On Tue, Nov 5, 2024 at 6:51 PM Paolo Bonzini <pbonz...@redhat.com> wrote: > > On Tue, Nov 5, 2024 at 12:44 PM Peter Maydell <peter.mayd...@linaro.org> > wrote: > > Hi; Coverity raises a couple of potential issues with the > > read_eif_file() function in this commit, which are both > > "Coverity assumes the file we're reading is untrusted and is > > unsure that we're correctly sanitizing data from it before use". > > Could somebody who understands the use case here check whether > > these need addressing? > > Both are reasonable to fix, even if the use case would not make them > security sensitive. I'll prepare and send a patch. >
Agree that it makes sense to fix. Thanks Paolo for looking into it. I can review when the patch is ready. BTW I see there is some formatting issue in the documentation of nitro-enclave in the QEMU website: https://www.qemu.org/docs/master/system/i386/nitro-enclave.html I think it's a simple fix where we need to put two colons (::) in a line before the QEMU commands lines. Maybe it would make sense to include it in the patches as well. Regards, Dorjoy
