On Jul 11, 2016, at 3:46 AM, Jaap Keuter wrote:
> Since (not so) recently the Coverity code analysis has added a checker for so
> called tainted data. This data is considered coming from an external source
> (eg. the network) hence suspicious until validated. Using these
I can't answer for all the "tainted" checks on coverity, but the ones I'm
patching seem reasonable.
Quick example
num = tvb_get_ntohl(...)
for (i = 0; i < num; i++) { }
Nothing is going to crash in wireshark, but if a tainted packet contains
0x, why should we loop with this value, until
Hi Jaap,
2016-07-11 12:46 GMT+02:00 Jaap Keuter :
> Hi List,
>
> Since (not so) recently the Coverity code analysis has added a checker for
> so called tainted data. This data is considered coming from an external
> source (eg. the network) hence suspicious until
Hi List,
Since (not so) recently the Coverity code analysis has added a checker for so
called tainted data. This data is considered coming from an external source
(eg. the network) hence suspicious until validated. Using these tainted values
is considered a risk. In general this is true,