From: James Jones <jejones3141@gmail.com>
Date: Tue, 23 Jul 2024 19:50:19 +0000 (-0500)
Subject: Add a coverity-only check to pacify Coverity (CID #1604620)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=739aae83c4369d19ea5dc45a60f07849a0233ff0;p=thirdparty%2Ffreeradius-server.git

Add a coverity-only check to pacify Coverity (CID #1604620)
---

diff --git a/src/listen/control/proto_control_unix.c b/src/listen/control/proto_control_unix.c
index 54f7aceaf0e..0c3acde40a4 100644
--- a/src/listen/control/proto_control_unix.c
+++ b/src/listen/control/proto_control_unix.c
@@ -359,6 +359,20 @@ static ssize_t mod_write(fr_listen_t *li, UNUSED void *packet_ctx, UNUSED fr_tim
 	 */
 	if (data_size <= 0) return data_size;
 
+#ifdef __COVERITY__
+	/*
+	 *      data_size and written have type size_t, so
+	 *      their sum can at least in theory exceed SSIZE_MAX.
+	 * 	We add this check to placate Coverity.
+	 *
+	 *      When Coverity examines this function it doesn't have
+	 * 	the caller context to see that it's honoring needed
+	 * 	preconditions (buffer_len <=SSIZE_MAX, and the loop
+	 * 	schema needed to use this function).
+	 */
+	if (data_size + written > SSIZE_MAX) return -1;
+#endif
+
 	return data_size + written;
 }