diff mbox series

[BlueZ,2/8] tools/isotest: Ensure ret doesn't overflow

Message ID 20240805140840.1606239-3-hadess@hadess.net
State New
Headers show
Series None | expand

Commit Message

Bastien Nocera Aug. 5, 2024, 2:06 p.m. UTC
Error: INTEGER_OVERFLOW (CWE-190): [#def20] [important]
bluez-5.77/tools/isotest.c:778:2: tainted_data_argument: The check "ret < count" contains the tainted expression "ret" which causes "count" to be considered tainted.
bluez-5.77/tools/isotest.c:779:3: overflow: The expression "count - ret" is deemed overflowed because at least one of its arguments has overflowed.
bluez-5.77/tools/isotest.c:779:3: overflow_sink: "count - ret", which might have underflowed, is passed to "read(fd, buf + ret, count - ret)". [Note: The source code implementation of the function has been overridden by a builtin model.]
777|
778|	while (ret < count) {
779|->		len = read(fd, buf + ret, count - ret);
780|		if (len < 0)
781|			return -errno;
---
 tools/isotest.c | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/tools/isotest.c b/tools/isotest.c
index 2cac0e49cc39..0805faa66e47 100644
--- a/tools/isotest.c
+++ b/tools/isotest.c
@@ -779,6 +779,8 @@  static int read_stream(int fd, ssize_t count)
 		len = read(fd, buf + ret, count - ret);
 		if (len < 0)
 			return -errno;
+		if (len > SSIZE_MAX - ret)
+			return -EOVERFLOW;
 
 		ret += len;
 		usleep(1000);