Bug 1398781 - Add sanitisation for taint data in the modelling file. r?sylvestre
MozReview-Commit-ID: 9Ssqi3JNXCw
--- a/tools/coverity/model.cpp
+++ b/tools/coverity/model.cpp
@@ -52,53 +52,44 @@ MOZ_ReportCrash(const char* aStr, const
#define NS_PRECONDITION(expr, msg) assert(!!(expr))
#define NS_RUNTIMEABORT(msg) __coverity_panic__()
int
GET_JUMP_OFFSET(jsbytecode* pc)
{
- __coverity_tainted_data_sanitize__(&pc[1]);
- __coverity_tainted_data_sanitize__(&pc[2]);
- __coverity_tainted_data_sanitize__(&pc[3]);
- __coverity_tainted_data_sanitize__(&pc[4]);
-
+ __coverity_tainted_data_sink__(static_cast<void*>(pc));
return 0;
}
// Data sanity checkers
#define XPT_SWAB16(data) __coverity_tainted_data_sanitize__(&data)
#define XPT_SWAB32(data) __coverity_tainted_data_sanitize__(&data)
static unsigned
GET_UINT24(const jsbytecode* pc)
{
- __coverity_tainted_data_sanitize__(static_cast<void*>(pc));
- // return unsigned((pc[1] << 16) | (pc[2] << 8) | pc[3]);
+ __coverity_tainted_data_sink__(static_cast<void*>(pc));
return 0;
}
class HeaderParser
{
private:
class ChunkHeader
{
uint8_t mRaw[CHUNK_HEAD_SIZE];
HeaderParser::ChunkHeader::ChunkSize() const
{
- __coverity_tainted_data_sanitize__(static_cast<void*>(&mRaw[4]));
- __coverity_tainted_data_sanitize__(static_cast<void*>(&mRaw[5]));
- __coverity_tainted_data_sanitize__(static_cast<void*>(&mRaw[6]));
- __coverity_tainted_data_sanitize__(static_cast<void*>(&mRaw[7]));
-
+ __coverity_tainted_data_sink__(static_cast<void*>(mRaw));
return ((mRaw[7] << 24) | (mRaw[6] << 16) | (mRaw[5] << 8) | (mRaw[4]));
}
};
};
void
NS_DebugBreak(uint32_t aSeverity,
const char* aStr,
@@ -107,31 +98,27 @@ NS_DebugBreak(uint32_t aSeverity,
int32_t aLine)
{
__coverity_panic__();
}
static inline void
Swap(uint32_t* value)
{
- __coverity_tainted_data_sanitize__(static_cast<void*>(&value));
+ __coverity_tainted_data_sink__(value);
*value = (*value >> 24) | ((*value >> 8) & 0x0000ff00) |
((*value << 8) & 0x00ff0000) | (*value << 24);
}
static uint32_t
xtolong(const uint8_t* ll)
{
- __coverity_tainted_data_sanitize__(static_cast<void*>(&ll[0]));
- __coverity_tainted_data_sanitize__(static_cast<void*>(&ll[1]));
- __coverity_tainted_data_sanitize__(static_cast<void*>(&ll[2]));
- __coverity_tainted_data_sanitize__(static_cast<void*>(&ll[3]));
-
- return (uint32_t)((ll[0] << 0) | (ll[1] << 8) | (ll[2] << 16) |
- (ll[3] << 24));
+ uint32_t value = 0;
+ __coverity_tainted_data_sink__(static_cast<void*>(ll));
+ return value;
}
class ByteReader
{
public:
const uint8_t* Read(size_t aCount);
uint32_t ReadU24()
{