X-Git-Url: https://repo.jachan.dev/qemu.git/blobdiff_plain/651621b780515f35711c5d7305310ab1d241c7e2..e6b41ec37f0a9742374dfdb90e662745969cd7ea:/scripts/coverity-model.c diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c index 58356afa66..c702804f41 100644 --- a/scripts/coverity-model.c +++ b/scripts/coverity-model.c @@ -46,8 +46,10 @@ typedef struct va_list_str *va_list; typedef struct AddressSpace AddressSpace; typedef uint64_t hwaddr; +typedef uint32_t MemTxResult; +typedef uint64_t MemTxAttrs; -static void __write(uint8_t *buf, ssize_t len) +static void __bufwrite(uint8_t *buf, ssize_t len) { int first, last; __coverity_negative_sink__(len); @@ -57,7 +59,7 @@ static void __write(uint8_t *buf, ssize_t len) __coverity_writeall__(buf); } -static void __read(uint8_t *buf, ssize_t len) +static void __bufread(uint8_t *buf, ssize_t len) { __coverity_negative_sink__(len); if (len == 0) return; @@ -65,18 +67,27 @@ static void __read(uint8_t *buf, ssize_t len) int last = buf[len-1]; } -bool address_space_rw(AddressSpace *as, hwaddr addr, uint8_t *buf, - int len, bool is_write) +MemTxResult address_space_read(AddressSpace *as, hwaddr addr, + MemTxAttrs attrs, + uint8_t *buf, int len) { - bool result; - + MemTxResult result; // TODO: investigate impact of treating reads as producing // tainted data, with __coverity_tainted_data_argument__(buf). - if (is_write) __write(buf, len); else __read(buf, len); + __bufwrite(buf, len); + return result; +} +MemTxResult address_space_write(AddressSpace *as, hwaddr addr, + MemTxAttrs attrs, + const uint8_t *buf, int len) +{ + MemTxResult result; + __bufread(buf, len); return result; } + /* Tainting */ typedef struct {} name2keysym_t; @@ -123,7 +134,7 @@ void *g_malloc_n(size_t nmemb, size_t size) __coverity_negative_sink__(nmemb); __coverity_negative_sink__(size); sz = nmemb * size; - ptr = __coverity_alloc__(size); + ptr = __coverity_alloc__(sz); __coverity_mark_as_uninitialized_buffer__(ptr); __coverity_mark_as_afm_allocated__(ptr, "g_free"); return ptr; @@ -137,7 +148,7 @@ void *g_malloc0_n(size_t nmemb, size_t size) __coverity_negative_sink__(nmemb); __coverity_negative_sink__(size); sz = nmemb * size; - ptr = __coverity_alloc__(size); + ptr = __coverity_alloc__(sz); __coverity_writeall0__(ptr); __coverity_mark_as_afm_allocated__(ptr, "g_free"); return ptr; @@ -151,7 +162,7 @@ void *g_realloc_n(void *ptr, size_t nmemb, size_t size) __coverity_negative_sink__(size); sz = nmemb * size; __coverity_escape__(ptr); - ptr = __coverity_alloc__(size); + ptr = __coverity_alloc__(sz); /* * Memory beyond the old size isn't actually initialized. Can't * model that. See Coverity's realloc() model @@ -234,6 +245,23 @@ void *g_try_realloc(void *ptr, size_t size) return g_try_realloc_n(ptr, 1, size); } +/* Other memory allocation functions */ + +void *g_memdup(const void *ptr, unsigned size) +{ + unsigned char *dup; + unsigned i; + + if (!ptr) { + return NULL; + } + + dup = g_malloc(size); + for (i = 0; i < size; i++) + dup[i] = ((unsigned char *)ptr)[i]; + return dup; +} + /* * GLib string allocation functions */ @@ -323,6 +351,15 @@ char *g_strconcat(const char *s, ...) /* Other glib functions */ +typedef struct pollfd GPollFD; + +int poll(); + +int g_poll (GPollFD *fds, unsigned nfds, int timeout) +{ + return poll(fds, nfds, timeout); +} + typedef struct _GIOChannel GIOChannel; GIOChannel *g_io_channel_unix_new(int fd) {