X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fmalware.c;h=e1eff16cf9df4c0ae1a0c60048e5d8f6bf10f821;hb=560e71cc545182bb51a7d038ac40eebac8e045aa;hp=b4a7f70948758687f35f4c2cd7adf35a50a9d0aa;hpb=40c90bca9f7e2952bd64faebceb53538f80805a7;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/malware.c b/src/src/malware.c
index b4a7f7094..e1eff16cf 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -966,7 +966,7 @@ if (!malware_ok)
 		US"reported 'kavdaemon damaged' (code 7).", sock);
       }
 
-      /* code 8 is not handled, since it is ambigous. It appears mostly on
+      /* code 8 is not handled, since it is ambiguous. It appears mostly on
       bounces where part of a file has been cut off */
 
       /* "virus found" return codes (2-4) */
@@ -1003,7 +1003,9 @@ if (!malware_ok)
 	      kav_re = kav_re_inf;
 	      }
 
-	    /* read report, linewise */
+	    /* read report, linewise.  Using size from stream to read amount of data
+	    from same stream is safe enough. */
+	    /* coverity[tainted_data] */
 	    while (kav_reportlen > 0)
 	      {
 	      if ((bread = recv_line(sock, tmpbuf, sizeof(tmpbuf), tmo)) < 0)