Re: Coverity false positives triggered by gnulib's implementation of base64

[Paul Eggert]

On 5/9/19 1:35 PM, Bruno Haible wrote:
>> https://www.synopsys.com/blogs/software-security/detecting-heartbleed-with-static-analysis/
>>
> base64_encode produces the
> warning because of the (x << n) | (y >> m) expression patterns that
> resemble a byte swap. It would do so also for any other program that
> contains a base64_encode invocation with untrusted input as argument.
>
Sorry, I'm still not following. Unless the tainted data is used to
calculate an array index, there's no problem with Heartbleed and the
Coverity heuristic should not diagnose a problem. Within base64_encode
itself, there's no problem with the calculated array indices because
they're obviously in range. Conversely, if the caller is using the
output of base64_encode to compute an array index, that is indeed a
potential problem that may indicate a Heartbleed-related bug. But in
that case, the proposed comment would be wrong as it would pacify
Coverity without fixing the real bug elsewhere.