Hi Markus, due to a lack of publicly available documentation on the Coverity modeling language (or my blindness to find it), I was about to steal some patterns from QEMU (to improve the kmalloc model for the kernel). I think I stumbled over some inconsistency: Don't we need to allocate the calculated size here, not the passed one?
diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
index 58356af..cdda259 100644
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@@ -123,7 +123,7 @@ void *g_malloc_n(size_t nmemb, size_t size)
__coverity_negative_sink__(nmemb);
__coverity_negative_sink__(size);
sz = nmemb * size;
- ptr = __coverity_alloc__(size);
+ ptr = __coverity_alloc__(sz);
__coverity_mark_as_uninitialized_buffer__(ptr);
__coverity_mark_as_afm_allocated__(ptr, "g_free");
return ptr;
@@ -137,7 +137,7 @@ void *g_malloc0_n(size_t nmemb, size_t size)
__coverity_negative_sink__(nmemb);
__coverity_negative_sink__(size);
sz = nmemb * size;
- ptr = __coverity_alloc__(size);
+ ptr = __coverity_alloc__(sz);
__coverity_writeall0__(ptr);
__coverity_mark_as_afm_allocated__(ptr, "g_free");
return ptr;
@@ -151,7 +151,7 @@ void *g_realloc_n(void *ptr, size_t nmemb, size_t size)
__coverity_negative_sink__(size);
sz = nmemb * size;
__coverity_escape__(ptr);
- ptr = __coverity_alloc__(size);
+ ptr = __coverity_alloc__(sz);
/*
* Memory beyond the old size isn't actually initialized. Can't
* model that. See Coverity's realloc() model
If so, I can file a proper patch later.
Jan
signature.asc
Description: OpenPGP digital signature
