Coverity model of g_malloc_n & Co.

Message ID	55012DAB.7080007@web.de
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Message-ID: <55012DAB.7080007@web.de> Date: Thu, 12 Mar 2015 07:09:47 +0100 From: Jan Kiszka <jan.kiszka@web.de> User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Markus Armbruster <armbru@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6KaMiTsGjeaHd0TfcQLFvljj0NIpwu2I4" Cc: qemu-devel <qemu-devel@nongnu.org> Subject: [Qemu-devel] Coverity model of g_malloc_n & Co. Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

55012DAB.7080007@web.de

State

New

Headers

Message-ID: <55012DAB.7080007@web.de>
Date: Thu, 12 Mar 2015 07:09:47 +0100
From: Jan Kiszka <jan.kiszka@web.de>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de;
	rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12
	Mnenhy/0.7.5.666
MIME-Version: 1.0
To: Markus Armbruster <armbru@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="6KaMiTsGjeaHd0TfcQLFvljj0NIpwu2I4"
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] Coverity model of g_malloc_n & Co.
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Jan Kiszka March 12, 2015, 6:09 a.m. UTC

Hi Markus,

due to a lack of publicly available documentation on the Coverity
modeling language (or my blindness to find it), I was about to steal
some patterns from QEMU (to improve the kmalloc model for the kernel). I
think I stumbled over some inconsistency: Don't we need to allocate the
calculated size here, not the passed one?


If so, I can file a proper patch later.

Jan

Comments

Markus Armbruster March 12, 2015, 10:56 a.m. UTC | #1

Jan Kiszka <jan.kiszka@web.de> writes:

> Hi Markus,
>
> due to a lack of publicly available documentation on the Coverity
> modeling language (or my blindness to find it), I was about to steal
> some patterns from QEMU (to improve the kmalloc model for the kernel). I
> think I stumbled over some inconsistency: Don't we need to allocate the
> calculated size here, not the passed one?
>
> diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
> index 58356af..cdda259 100644
> --- a/scripts/coverity-model.c
> +++ b/scripts/coverity-model.c
> @@ -123,7 +123,7 @@ void *g_malloc_n(size_t nmemb, size_t size)
>      __coverity_negative_sink__(nmemb);
>      __coverity_negative_sink__(size);
>      sz = nmemb * size;
> -    ptr = __coverity_alloc__(size);
> +    ptr = __coverity_alloc__(sz);
>      __coverity_mark_as_uninitialized_buffer__(ptr);
>      __coverity_mark_as_afm_allocated__(ptr, "g_free");
>      return ptr;
> @@ -137,7 +137,7 @@ void *g_malloc0_n(size_t nmemb, size_t size)
>      __coverity_negative_sink__(nmemb);
>      __coverity_negative_sink__(size);
>      sz = nmemb * size;
> -    ptr = __coverity_alloc__(size);
> +    ptr = __coverity_alloc__(sz);
>      __coverity_writeall0__(ptr);
>      __coverity_mark_as_afm_allocated__(ptr, "g_free");
>      return ptr;
> @@ -151,7 +151,7 @@ void *g_realloc_n(void *ptr, size_t nmemb, size_t size)
>      __coverity_negative_sink__(size);
>      sz = nmemb * size;
>      __coverity_escape__(ptr);
> -    ptr = __coverity_alloc__(size);
> +    ptr = __coverity_alloc__(sz);
>      /*
>       * Memory beyond the old size isn't actually initialized.  Can't
>       * model that.  See Coverity's realloc() model
>
> If so, I can file a proper patch later.

You're right!  Please submit a patch.

diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
index 58356af..cdda259 100644
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@@ -123,7 +123,7 @@  void *g_malloc_n(size_t nmemb, size_t size)
     __coverity_negative_sink__(nmemb);
     __coverity_negative_sink__(size);
     sz = nmemb * size;
-    ptr = __coverity_alloc__(size);
+    ptr = __coverity_alloc__(sz);
     __coverity_mark_as_uninitialized_buffer__(ptr);
     __coverity_mark_as_afm_allocated__(ptr, "g_free");
     return ptr;
@@ -137,7 +137,7 @@  void *g_malloc0_n(size_t nmemb, size_t size)
     __coverity_negative_sink__(nmemb);
     __coverity_negative_sink__(size);
     sz = nmemb * size;
-    ptr = __coverity_alloc__(size);
+    ptr = __coverity_alloc__(sz);
     __coverity_writeall0__(ptr);
     __coverity_mark_as_afm_allocated__(ptr, "g_free");
     return ptr;
@@ -151,7 +151,7 @@  void *g_realloc_n(void *ptr, size_t nmemb, size_t size)
     __coverity_negative_sink__(size);
     sz = nmemb * size;
     __coverity_escape__(ptr);
-    ptr = __coverity_alloc__(size);
+    ptr = __coverity_alloc__(sz);
     /*
      * Memory beyond the old size isn't actually initialized.  Can't
      * model that.  See Coverity's realloc() model

Coverity model of g_malloc_n & Co.

Commit Message

Comments

Patch