[haiku-development] Re: New Coverity scan results online: r39894 nightly-raw gcc4 build
- From: Ingo Weinhold <ingo_weinhold@xxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Mon, 20 Dec 2010 22:27:21 +0100
On 2010-12-20 at 21:23:26 [+0100], Michael Pfeiffer
<michael.w.pfeiffer@xxxxxxxxx> wrote:
> BTW does somebody know what TAINTED_SCALAR means in CID 9093:
>
> 51 int Scanner::GetCh() {
> Event tainted_data_return: Function "fgetc" returning tainted data.
> Event var_assign: Assigning: "ch" = "fgetc", which taints "ch".
> 52 int ch = fgetc(fFile);
> 53 fPrev = fCur;
> 54 if (ch == '\n') {
> 55 fCur.column = 0;
> 56 fCur.line ++;
> 57 } else {
> 58 fCur.column ++;
> 59 }
> Event return_tainted_data: Returning tainted variable "ch".
> 60 return ch;
> 61 }
>
> Doesn't fgetc return an int value?
It does, but the return value can also be EOF (-1). If you look at the two
reported errors, you'll see that the tool is right:
Event tainted_data_return: Function "Scanner::GetCh()" returns tainted data.
[details]
Event var_assign: Assigning: "c" = "Scanner::GetCh()", which taints "c".
126 c = GetCh();
Event tainted_data: Using tainted variable "(int)c" as an index to pointer
"__ctype_b".
127 } while(isdigit(c) || c == '.');
and:
Event tainted_data_return: Function "Scanner::GetCh()" returns tainted data.
[details]
Event var_assign: Assigning: "c" = "Scanner::GetCh()", which taints "c".
122 int c = GetCh();
Event tainted_data: Using tainted variable "(int)c" as an index to pointer
"__ctype_b".
123 if (isdigit(c) || c == '.') {
The specs don't say whether isdigit() should accept negative values (one
could argue that negative values aren't characters and thus aren't valid
arguments). Apparently our implementation doesn't.
CU, Ingo
Other related posts:
