aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2022-04-05 14:01:18 +0200
committerStefano Brivio <sbrivio@redhat.com>2022-04-07 11:44:35 +0200
commit5ab2e12f98c369e0692327d58962d8cc394f89eb (patch)
tree23fa9946909d77083eae339b419791124737bfa5
parent2a3b8dad33d4921a210062101f92f5fe9e349ef0 (diff)
downloadpasst-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar
passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.gz
passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.bz2
passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.lz
passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.xz
passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.tar.zst
passt-5ab2e12f98c369e0692327d58962d8cc394f89eb.zip
tcp: False "Out-of-bounds read" positive, CWE-125
Reported by Coverity: it doesn't see that tcp{4,6}_l2_buf_used are set to zero by tcp_l2_data_buf_flush(), repeat that explicitly here. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--tcp.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/tcp.c b/tcp.c
index 13a108e..ad10688 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2394,9 +2394,13 @@ static int tcp_data_from_sock(struct ctx *c, struct tcp_conn *conn)
iov_sock[0].iov_len = already_sent;
if (( v4 && tcp4_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp4_l2_buf)) ||
- (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf)))
+ (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) {
tcp_l2_data_buf_flush(c);
+ /* Silence Coverity CWE-125 false positive */
+ tcp4_l2_buf_used = tcp6_l2_buf_used = 0;
+ }
+
for (i = 0, iov = iov_sock + 1; i < fill_bufs; i++, iov++) {
if (v4)
iov->iov_base = &tcp4_l2_buf[tcp4_l2_buf_used + i].data;