On Sat, 31 Jul 2021 at 07:31, Paolo Bonzini <pbonz...@redhat.com> wrote: > > sz is only used in one place, so replace it with nmemb * size in > that one place. > > Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> > --- > scripts/coverity-scan/model.c | 13 +++---------- > 1 file changed, 3 insertions(+), 10 deletions(-) > > diff --git a/scripts/coverity-scan/model.c b/scripts/coverity-scan/model.c > index 1a5f39d2ae..2d384bdd79 100644 > --- a/scripts/coverity-scan/model.c > +++ b/scripts/coverity-scan/model.c > @@ -178,13 +178,11 @@ uint8_t replay_get_byte(void) > > void *g_malloc_n(size_t nmemb, size_t size) > { > - size_t sz; > void *ptr; > > __coverity_negative_sink__(nmemb); > __coverity_negative_sink__(size); > - sz = nmemb * size; > - ptr = __coverity_alloc__(sz); > + ptr = __coverity_alloc__(nmemb * size); > __coverity_mark_as_uninitialized_buffer__(ptr); > __coverity_mark_as_afm_allocated__(ptr, AFM_free); > return ptr;
Reviewed-by: Peter Maydell <peter.mayd...@linaro.org> The real g_malloc_n() returns failure if the multiplication would overflow; I guess Coverity currently doesn't have any warnings it generates as a result of assuming overflow might happen? thanks -- PMM