Hi Dorjoy,
On 05.11.24 14:56, Dorjoy Chowdhury wrote:
On Tue, Nov 5, 2024 at 6:51 PM Paolo Bonzini <[email protected]> wrote:
On Tue, Nov 5, 2024 at 12:44 PM Peter Maydell <[email protected]> wrote:
Hi; Coverity raises a couple of potential issues with the
read_eif_file() function in this commit, which are both
"Coverity assumes the file we're reading is untrusted and is
unsure that we're correctly sanitizing data from it before use".
Could somebody who understands the use case here check whether
these need addressing?
Both are reasonable to fix, even if the use case would not make them
security sensitive. I'll prepare and send a patch.
Agree that it makes sense to fix. Thanks Paolo for looking into it. I
can review when the patch is ready.
BTW I see there is some formatting issue in the documentation of
nitro-enclave in the QEMU website:
https://www.qemu.org/docs/master/system/i386/nitro-enclave.html
I think it's a simple fix where we need to put two colons (::) in a
line before the QEMU commands lines. Maybe it would make sense to
include it in the patches as well.
Feel free to just send a patch to fix them on top of Paolo's pull
request to the mailing list :).
Alex
Amazon Web Services Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
Sitz: Berlin
Ust-ID: DE 365 538 597
