Commit 2e1c92da authored by Paolo Bonzini's avatar Paolo Bonzini Committed by Markus Armbruster
Browse files

coverity: fix address_space_rw model 



If the is_write argument is true, address_space_rw writes to memory
and thus reads from the buffer.  The opposite holds if is_write is
false.  Fix the model.

Cc: Markus Armbruster <armbru@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarMarkus Armbruster <armbru@redhat.com>
parent 5bccbb04

scripts/coverity-model.c

+3 −3
Original line number Diff line number Diff line
@@ -49,7 +49,7 @@ typedef uint64_t hwaddr; 
typedef uint32_t MemTxResult;

typedef uint64_t MemTxAttrs;



static void __write(uint8_t *buf, ssize_t len)

static void __bufwrite(uint8_t *buf, ssize_t len)

{

    int first, last;

    __coverity_negative_sink__(len);
@@ -59,7 +59,7 @@ static void __write(uint8_t *buf, ssize_t len) 
    __coverity_writeall__(buf);

}



static void __read(uint8_t *buf, ssize_t len)

static void __bufread(uint8_t *buf, ssize_t len)

{

    __coverity_negative_sink__(len);

    if (len == 0) return;
@@ -74,7 +74,7 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr addr, MemTxAttrs attrs, 


    // TODO: investigate impact of treating reads as producing

    // tainted data, with __coverity_tainted_data_argument__(buf).

    if (is_write) __write(buf, len); else __read(buf, len);

    if (is_write) __bufread(buf, len); else __bufwrite(buf, len);



    return result;

}