On 01/31/2013 12:28 PM, John Ferlan wrote:
On 01/31/2013 11:41 AM, Eric Blake wrote:
> On 01/31/2013 03:44 AM, Osier Yang wrote:
>> On 2013年01月31日 03:36, John Ferlan wrote:
>>> The 'dname' string was only filled in within the loop when
available;
>>> however, the TRACE macros used it unconditionally and caused Coverity
>>> to compain about BAD_SIZEOF. Using a dnameptr keeps Coverity at bay and
>
> s/compain/complain/
>
>>> + char *dnameptr = NULL;
>
> Would it be any simpler to just 0-initialize dname, as in:
>
> char dname[256] = "";
>
>
As Osier points out there is a memset(dname, 0, dnamesize) in the code
Okay, the memset() does the same thing as initializing would have done.
Changing the code to use the above still results in Coverity complaint
for each PROBE:
1062
(1) Event bad_sizeof: Taking the size of "dname", which is the address
of an object, is suspicious. Did you intend the size of the object itself?
1063 PROBE(RPC_TLS_CONTEXT_SESSION_ALLOW,
1064 "ctxt=%p sess=%p dname=%s",
1065 ctxt, sess, dname);
Lookin at the preprocessed source, it looks like Coverity is complaining
about this snippet of the expansion of PROBE():
__builtin_classify_type (((void *
)(intptr_t)(dname))) == 5) ? sizeof (void *) : sizeof (((void
*)(intptr_t)(dname))))
and yes, we really DO want to take the sizeof the address, not what it
points to, because the point of the PROBE() is to write the address at
which data starts.
So since it sounds like you were able to shut things up by having a
pointer instead of an array to begin with, the simplest solution is thus:
char dname[256];
char dnameptr = dname;
then PROBE(dnameptr)
No need to do PROBE(dnameptr ? dnameptr : "(unknown)").
All we are doing is handing Coverity a pointer instead of an array,
although both point to the same data, in order to shut up the false
positive.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org