summaryrefslogtreecommitdiffstats
path: root/scripts/coverity-scan
diff options
context:
space:
mode:
authorPaolo Bonzini2021-07-27 18:03:16 +0200
committerPaolo Bonzini2021-07-30 12:04:01 +0200
commite17bdaab2b36db54f0214a14f394fa773cee58df (patch)
treed0536c1be4d201813daef2b6f7ef61da592aad21 /scripts/coverity-scan
parentcoverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL (diff)
downloadqemu-e17bdaab2b36db54f0214a14f394fa773cee58df.tar.gz
qemu-e17bdaab2b36db54f0214a14f394fa773cee58df.tar.xz
qemu-e17bdaab2b36db54f0214a14f394fa773cee58df.zip
coverity-model: write models fully for non-array allocation functions
Coverity seems to have issues figuring out the properties of g_malloc0 and other non *_n functions. While this was "fixed" by removing the custom second argument to __coverity_mark_as_afm_allocated__, inline the code from the array-based allocation functions to avoid future issues. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'scripts/coverity-scan')
-rw-r--r--scripts/coverity-scan/model.c57
1 files changed, 51 insertions, 6 deletions
diff --git a/scripts/coverity-scan/model.c b/scripts/coverity-scan/model.c
index 028f13e9e3..9d4fba53d9 100644
--- a/scripts/coverity-scan/model.c
+++ b/scripts/coverity-scan/model.c
@@ -269,32 +269,77 @@ void *g_try_realloc_n(void *ptr, size_t nmemb, size_t size)
void *g_malloc(size_t size)
{
- return g_malloc_n(1, size);
+ void *ptr;
+
+ __coverity_negative_sink__(size);
+ ptr = __coverity_alloc__(size);
+ if (!ptr) {
+ __coverity_panic__();
+ }
+ __coverity_mark_as_uninitialized_buffer__(ptr);
+ __coverity_mark_as_afm_allocated__(ptr, AFM_free);
+ return ptr;
}
void *g_malloc0(size_t size)
{
- return g_malloc0_n(1, size);
+ void *ptr;
+
+ __coverity_negative_sink__(size);
+ ptr = __coverity_alloc__(size);
+ if (!ptr) {
+ __coverity_panic__();
+ }
+ __coverity_writeall0__(ptr);
+ __coverity_mark_as_afm_allocated__(ptr, AFM_free);
+ return ptr;
}
void *g_realloc(void *ptr, size_t size)
{
- return g_realloc_n(ptr, 1, size);
+ __coverity_negative_sink__(size);
+ __coverity_escape__(ptr);
+ ptr = __coverity_alloc__(size);
+ if (!ptr) {
+ __coverity_panic__();
+ }
+ /*
+ * Memory beyond the old size isn't actually initialized. Can't
+ * model that. See Coverity's realloc() model
+ */
+ __coverity_writeall__(ptr);
+ __coverity_mark_as_afm_allocated__(ptr, AFM_free);
+ return ptr;
}
void *g_try_malloc(size_t size)
{
- return g_try_malloc_n(1, size);
+ int nomem;
+
+ if (nomem) {
+ return NULL;
+ }
+ return g_malloc(size);
}
void *g_try_malloc0(size_t size)
{
- return g_try_malloc0_n(1, size);
+ int nomem;
+
+ if (nomem) {
+ return NULL;
+ }
+ return g_malloc0(size);
}
void *g_try_realloc(void *ptr, size_t size)
{
- return g_try_realloc_n(ptr, 1, size);
+ int nomem;
+
+ if (nomem) {
+ return NULL;
+ }
+ return g_realloc(ptr, size);
}
/* Other glib functions */