On 05/02/2015 17:24, Markus Armbruster wrote:
> +
> +char *g_strdup(const char *s)
> +{
> + char *dup;
> + size_t i;
> +
> + if (!s) {
> + return NULL;
> + }
> +
> + __coverity_string_null_sink__(s);
> + __coverity_string_size_sink__(s);
What's __coverity_string_size_sink__? It is likely responsible for this
in libcacard:
Unbounded source buffer (STRING_SIZE)
string_size: Passing string argv[argc - 2] of unknown size to g_strdup,
which expects a string of a particular size
I guess it's okay to mark this as intentional?
>
> +char *g_strndup(const char *s, size_t n)
> +{
> + char *dup;
> + size_t i;
> +
> + __coverity_negative_sink__(n);
> +
> + if (!s) {
> + return NULL;
> + }
> +
> + dup = g_malloc(n + 1);
This should be g_malloc0 I think.
Paolo
