From: Filipe Brandenburger Date: Thu, 7 Jun 2018 21:11:51 +0000 (-0700) Subject: udev-builtin-usb_id: Check full range of size returned by read() X-Git-Tag: v239~118 X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=commitdiff_plain;h=9d635f50b8873ee62000b22af3763cb1ee89ae19 udev-builtin-usb_id: Check full range of size returned by read() This shouldn't be necessary, since read() should never return a size larger than the size of the buffer passed in, but Coverity doesn't seem to understand that. We could possibly fix this with a model file for Coverity, but given changing the code is not that much of a biggie, let's just do that instead. Fixes CID 996458: Overflowed or truncated value (or a value computed from an overflowed or truncated value) `pos` used as array index. Tested: `ninja -C build/ test`, builds without warnings, test cases pass. --- diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c index 6d22dfe82c5..ed54f664441 100644 --- a/src/udev/udev-builtin-usb_id.c +++ b/src/udev/udev-builtin-usb_id.c @@ -176,7 +176,7 @@ static int dev_if_packed_info(struct udev_device *dev, char *ifs_str, size_t len return log_debug_errno(errno, "Error opening USB device 'descriptors' file: %m"); size = read(fd, buf, sizeof(buf)); - if (size < 18 || size == sizeof(buf)) + if (size < 18 || (size_t) size >= sizeof(buf)) return -EIO; ifs_str[0] = '\0';