diff options
| author | Filipe Brandenburger <filbranden@google.com> | 2018-06-07 23:11:51 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-06-08 00:46:44 +0200 |
| commit | 9d635f50b8873ee62000b22af3763cb1ee89ae19 (patch) | |
| tree | 195fe0f045553ae762afd19d2bc3a725ca558687 /src/udev/udev-builtin-usb_id.c | |
| parent | udev: fix usage of udev_device_new_from_stat_rdev() in journalctl (diff) | |
| download | systemd-9d635f50b8873ee62000b22af3763cb1ee89ae19.tar.xz systemd-9d635f50b8873ee62000b22af3763cb1ee89ae19.zip | |
udev-builtin-usb_id: Check full range of size returned by read()
This shouldn't be necessary, since read() should never return a size
larger than the size of the buffer passed in, but Coverity doesn't seem
to understand that.
We could possibly fix this with a model file for Coverity, but given
changing the code is not that much of a biggie, let's just do that
instead.
Fixes CID 996458: Overflowed or truncated value (or a value computed
from an overflowed or truncated value) `pos` used as array index.
Tested: `ninja -C build/ test`, builds without warnings, test cases pass.
Diffstat (limited to '')
| -rw-r--r-- | src/udev/udev-builtin-usb_id.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c index 6d22dfe82c..ed54f66444 100644 --- a/src/udev/udev-builtin-usb_id.c +++ b/src/udev/udev-builtin-usb_id.c @@ -176,7 +176,7 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len return log_debug_errno(errno, "Error opening USB device 'descriptors' file: %m"); size = read(fd, buf, sizeof(buf)); - if (size < 18 || size == sizeof(buf)) + if (size < 18 || (size_t) size >= sizeof(buf)) return -EIO; ifs_str[0] = '\0'; |