From: James Jones <jejones3141@gmail.com>
Date: Tue, 30 Jul 2024 19:32:45 +0000 (-0500)
Subject: Add coverity-only check to _fr_dbuff_in_uint64v() (CID #1604617)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eccf1d3b920d5ca25968dc0b3b5eb4d2ade90b30;p=thirdparty%2Ffreeradius-server.git

Add coverity-only check to _fr_dbuff_in_uint64v() (CID #1604617)

Coverity doesn't realize that the value fr_high_bit_pos() returns
is necessarily between 4 and 64, so that ret is between 1 and 8
so that sizeof(uint64_t) - ret will never underflow. We add the
test for Coverity only to pacify it.
---

diff --git a/src/lib/util/dbuff.h b/src/lib/util/dbuff.h
index eaacc6d06b3..37b0db35900 100644
--- a/src/lib/util/dbuff.h
+++ b/src/lib/util/dbuff.h
@@ -1593,6 +1593,9 @@ static inline ssize_t _fr_dbuff_in_uint64v(uint8_t **pos_p, fr_dbuff_t *dbuff, u
 	uint8_t swapped[sizeof(uint64_t)];
 
 	ret = ROUND_UP_DIV((size_t)fr_high_bit_pos(num | 0x08), 8);
+#ifdef __COVERITY__
+	if (ret > sizeof(uint64_t)) return -1;
+#endif
 	fr_nbo_from_uint64(swapped, num);
 
 	return _fr_dbuff_in_memcpy(pos_p, dbuff, (swapped + (sizeof(uint64_t) - ret)), ret);