diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-03-08 13:53:04 +0000 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-03-08 18:14:35 +0000 |
| commit | e9f40d7b3ac0bf3a5896f9e3e5cf59181fd13c29 (patch) | |
| tree | 74b80509a1e830da1fe7b12a67941539e220b29a /python/examples | |
| parent | 138e2dcff07013ef76e9f82fc32369fe91afd05e (diff) | |
| download | libguestfs-e9f40d7b3ac0bf3a5896f9e3e5cf59181fd13c29.tar.gz libguestfs-e9f40d7b3ac0bf3a5896f9e3e5cf59181fd13c29.tar.xz libguestfs-e9f40d7b3ac0bf3a5896f9e3e5cf59181fd13c29.zip | |
daemon: inotify: Check event->len in inotify struct is reasonable.
The Coverity error is this (which I think is wrong):
Error: TAINTED_SCALAR:
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:211: tainted_data_argument: Calling function "read" taints argument "inotify_buf".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:232: var_assign_var: Assigning: "event" = "(struct inotify_event *)&inotify_buf[n]". Both are now tainted.
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:258: lower_bounds: Checking lower bounds of unsigned scalar "event->len" by "event->len > 0U".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:272: var_assign_var: Compound assignment involving tainted variable "16UL + event->len" to variable "n" taints "n".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:228: lower_bounds: Checking lower bounds of unsigned scalar "n" by "n < inotify_posn".
/builddir/build/BUILD/libguestfs-1.16.5/daemon/inotify.c:281: tainted_data: Using tainted variable "n" as an index into an array "inotify_buf".
Adding a sanity check of event->len is prudent.
(cherry picked from commit ae0f9f149b2b527b924d4532aa38302056d8a6b0)
Diffstat (limited to 'python/examples')
0 files changed, 0 insertions, 0 deletions