From 157db293ebf640d0ad04498ca469dcd3839a4e41 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 17 Feb 2017 21:15:54 +0100 Subject: tests: Use error_free_or_abort() where appropriate Done with this Coccinelle semantic patch: @@ expression E; @@ - g_assert(E); - error_free(E); + error_free_or_abort(&E); Signed-off-by: Markus Armbruster Message-Id: <1487362554-5688-1-git-send-email-armbru@redhat.com> Reviewed-by: Eric Blake --- tests/test-qemu-opts.c | 3 +-- tests/test-qobject-output-visitor.c | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tests/test-qemu-opts.c b/tests/test-qemu-opts.c index f6310b34f1..0ad74b464f 100644 --- a/tests/test-qemu-opts.c +++ b/tests/test-qemu-opts.c @@ -93,8 +93,7 @@ static void test_find_unknown_opts(void) /* should not return anything, we don't have an "unknown" option */ list = qemu_find_opts_err("unknown", &err); g_assert(list == NULL); - g_assert(err); - error_free(err); + error_free_or_abort(&err); } static void test_qemu_find_opts(void) diff --git a/tests/test-qobject-output-visitor.c b/tests/test-qobject-output-visitor.c index 500b452d98..c213fceeb3 100644 --- a/tests/test-qobject-output-visitor.c +++ b/tests/test-qobject-output-visitor.c @@ -145,8 +145,7 @@ static void test_visitor_out_enum_errors(TestOutputVisitorData *data, for (i = 0; i < ARRAY_SIZE(bad_values) ; i++) { err = NULL; visit_type_EnumOne(data->ov, "unused", &bad_values[i], &err); - g_assert(err); - error_free(err); + error_free_or_abort(&err); visitor_reset(data); } } @@ -244,8 +243,7 @@ static void test_visitor_out_struct_errors(TestOutputVisitorData *data, u.has_enum1 = true; u.enum1 = bad_values[i]; visit_type_UserDefOne(data->ov, "unused", &pu, &err); - g_assert(err); - error_free(err); + error_free_or_abort(&err); visitor_reset(data); } } -- cgit v1.2.1 From 4d0e72396b69656f36f484b54ffe64893d793a80 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 15 Mar 2017 09:16:41 +0100 Subject: coverity-model: model address_space_read/write Commit eb7eeb8 ("memory: split address_space_read and address_space_write", 2015-12-17) made address_space_rw dispatch to one of address_space_read or address_space_write, rather than vice versa. For callers of address_space_read and address_space_write this causes false positive defects when Coverity sees a length-8 write in address_space_read and a length-4 (e.g. int*) buffer to read into. As long as the size of the buffer is okay, this is a false positive. Reflect the code change into the model. Signed-off-by: Paolo Bonzini Message-Id: <20170315081641.20588-1-pbonzini@redhat.com> Reviewed-by: Eric Blake Reviewed-by: Markus Armbruster Signed-off-by: Markus Armbruster --- scripts/coverity-model.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c index ee5bf9d078..c702804f41 100644 --- a/scripts/coverity-model.c +++ b/scripts/coverity-model.c @@ -67,18 +67,27 @@ static void __bufread(uint8_t *buf, ssize_t len) int last = buf[len-1]; } -MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs, - uint8_t *buf, int len, bool is_write) +MemTxResult address_space_read(AddressSpace *as, hwaddr addr, + MemTxAttrs attrs, + uint8_t *buf, int len) { MemTxResult result; - // TODO: investigate impact of treating reads as producing // tainted data, with __coverity_tainted_data_argument__(buf). - if (is_write) __bufread(buf, len); else __bufwrite(buf, len); + __bufwrite(buf, len); + return result; +} +MemTxResult address_space_write(AddressSpace *as, hwaddr addr, + MemTxAttrs attrs, + const uint8_t *buf, int len) +{ + MemTxResult result; + __bufread(buf, len); return result; } + /* Tainting */ typedef struct {} name2keysym_t; -- cgit v1.2.1