From 5474bc5485d814acae19961f9a9cd4b541722a5e Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Mon, 27 Feb 2023 02:45:42 +0100 Subject: tcp, tcp_splice: Get rid of false positive CWE-394 Coverity warning from fls() We use the return value of fls() as array index for debug strings. While fls() can return -1 (if no bit is set), Coverity Scan doesn't see that we're first checking the return value of another fls() call with the same bitmask, before using it. Call fls() once, store its return value, check it, and use the stored value as array index. Signed-off-by: Stefano Brivio Reviewed-by: David Gibson --- tcp.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'tcp.c') diff --git a/tcp.c b/tcp.c index cbd537e..41210a3 100644 --- a/tcp.c +++ b/tcp.c @@ -743,15 +743,19 @@ static void conn_flag_do(const struct ctx *c, struct tcp_tap_conn *conn, unsigned long flag) { if (flag & (flag - 1)) { + int flag_index = fls(~flag); + if (!(conn->flags & ~flag)) return; conn->flags &= flag; - if (fls(~flag) >= 0) { + if (flag_index >= 0) { debug("TCP: index %li: %s dropped", CONN_IDX(conn), - tcp_flag_str[fls(~flag)]); + tcp_flag_str[flag_index]); } } else { + int flag_index = fls(~flag); + if (conn->flags & flag) { /* Special case: setting ACK_FROM_TAP_DUE on a * connection where it's already set is used to @@ -766,9 +770,9 @@ static void conn_flag_do(const struct ctx *c, struct tcp_tap_conn *conn, } conn->flags |= flag; - if (fls(flag) >= 0) { + if (flag_index >= 0) { debug("TCP: index %li: %s", CONN_IDX(conn), - tcp_flag_str[fls(flag)]); + tcp_flag_str[flag_index]); } } -- cgit v1.2.3