From 2a3b8dad33d4921a210062101f92f5fe9e349ef0 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 5 Apr 2022 12:51:00 +0200
Subject: tcp, tcp_splice: False "Negative array index read" positives, CWE-129

A flag or event bit is always set by callers. Reported by Coverity.

Signed-by-off: Stefano Brivio <sbrivio@redhat.com>
---
 tcp.c        | 12 ++++++++----
 tcp_splice.c | 24 ++++++++++++++++--------
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/tcp.c b/tcp.c
index 1820e19..13a108e 100644
--- a/tcp.c
+++ b/tcp.c
@@ -868,15 +868,19 @@ static void conn_flag_do(const struct ctx *c, struct tcp_conn *conn,
 			return;
 
 		conn->flags &= flag;
-		debug("TCP: index %li: %s dropped", conn - tc,
-		      tcp_flag_str[fls(~flag)]);
+		if (fls(~flag) >= 0) {
+			debug("TCP: index %li: %s dropped", conn - tc,
+			      tcp_flag_str[fls(~flag)]);
+		}
 	} else {
 		if (conn->flags & flag)
 			return;
 
 		conn->flags |= flag;
-		debug("TCP: index %li: %s", conn - tc,
-		      tcp_flag_str[fls(flag)]);
+		if (fls(flag) >= 0) {
+			debug("TCP: index %li: %s", conn - tc,
+			      tcp_flag_str[fls(flag)]);
+		}
 	}
 
 	if (flag == STALLED || flag == ~STALLED)
diff --git a/tcp_splice.c b/tcp_splice.c
index 7c19d99..1e24986 100644
--- a/tcp_splice.c
+++ b/tcp_splice.c
@@ -170,15 +170,19 @@ static void conn_flag_do(const struct ctx *c, struct tcp_splice_conn *conn,
 			return;
 
 		conn->flags &= flag;
-		debug("TCP (spliced): index %li: %s dropped", conn - tc,
-		      tcp_splice_flag_str[fls(~flag)]);
+		if (fls(~flag) >= 0) {
+			debug("TCP (spliced): index %li: %s dropped", conn - tc,
+			      tcp_splice_flag_str[fls(~flag)]);
+		}
 	} else {
 		if (conn->flags & flag)
 			return;
 
 		conn->flags |= flag;
-		debug("TCP (spliced): index %li: %s", conn - tc,
-		      tcp_splice_flag_str[fls(flag)]);
+		if (fls(flag) >= 0) {
+			debug("TCP (spliced): index %li: %s", conn - tc,
+			      tcp_splice_flag_str[fls(flag)]);
+		}
 	}
 
 	if (flag == CLOSING)
@@ -250,15 +254,19 @@ static void conn_event_do(const struct ctx *c, struct tcp_splice_conn *conn,
 			return;
 
 		conn->events &= event;
-		debug("TCP (spliced): index %li, ~%s", conn - tc,
-		      tcp_splice_event_str[fls(~event)]);
+		if (fls(~event) >= 0) {
+			debug("TCP (spliced): index %li, ~%s", conn - tc,
+			      tcp_splice_event_str[fls(~event)]);
+		}
 	} else {
 		if (conn->events & event)
 			return;
 
 		conn->events |= event;
-		debug("TCP (spliced): index %li, %s", conn - tc,
-		      tcp_splice_event_str[fls(event)]);
+		if (fls(event) >= 0) {
+			debug("TCP (spliced): index %li, %s", conn - tc,
+			      tcp_splice_event_str[fls(event)]);
+		}
 	}
 
 	if (tcp_splice_epoll_ctl(c, conn))
-- 
cgit v1.2.3