| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 1 | /* Coverity Scan model |
| 2 | * |
| 3 | * This is a modeling file for Coverity Scan. Modeling helps to avoid false |
| 4 | * positives. |
| 5 | * |
| 6 | * - A model file can't import any header files. |
| 7 | * - Therefore only some built-in primitives like int, char and void are |
| 8 | * available but not wchar_t, NULL etc. |
| 9 | * - Modeling doesn't need full structs and typedefs. Rudimentary structs |
| 10 | * and similar types are sufficient. |
| 11 | * - An uninitialized local pointer is not an error. It signifies that the |
| 12 | * variable could be either NULL or have some data. |
| 13 | * |
| 14 | * Coverity Scan doesn't pick up modifications automatically. The model file |
| 15 | * must be uploaded by an admin in the analysis settings of |
| 16 | * http://scan.coverity.com/projects/200 |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 17 | */ |
| 18 | |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 19 | /* dummy definitions, in most cases struct fields aren't required. */ |
| 20 | |
| 21 | #define NULL (void *)0 |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 22 | typedef int sdigit; |
| 23 | typedef long Py_ssize_t; |
| 24 | typedef unsigned short wchar_t; |
| 25 | typedef struct {} PyObject; |
| 26 | typedef struct {} grammar; |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 27 | typedef struct {} DIR; |
| 28 | typedef struct {} RFILE; |
| 29 | |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 30 | /* Python/pythonrun.c |
| 31 | * resourece leak false positive */ |
| 32 | |
| 33 | void Py_FatalError(const char *msg) { |
| 34 | __coverity_panic__(); |
| 35 | } |
| 36 | |
| 37 | /* Objects/longobject.c |
| 38 | * NEGATIVE_RETURNS false positive */ |
| 39 | |
| 40 | static PyObject small_ints[257 + 5]; |
| 41 | |
| 42 | static PyObject *get_small_int(sdigit ival) |
| 43 | { |
| 44 | PyObject *p; |
| 45 | if (((ival + 5) >= 0) && ((ival + 5) < 257 + 5)) { |
| 46 | return &small_ints[ival + 5]; |
| 47 | } |
| 48 | return p; |
| 49 | } |
| 50 | |
| 51 | /* tainted sinks |
| 52 | * |
| 53 | * Coverity considers argv, environ, read() data etc as tained. |
| 54 | */ |
| 55 | |
| 56 | PyObject *PyErr_SetFromErrnoWithFilename(PyObject *exc, const char *filename) |
| 57 | { |
| 58 | __coverity_tainted_data_sink__(filename); |
| 59 | return NULL; |
| 60 | } |
| 61 | |
| 62 | /* Python/fileutils.c */ |
| 63 | wchar_t *_Py_char2wchar(const char* arg, size_t *size) |
| 64 | { |
| 65 | wchar_t *w; |
| 66 | __coverity_tainted_data_sink__(arg); |
| 67 | __coverity_tainted_data_sink__(size); |
| 68 | return w; |
| 69 | } |
| 70 | |
| 71 | /* Parser/pgenmain.c */ |
| 72 | grammar *getgrammar(char *filename) |
| 73 | { |
| 74 | grammar *g; |
| 75 | __coverity_tainted_data_sink__(filename); |
| 76 | return g; |
| 77 | } |
| 78 | |
| 79 | /* Python/marshal.c */ |
| 80 | |
| 81 | static Py_ssize_t r_string(char *s, Py_ssize_t n, RFILE *p) |
| 82 | { |
| 83 | __coverity_tainted_string_argument__(s); |
| 84 | return 0; |
| 85 | } |
| 86 | |
| 87 | static long r_long(RFILE *p) |
| 88 | { |
| 89 | long l; |
| 90 | unsigned char buffer[4]; |
| 91 | |
| 92 | r_string((char *)buffer, 4, p); |
| 93 | __coverity_tainted_string_sanitize_content__(buffer); |
| 94 | l = (long)buffer; |
| 95 | return l; |
| 96 | } |
| 97 | |
| 98 | /* Coverity doesn't understand that fdopendir() may take ownership of fd. */ |
| 99 | |
| 100 | DIR *fdopendir(int fd) { |
| 101 | DIR *d; |
| 102 | if (d) { |
| 103 | __coverity_close__(fd); |
| 104 | } |
| 105 | return d; |
| 106 | } |
| 107 | |