| Message ID | 20240805140840.1606239-8-hadess@hadess.net (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Fix a number of static analysis issues #6 | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| tedd_an/CheckPatch | success | CheckPatch PASS |
| tedd_an/GitLint | fail | WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 4: B1 Line exceeds max length (136>80): "bluez-5.77/src/shared/btsnoop.c:556:3: underflow: The decrement operator on the unsigned variable "toread" might result in an underflow." 5: B1 Line exceeds max length (236>80): "bluez-5.77/src/shared/btsnoop.c:572:2: overflow_sink: "toread", which might have underflowed, is passed to "read(btsnoop->fd, data, toread)". [Note: The source code implementation of the function has been overridden by a builtin model.]" 6: B3 Line contains hard tab characters (\t): "570| }" 8: B3 Line contains hard tab characters (\t): "572|-> len = read(btsnoop->fd, data, toread);" 9: B3 Line contains hard tab characters (\t): "573| if (len < 0) {" 10: B3 Line contains hard tab characters (\t): "574| btsnoop->aborted = true;" |
| tedd_an/IncrementalBuild | success | Incremental Build PASS |
diff --git a/src/shared/btsnoop.c b/src/shared/btsnoop.c index bc5f7fcbe84c..bb0bccf0dd01 100644 --- a/src/shared/btsnoop.c +++ b/src/shared/btsnoop.c @@ -530,7 +530,7 @@ bool btsnoop_read_hci(struct btsnoop *btsnoop, struct timeval *tv, } toread = be32toh(pkt.len); - if (toread > BTSNOOP_MAX_PACKET_SIZE) { + if (toread > BTSNOOP_MAX_PACKET_SIZE || toread < 1) { btsnoop->aborted = true; return false; } @@ -569,6 +569,11 @@ bool btsnoop_read_hci(struct btsnoop *btsnoop, struct timeval *tv, return false; } + if (toread == 0) { + btsnoop->aborted = true; + return false; + } + len = read(btsnoop->fd, data, toread); if (len < 0) { btsnoop->aborted = true;
Error: INTEGER_OVERFLOW (CWE-190): [#def8] [important] bluez-5.77/src/shared/btsnoop.c:556:3: underflow: The decrement operator on the unsigned variable "toread" might result in an underflow. bluez-5.77/src/shared/btsnoop.c:572:2: overflow_sink: "toread", which might have underflowed, is passed to "read(btsnoop->fd, data, toread)". [Note: The source code implementation of the function has been overridden by a builtin model.] 570| } 571| 572|-> len = read(btsnoop->fd, data, toread); 573| if (len < 0) { 574| btsnoop->aborted = true; --- src/shared/btsnoop.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)