From 5ab2e12f98c369e0692327d58962d8cc394f89eb Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 5 Apr 2022 14:01:18 +0200
Subject: tcp: False "Out-of-bounds read" positive, CWE-125

Reported by Coverity: it doesn't see that tcp{4,6}_l2_buf_used are
set to zero by tcp_l2_data_buf_flush(), repeat that explicitly here.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 tcp.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'tcp.c')

diff --git a/tcp.c b/tcp.c
index 13a108e..ad10688 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2394,9 +2394,13 @@ static int tcp_data_from_sock(struct ctx *c, struct tcp_conn *conn)
 	iov_sock[0].iov_len = already_sent;
 
 	if (( v4 && tcp4_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp4_l2_buf)) ||
-	    (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf)))
+	    (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) {
 		tcp_l2_data_buf_flush(c);
 
+		/* Silence Coverity CWE-125 false positive */
+		tcp4_l2_buf_used = tcp6_l2_buf_used = 0;
+	}
+
 	for (i = 0, iov = iov_sock + 1; i < fill_bufs; i++, iov++) {
 		if (v4)
 			iov->iov_base = &tcp4_l2_buf[tcp4_l2_buf_used + i].data;
-- 
cgit v1.2.3