maybe it is
something to consider for Coverity builds.
With the attached patch, I hope your Coverity builds can be either with
or without DEBUG.
diff --git a/lib/regexec.c b/lib/regexec.c
index 5e4eb497a..bd5b4ea41 100644
--- a/lib/regexec.c
+++ b/lib/regexec.c
@@ -1675,6 +1675,7 @@ static reg_errcode_t
clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx)
{
Idx top = mctx->state_log_top;
+ DEBUG_ASSERT (mctx->state_log != NULL);
if ((next_state_log_idx >= mctx->input.bufs_len
&& mctx->input.bufs_len < mctx->input.len)
diff --git a/lib/verify.h b/lib/verify.h
index a8ca59b09..3cd71b280 100644
--- a/lib/verify.h
+++ b/lib/verify.h
@@ -305,6 +305,8 @@ template <int w>
--enable-gcc-warnings, which compiles with -Dlint. It's nicer
when 'assume' silences warnings even with older GCCs. */
# define assume(R) ((R) ? (void) 0 : __builtin_trap ())
+#elif defined __COVERITY__
+# define assume(R) ((R) ? (void) 0 : __coverity_panic__ ())
#else
/* Some tools grok NOTREACHED, e.g., Oracle Studio 12.6. */
# define assume(R) ((R) ? (void) 0 : /*NOTREACHED*/ (void) 0)
