Re: [Wireshark-dev] Considering ignoring Coverity 'tainted' checks

On Jul 11, 2016, at 3:46 AM, Jaap Keuter wrote: > Since (not so) recently the Coverity code analysis has added a checker for so > called tainted data. This data is considered coming from an external source > (eg. the network) hence suspicious until validated. Using these

Re: [Wireshark-dev] Considering ignoring Coverity 'tainted' checks

I can't answer for all the "tainted" checks on coverity, but the ones I'm patching seem reasonable. Quick example num = tvb_get_ntohl(...) for (i = 0; i < num; i++) { } Nothing is going to crash in wireshark, but if a tainted packet contains 0x, why should we loop with this value, until

Re: [Wireshark-dev] Considering ignoring Coverity 'tainted' checks

Hi Jaap, 2016-07-11 12:46 GMT+02:00 Jaap Keuter : > Hi List, > > Since (not so) recently the Coverity code analysis has added a checker for > so called tainted data. This data is considered coming from an external > source (eg. the network) hence suspicious until

[Wireshark-dev] Considering ignoring Coverity 'tainted' checks

Hi List, Since (not so) recently the Coverity code analysis has added a checker for so called tainted data. This data is considered coming from an external source (eg. the network) hence suspicious until validated. Using these tainted values is considered a risk. In general this is true,