| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 1 | /* Coverity Scan model |
| 2 | * |
| 3 | * This is a modeling file for Coverity Scan. Modeling helps to avoid false |
| 4 | * positives. |
| 5 | * |
| 6 | * - A model file can't import any header files. |
| 7 | * - Therefore only some built-in primitives like int, char and void are |
| 8 | * available but not wchar_t, NULL etc. |
| 9 | * - Modeling doesn't need full structs and typedefs. Rudimentary structs |
| 10 | * and similar types are sufficient. |
| 11 | * - An uninitialized local pointer is not an error. It signifies that the |
| 12 | * variable could be either NULL or have some data. |
| 13 | * |
| 14 | * Coverity Scan doesn't pick up modifications automatically. The model file |
| 15 | * must be uploaded by an admin in the analysis settings of |
| 16 | * http://scan.coverity.com/projects/200 |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 17 | */ |
| 18 | |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 19 | /* dummy definitions, in most cases struct fields aren't required. */ |
| 20 | |
| 21 | #define NULL (void *)0 |
| Christian Heimes | 8cda5e6 | 2013-07-26 18:00:12 +0200 | [diff] [blame] | 22 | #define assert(op) /* empty */ |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 23 | typedef int sdigit; |
| 24 | typedef long Py_ssize_t; |
| Christian Heimes | 8cda5e6 | 2013-07-26 18:00:12 +0200 | [diff] [blame] | 25 | typedef long long PY_LONG_LONG; |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 26 | typedef unsigned short wchar_t; |
| 27 | typedef struct {} PyObject; |
| 28 | typedef struct {} grammar; |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 29 | typedef struct {} DIR; |
| 30 | typedef struct {} RFILE; |
| 31 | |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 32 | /* Python/pythonrun.c |
| Martin Panter | 69332c1 | 2016-08-04 13:07:31 +0000 | [diff] [blame] | 33 | * resource leak false positive */ |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 34 | |
| 35 | void Py_FatalError(const char *msg) { |
| 36 | __coverity_panic__(); |
| 37 | } |
| 38 | |
| 39 | /* Objects/longobject.c |
| 40 | * NEGATIVE_RETURNS false positive */ |
| 41 | |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 42 | static PyObject *get_small_int(sdigit ival) |
| 43 | { |
| Christian Heimes | 8cda5e6 | 2013-07-26 18:00:12 +0200 | [diff] [blame] | 44 | /* Never returns NULL */ |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 45 | PyObject *p; |
| Christian Heimes | 8cda5e6 | 2013-07-26 18:00:12 +0200 | [diff] [blame] | 46 | assert(p != NULL); |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 47 | return p; |
| 48 | } |
| 49 | |
| Christian Heimes | 8cda5e6 | 2013-07-26 18:00:12 +0200 | [diff] [blame] | 50 | PyObject *PyLong_FromLong(long ival) |
| 51 | { |
| 52 | PyObject *p; |
| 53 | int maybe; |
| 54 | |
| 55 | if ((ival >= -5) && (ival < 257 + 5)) { |
| 56 | p = get_small_int(ival); |
| 57 | assert(p != NULL); |
| 58 | return p; |
| 59 | } |
| 60 | if (maybe) |
| 61 | return p; |
| 62 | else |
| 63 | return NULL; |
| 64 | } |
| 65 | |
| 66 | PyObject *PyLong_FromLongLong(PY_LONG_LONG ival) |
| 67 | { |
| 68 | return PyLong_FromLong((long)ival); |
| 69 | } |
| 70 | |
| 71 | PyObject *PyLong_FromSsize_t(Py_ssize_t ival) |
| 72 | { |
| 73 | return PyLong_FromLong((long)ival); |
| 74 | } |
| 75 | |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 76 | /* tainted sinks |
| 77 | * |
| 78 | * Coverity considers argv, environ, read() data etc as tained. |
| 79 | */ |
| 80 | |
| 81 | PyObject *PyErr_SetFromErrnoWithFilename(PyObject *exc, const char *filename) |
| 82 | { |
| 83 | __coverity_tainted_data_sink__(filename); |
| 84 | return NULL; |
| 85 | } |
| 86 | |
| 87 | /* Python/fileutils.c */ |
| Victor Stinner | f6a271a | 2014-08-01 12:28:48 +0200 | [diff] [blame] | 88 | wchar_t *Py_DecodeLocale(const char* arg, size_t *size) |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 89 | { |
| 90 | wchar_t *w; |
| 91 | __coverity_tainted_data_sink__(arg); |
| 92 | __coverity_tainted_data_sink__(size); |
| 93 | return w; |
| 94 | } |
| 95 | |
| 96 | /* Parser/pgenmain.c */ |
| 97 | grammar *getgrammar(char *filename) |
| 98 | { |
| 99 | grammar *g; |
| 100 | __coverity_tainted_data_sink__(filename); |
| 101 | return g; |
| 102 | } |
| 103 | |
| 104 | /* Python/marshal.c */ |
| 105 | |
| 106 | static Py_ssize_t r_string(char *s, Py_ssize_t n, RFILE *p) |
| 107 | { |
| 108 | __coverity_tainted_string_argument__(s); |
| 109 | return 0; |
| 110 | } |
| 111 | |
| 112 | static long r_long(RFILE *p) |
| 113 | { |
| 114 | long l; |
| 115 | unsigned char buffer[4]; |
| 116 | |
| 117 | r_string((char *)buffer, 4, p); |
| 118 | __coverity_tainted_string_sanitize_content__(buffer); |
| 119 | l = (long)buffer; |
| 120 | return l; |
| 121 | } |
| 122 | |
| 123 | /* Coverity doesn't understand that fdopendir() may take ownership of fd. */ |
| 124 | |
| Christian Heimes | a8e3f7a | 2015-04-16 20:25:03 +0200 | [diff] [blame] | 125 | DIR *fdopendir(int fd) |
| 126 | { |
| Christian Heimes | b911cfd | 2013-07-23 01:31:15 +0200 | [diff] [blame] | 127 | DIR *d; |
| 128 | if (d) { |
| 129 | __coverity_close__(fd); |
| 130 | } |
| 131 | return d; |
| 132 | } |
| 133 | |
| Christian Heimes | a8e3f7a | 2015-04-16 20:25:03 +0200 | [diff] [blame] | 134 | /* Modules/_datetime.c |
| 135 | * |
| 136 | * Coverity thinks that the input values for these function come from a |
| 137 | * tainted source PyDateTime_DATE_GET_* macros use bit shifting. |
| 138 | */ |
| 139 | static PyObject * |
| 140 | build_struct_time(int y, int m, int d, int hh, int mm, int ss, int dstflag) |
| 141 | { |
| 142 | PyObject *result; |
| Benjamin Peterson | 918aa89 | 2016-09-19 22:16:36 -0700 | [diff] [blame] | 143 | |
| Christian Heimes | a8e3f7a | 2015-04-16 20:25:03 +0200 | [diff] [blame] | 144 | __coverity_tainted_data_sanitize__(y); |
| 145 | __coverity_tainted_data_sanitize__(m); |
| 146 | __coverity_tainted_data_sanitize__(d); |
| 147 | __coverity_tainted_data_sanitize__(hh); |
| 148 | __coverity_tainted_data_sanitize__(mm); |
| 149 | __coverity_tainted_data_sanitize__(ss); |
| 150 | __coverity_tainted_data_sanitize__(dstflag); |
| 151 | |
| 152 | return result; |
| 153 | } |
| 154 | |
| 155 | static int |
| 156 | ymd_to_ord(int year, int month, int day) |
| 157 | { |
| 158 | int ord = 0; |
| 159 | |
| 160 | __coverity_tainted_data_sanitize__(year); |
| 161 | __coverity_tainted_data_sanitize__(month); |
| 162 | __coverity_tainted_data_sanitize__(day); |
| 163 | |
| 164 | return ord; |
| 165 | } |
| 166 | |
| 167 | static int |
| 168 | normalize_date(int *year, int *month, int *day) |
| 169 | { |
| 170 | __coverity_tainted_data_sanitize__(*year); |
| 171 | __coverity_tainted_data_sanitize__(*month); |
| 172 | __coverity_tainted_data_sanitize__(*day); |
| 173 | |
| 174 | return 0; |
| 175 | } |
| 176 | |
| 177 | static int |
| 178 | weekday(int year, int month, int day) |
| 179 | { |
| 180 | int w = 0; |
| 181 | |
| 182 | __coverity_tainted_data_sanitize__(year); |
| 183 | __coverity_tainted_data_sanitize__(month); |
| 184 | __coverity_tainted_data_sanitize__(day); |
| 185 | |
| 186 | return w; |
| 187 | } |
| 188 | |