recurse-dir: add assert_cc for DIRENT_SIZE_MAX allocation

Coverity flags offsetof(DirectoryEntries, buffer) + DIRENT_SIZE_MAX * 8
as a potential overflow. All operands are compile-time constants, so add
an assert_cc() to prove this at build time.

CID#1548020

Follow-up for 6393b847f459dba14d2b615ee93babb143168b57

diff --git a/src/basic/recurse-dir.c b/src/basic/recurse-dir.c
index 0efa731868e6f7b99381daf80b08187f54192ace..bc3c32afe6954f044cfa9b05c20df98304c3b652 100644 (file)
--- a/src/basic/recurse-dir.c
+++ b/src/basic/recurse-dir.c
@@ -41,6 +41,8 @@ int readdir_all(int dir_fd, RecurseDirFlags flags, DirectoryEntries **ret) {
          * Start with space for up to 8 directory entries. We expect at least 2 ("." + ".."), hence hopefully
          * 8 will cover most cases comprehensively. (Note that most likely a lot more entries will actually
          * fit in the buffer, given we calculate maximum file name length here.) */
+        /* Silence static analyzers */
+        assert_cc(offsetof(DirectoryEntries, buffer) <= SIZE_MAX - DIRENT_SIZE_MAX * 8);
         de = malloc(offsetof(DirectoryEntries, buffer) + DIRENT_SIZE_MAX * 8);
         if (!de)
                 return -ENOMEM;