6

我有一个执行归零的专业化模板函数:

template <class T>
void SecureWipeBuffer(T *buf, size_t n)
{
    volatile T *p = buf+n;
    while (n--)
        *((volatile T*)(--p)) = 0;
}
...

template <>
void SecureWipeBuffer(word64* p, size_t n)
{
   asm volatile("rep stosq" : "+c"(n), "+D"(p) : "a"(0) : "memory");
}

Coverity 正在对SecureWipeBuffer:

word64 val;
...
SecureWipeBuffer(&val, 1);

发现是:

>>>     CID 164713:  Incorrect expression  (SIZEOF_MISMATCH)
>>>     Passing argument "&val" of type "word64 *" and argument "1UL" to function "SecureWipeBuffer" is suspicious because "sizeof (word64)" /*8*/ is expected.
275             SecureWipeBuffer(&val, 1);

如何训练SecureWipeBuffer需要元素计数而不是字节计数的 Coverity?

编辑:我们在 Windows 代码中发现了两个类似的发现。此外,Coverity 正在对标准库函数进行调查。好像它没有意识到 C++ 处理的是元素计数,而不是字节计数。

以下是来自 Microsft 标准库代码<xmemory>

 25    if (_Count == 0)
 26        ;
 27    else if (((size_t)(-1) / sizeof (_Ty) < _Count)
    CID 12348 (#1 of 1): Wrong sizeof argument (SIZEOF_MISMATCH)
    suspicious_sizeof: Passing argument _Count * 4U /* sizeof (std::allocator<void *>::value_type) */
    to function operator new which returns a value of type std::allocator<void *>::value_type is suspicious.
 28        || (_Ptr = ::operator new(_Count * sizeof (_Ty))) == 0)
 29            _Xbad_alloc();  // report no memory
4

1 回答 1

2

我发现了这个Github,它试图通过这样做来抑制*

  std::fill_n(out, spec_.width_ - 1, fill);
  out += spec_.width_ - 1;
} else if (spec_.align_ == ALIGN_CENTER) {
  // coverity[suspicious_sizeof]
  out = writer_.fill_padding(out, spec_.width_, 1, fill);
} else {
  std::fill_n(out + 1, spec_.width_ - 1, fill);

这在 Coverity Prevent 中的 Silencing false positives 中也有建议,这里介绍了另一种方法:Coverity SA - exclude boost, stlport errors

*我不确定这是否是你想要的,但这就是我所得到的!

于 2016-07-15T01:38:49.783 回答