7

While reading a value from file for an integer, coverity check is giving following error

Calling function "fread" taints argument "readval"

//coverity note: Calling function "fread" taints argument "readval".
if(fread(&readval, sizeof(int), 1, fp) < 1) {
    return;
} else {
    //coverity note: Passing tainted variable "readval" to a tainted sink.
    f1(&readval);
}

How to handle this error? What sanity checks I need to perform for 'readval' to ensure it is not corrupt.

coder
  • 71
  • 1
  • 1
  • 2

2 Answers2

2

So the problem is that you're using a tainted value ;)

In more detail, readval is set once by outside data and then potentially used as an argument to fseek. This argument could put you past the end of the file and cause your program to crash.

You need to put in some checks to make sure you aren't walking off the end of the file.

Mark Robinson
  • 3,135
  • 1
  • 22
  • 37
  • parameter we pass to fseek can come from any where. – coder Jul 22 '14 at 04:45
  • I will add check on fseek-return-value and run coverity check again to ensure this fix. But offset-parameter we pass to fseek (in this case jump_offset) can come from anywhere. It can be read from file or it can be computed some how. Coverity showed notifications starting from fread. After reading questions about 'tainted' values now I am not sure if I need to put check on return value of fseek or fread itself. – coder Jul 22 '14 at 04:58
  • [other question on tainted value](http://stackoverflow.com/questions/21703826/tainted-string-in-c) – coder Jul 22 '14 at 04:58
  • I don't see it being used as an argument for fseek()?!?!? –  Aug 06 '20 at 19:15
0

Add an assert right after you get the readval from fread. make sure readval is in a reasonable range.

BTW, you "assert" should also be effective in release version

gang2k
  • 26
  • 3