tcp: False "Out-of-bounds read" positive, CWE-125
Reported by Coverity: it doesn't see that tcp{4,6}_l2_buf_used are set to zero by tcp_l2_data_buf_flush(), repeat that explicitly here. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
2a3b8dad33
commit
5ab2e12f98
1 changed files with 5 additions and 1 deletions
6
tcp.c
6
tcp.c
|
@ -2394,9 +2394,13 @@ static int tcp_data_from_sock(struct ctx *c, struct tcp_conn *conn)
|
|||
iov_sock[0].iov_len = already_sent;
|
||||
|
||||
if (( v4 && tcp4_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp4_l2_buf)) ||
|
||||
(!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf)))
|
||||
(!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) {
|
||||
tcp_l2_data_buf_flush(c);
|
||||
|
||||
/* Silence Coverity CWE-125 false positive */
|
||||
tcp4_l2_buf_used = tcp6_l2_buf_used = 0;
|
||||
}
|
||||
|
||||
for (i = 0, iov = iov_sock + 1; i < fill_bufs; i++, iov++) {
|
||||
if (v4)
|
||||
iov->iov_base = &tcp4_l2_buf[tcp4_l2_buf_used + i].data;
|
||||
|
|
Loading…
Reference in a new issue