udev-builtin-usb_id: Check full range of size returned by read()

This shouldn't be necessary, since read() should never return a size
larger than the size of the buffer passed in, but Coverity doesn't seem
to understand that.

We could possibly fix this with a model file for Coverity, but given
changing the code is not that much of a biggie, let's just do that
instead.

Fixes CID 996458: Overflowed or truncated value (or a value computed
from an overflowed or truncated value) `pos` used as array index.

Tested: `ninja -C build/ test`, builds without warnings, test cases pass.

diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c
index 6d22dfe82c5f9ad55b1da8cdbff009a6fa64c206..ed54f66444103489935e6bf5511aa21a0d9e4a5f 100644 (file)
--- a/src/udev/udev-builtin-usb_id.c
+++ b/src/udev/udev-builtin-usb_id.c
@@ -176,7 +176,7 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len
                 return log_debug_errno(errno, "Error opening USB device 'descriptors' file: %m");
 
         size = read(fd, buf, sizeof(buf));
                 return log_debug_errno(errno, "Error opening USB device 'descriptors' file: %m");
 
         size = read(fd, buf, sizeof(buf));

-        if (size < 18 || size == sizeof(buf))
+        if (size < 18 || (size_t) size >= sizeof(buf))

                 return -EIO;
 
         ifs_str[0] = '\0';
                 return -EIO;
 
         ifs_str[0] = '\0';