| Message ID | 20240805140840.1606239-4-hadess@hadess.net |
|---|---|
| State | New |
| Headers | show |
| Series | None | expand |
diff --git a/profiles/health/mcap.c b/profiles/health/mcap.c index 2e4214a6984f..b3bf403e74d2 100644 --- a/profiles/health/mcap.c +++ b/profiles/health/mcap.c @@ -389,7 +389,7 @@ int mcap_send_data(int sock, const void *buf, uint32_t size) while (sent < size) { int n = write(sock, buf_b + sent, size - sent); - if (n < 0) + if (n < 0 || n > SSIZE_MAX - sent) return -1; sent += n; }
Error: INTEGER_OVERFLOW (CWE-190): [#def13] [important] bluez-5.77/profiles/health/mcap.c:390:2: tainted_data_argument: The check "sent < size" contains the tainted expression "sent" which causes "size" to be considered tainted. bluez-5.77/profiles/health/mcap.c:391:3: overflow: The expression "size - sent" is deemed overflowed because at least one of its arguments has overflowed. bluez-5.77/profiles/health/mcap.c:391:3: overflow_sink: "size - sent", which might have underflowed, is passed to "write(sock, buf_b + sent, size - sent)". 389| 390| while (sent < size) { 391|-> int n = write(sock, buf_b + sent, size - sent); 392| if (n < 0) 393| return -1; --- profiles/health/mcap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)