From 5ab2e12f98c369e0692327d58962d8cc394f89eb Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Tue, 5 Apr 2022 14:01:18 +0200 Subject: [PATCH] tcp: False "Out-of-bounds read" positive, CWE-125 Reported by Coverity: it doesn't see that tcp{4,6}_l2_buf_used are set to zero by tcp_l2_data_buf_flush(), repeat that explicitly here. Signed-off-by: Stefano Brivio --- tcp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tcp.c b/tcp.c index 13a108e..ad10688 100644 --- a/tcp.c +++ b/tcp.c @@ -2394,9 +2394,13 @@ static int tcp_data_from_sock(struct ctx *c, struct tcp_conn *conn) iov_sock[0].iov_len = already_sent; if (( v4 && tcp4_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp4_l2_buf)) || - (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) + (!v4 && tcp6_l2_buf_used + fill_bufs > ARRAY_SIZE(tcp6_l2_buf))) { tcp_l2_data_buf_flush(c); + /* Silence Coverity CWE-125 false positive */ + tcp4_l2_buf_used = tcp6_l2_buf_used = 0; + } + for (i = 0, iov = iov_sock + 1; i < fill_bufs; i++, iov++) { if (v4) iov->iov_base = &tcp4_l2_buf[tcp4_l2_buf_used + i].data;