diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-03-08 13:53:04 +0000 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-03-08 13:53:04 +0000 |
| commit | ae0f9f149b2b527b924d4532aa38302056d8a6b0 (patch) | |
| tree | b885b3df476805c22c97c820c42bc674ee9a6e01 /debian/guestmount.dirs | |
| parent | 3b3d9ca4e1fa0a4f566cb2a8008540ee640b738b (diff) | |
| download | libguestfs-ae0f9f149b2b527b924d4532aa38302056d8a6b0.tar.gz libguestfs-ae0f9f149b2b527b924d4532aa38302056d8a6b0.tar.xz libguestfs-ae0f9f149b2b527b924d4532aa38302056d8a6b0.zip | |
daemon: inotify: Check event->len in inotify struct is reasonable.
The Coverity error is this (which I think is wrong):
Error: TAINTED_SCALAR:
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:211: tainted_data_argument: Calling function "read" taints argument "inotify_buf".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:232: var_assign_var: Assigning: "event" = "(struct inotify_event *)&inotify_buf[n]". Both are now tainted.
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:258: lower_bounds: Checking lower bounds of unsigned scalar "event->len" by "event->len > 0U".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:272: var_assign_var: Compound assignment involving tainted variable "16UL + event->len" to variable "n" taints "n".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:228: lower_bounds: Checking lower bounds of unsigned scalar "n" by "n < inotify_posn".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:281: tainted_data: Using tainted variable "n" as an index into an array "inotify_buf".
Adding a sanity check of event->len is prudent.
Diffstat (limited to 'debian/guestmount.dirs')
0 files changed, 0 insertions, 0 deletions