How to handle Coverity error TAINTED_SCALAR in fread

fread coverity
coder picture coder · Jul 16, 2014 · Viewed 14.9k times · Source

While reading a value from file for an integer, coverity check is giving following error

Calling function "fread" taints argument "readval"

//coverity note: Calling function "fread" taints argument "readval".
if(fread(&readval, sizeof(int), 1, fp) < 1) {
    return;
} else {
    //coverity note: Passing tainted variable "readval" to a tainted sink.
    f1(&readval);
}

How to handle this error? What sanity checks I need to perform for 'readval' to ensure it is not corrupt.

Answer

Mark Robinson picture Mark Robinson · Jul 21, 2014

So the problem is that you're using a tainted value ;)

In more detail, readval is set once by outside data and then potentially used as an argument to fseek. This argument could put you past the end of the file and cause your program to crash.

You need to put in some checks to make sure you aren't walking off the end of the file.

Related questions

How to use fread and fwrite functions to read and write Binary files?

Hi in my project I've to read a .bin file which has sensor data in the form of short(16 bit values). I'm doing this using fread function into a buffer, but I feel that the reading-in is not happening correctly. …

Read More
How does fread really work?

The declaration of fread is as following: size_t fread(void *ptr, size_t size, size_t nmemb, FILE *stream); The question is: Is there a difference in reading performance of two such calls to fread: char a[1000]; fread(a, 1, 1000, …

Read More
set utf-8 encoding for fread fwrite

hi i use this code read and write text in file . $d = fopen("chat.txt", "r"); $content=fread($d,filesize('chat.txt')); $bn=explode('||',$content); foreach($bn as $bn) echo $bn.'<br>'; and $d = …

Read More