Updates for Coverity modeling file

[PATCH 5/6] coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL

Posted by Paolo Bonzini 4 years, 6 months ago

g_malloc/g_malloc0/g_realloc only return NULL if the size is 0; we do not need
to cover that in the model, and so far have expected __coverity_alloc__
to model a non-NULL return value.  But that apparently does not work
anymore, so add some extra conditionals that invoke __coverity_panic__
for NULL pointers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 scripts/coverity-scan/model.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/coverity-scan/model.c b/scripts/coverity-scan/model.c
index 2d384bdd79..028f13e9e3 100644
--- a/scripts/coverity-scan/model.c
+++ b/scripts/coverity-scan/model.c
@@ -183,6 +183,9 @@ void *g_malloc_n(size_t nmemb, size_t size)
     __coverity_negative_sink__(nmemb);
     __coverity_negative_sink__(size);
     ptr = __coverity_alloc__(nmemb * size);
+    if (!ptr) {
+        __coverity_panic__();
+    }
     __coverity_mark_as_uninitialized_buffer__(ptr);
     __coverity_mark_as_afm_allocated__(ptr, AFM_free);
     return ptr;
@@ -195,6 +198,9 @@ void *g_malloc0_n(size_t nmemb, size_t size)
     __coverity_negative_sink__(nmemb);
     __coverity_negative_sink__(size);
     ptr = __coverity_alloc__(nmemb * size);
+    if (!ptr) {
+        __coverity_panic__();
+    }
     __coverity_writeall0__(ptr);
     __coverity_mark_as_afm_allocated__(ptr, AFM_free);
     return ptr;
@@ -206,6 +212,9 @@ void *g_realloc_n(void *ptr, size_t nmemb, size_t size)
     __coverity_negative_sink__(size);
     __coverity_escape__(ptr);
     ptr = __coverity_alloc__(nmemb * size);
+    if (!ptr) {
+        __coverity_panic__();
+    }
     /*
      * Memory beyond the old size isn't actually initialized.  Can't
      * model that.  See Coverity's realloc() model
-- 
2.31.1

Re: [PATCH 5/6] coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL

Posted by Peter Maydell 4 years, 6 months ago

On Sat, 31 Jul 2021 at 07:32, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> g_malloc/g_malloc0/g_realloc only return NULL if the size is 0; we do not need
> to cover that in the model, and so far have expected __coverity_alloc__
> to model a non-NULL return value.  But that apparently does not work
> anymore, so add some extra conditionals that invoke __coverity_panic__
> for NULL pointers.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

I do wish Coverity Scan had a better notification of updates/changes
and feedback path for bugs than "we'll just silently break stuff for
you" :-(

thanks
-- PMM

[PATCH 1/6] coverity-model: update address_space_read/write models
[PATCH 2/6] coverity-model: make g_free a synonym of free
[PATCH 3/6] coverity-model: remove model for more allocation functions
[PATCH 4/6] coverity-model: clean up the models for array allocation functions
[PATCH 5/6] coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL
[PATCH 6/6] coverity-model: write models fully for non-array allocation functions