creds-util: add assert for output buffer size overflow safety

Coverity flags the multi-term output.iov_len accumulation as a
potential overflow. Add an assert after the calculation to verify
the result is at least as large as the input, catching wraparound.

CID#1548068

Follow-up for 21bc0b6fa1de44b520353b935bf14160f9f70591

diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index e7db1ff7eff33af42779e8168c182181160ac288..6fedc500dc3efa20c11f4453a669b1883ad75215 100644 (file)
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -1068,6 +1068,8 @@ int encrypt_credential_and_warn(
                 ALIGN8(offsetof(struct metadata_credential_header, name) + strlen_ptr(name)) +
                 input->iov_len + 2U * (size_t) bsz +
                 tsz;
+        /* Silence static analyzers */
+        assert(output.iov_len >= input->iov_len);
 
         output.iov_base = malloc0(output.iov_len);
         if (!output.iov_base)