Paolo Bonzini <pbonz...@redhat.com> writes:
> On 15/05/2018 14:00, Markus Armbruster wrote:
>> Paolo Bonzini <pbonz...@redhat.com> writes:
>>
>>> Replay data is not considered a possible attack vector; add a model that
>>> does not use getc so that "tainted data" warnings are suppressed.
>>>
>>> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>>> ---
>>> scripts/coverity-model.c | 13 +++++++++++++
>>> 1 file changed, 13 insertions(+)
>>>
>>> diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
>>> index c702804f41..576f48de33 100644
>>> --- a/scripts/coverity-model.c
>>> +++ b/scripts/coverity-model.c
>>> @@ -103,6 +103,19 @@ static int get_keysym(const name2keysym_t *table,
>> /* Tainting */
>>
>> typedef struct {} name2keysym_t;
>> static int get_keysym(const name2keysym_t *table,
>> const char *name)
>> {
>> int result;
>> if (result > 0) {
>> __coverity_tainted_string_sanitize_content__(name);
>> return result;
>> } else {
>> return 0;
>>> }
>>> }
>>>
>>> +
>>
>> Does the new model go under /* Tainting */ ?
>
> Yes, it does. Any chance you can do the change yourself?...
Gladly :)
Reviewed-by: Markus Armbruster <arm...@redhat.com>
