[PULL,2/3] coverity-model: replay data is considered trusted

Commit Message

Markus Armbruster June 13, 2018, 1:10 p.m. UTC

From: Paolo Bonzini <pbonzini@redhat.com>

Replay data is not considered a possible attack vector; add a model that
does not use getc so that "tainted data" warnings are suppressed.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20180514141218.28438-1-pbonzini@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Whitespace tweaked]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 scripts/coverity-model.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Patch

diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
index c702804f41..48b112393b 100644
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@@ -103,6 +103,18 @@  static int get_keysym(const name2keysym_t *table,
     }
 }
 
+/* Replay data is considered trusted.  */
+uint8_t replay_get_byte(void)
+{
+     uint8_t byte = 0;
+     if (replay_file) {
+         uint8_t c;
+         byte = c;
+     }
+     return byte;
+}
+
+
 /*
  * GLib memory allocation functions.
  *