On 02/08/21 14:36, Peter Maydell wrote:
Reviewed-by: Peter Maydell<peter.mayd...@linaro.org>
The real g_malloc_n() returns failure if the multiplication
would overflow; I guess Coverity currently doesn't have any
warnings it generates as a result of assuming overflow
might happen?
I couldn't find any Coverity-specific way to detect overflow, but making
nmemb a tainted sink could be an interesting way to ensure that
untrusted data does not end up causing such a failure.
Likewise, we should try making __bufwrite taint the buffer it is writing
to; there's already a TODO for that but I never followed up on it.
Paolo
