diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2022-04-05 14:01:18 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-04-07 11:44:35 +0200 |
commit | 5ab2e12f98c369e0692327d58962d8cc394f89eb (patch) | |
tree | 23fa9946909d77083eae339b419791124737bfa5 | |
parent | 2a3b8dad33d4921a210062101f92f5fe9e349ef0 (diff) | |
download | passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.gz passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.bz2 passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.lz passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.xz passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.zst passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.zip |
tcp: False "Out-of-bounds read" positive, CWE-125
Reported by Coverity: it doesn't see that tcp{4,6}_l2_buf_used are
set to zero by tcp_l2_data_buf_flush(), repeat that explicitly here.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | tcp.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -2394,9 +2394,13 @@ static int tcp_data_from_sock(struct ctx *c, struct tcp_conn *conn) iov_sock[0].iov_len = already_sent; if (( v4 && tcp4_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp4_l2_buf)) || - (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) + (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) { tcp_l2_data_buf_flush(c); + /* Silence Coverity CWE-125 false positive */ + tcp4_l2_buf_used = tcp6_l2_buf_used = 0; + } + for (i = 0, iov = iov_sock + 1; i < fill_bufs; i++, iov++) { if (v4) iov->iov_base = &tcp4_l2_buf[tcp4_l2_buf_used + i].data; |