From e371d347ebb764665f3acd10c804ded44d04bb60 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Sun, 3 May 2026 23:56:01 +0200
Subject: fwd_rule: Fix static checkers warnings in fwd_rule_add()

The new checks are actually sufficient but not enough for Coverity
Scan. Now that fwd->sock_count and new->last are affected or supplied
by clients, we need explicit (albeit redundant) checks on them.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
---
 fwd_rule.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fwd_rule.c b/fwd_rule.c
index b55e4df..200f4b5 100644
--- a/fwd_rule.c
+++ b/fwd_rule.c
@@ -271,13 +271,24 @@ int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new)
 		warn("Too many rules (maximum %d)", ARRAY_SIZE(fwd->rules));
 		return -ENOSPC;
 	}
+
 	if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) {
 		warn("Rules require too many listening sockets (maximum %d)",
 		     ARRAY_SIZE(fwd->socks));
 		return -ENOSPC;
 	}
+	/* Redundant (see check just above), to make static checkers happy */
+	if (fwd->sock_count > ARRAY_SIZE(fwd->socks))
+		return -ENOSPC;
 
 	fwd->rulesocks[fwd->count] = &fwd->socks[fwd->sock_count];
+
+	/* Redundant, but not for static checkers, that might be missing that
+	 * due to the check on 'num' above against ARRAY_SIZE(fwd->socks), we
+	 * have a proper upper bound for new->last in the loop below.
+	 */
+	if (new->last > ARRAY_SIZE(fwd->socks) + new->first)
+		return -ENOSPC;
 	for (port = new->first; port <= new->last; port++)
 		fwd->rulesocks[fwd->count][port - new->first] = -1;
 
-- 
cgit v1.2.3