From: Andreas Schneider Date: Wed, 19 Jun 2024 09:17:22 +0000 (+0200) Subject: s3:utils: Fix get_window_height() return value X-Git-Tag: tdb-1.4.11~330 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=067a30c5273e866e743815b08bf205e7e48b44c4;p=thirdparty%2Fsamba.git s3:utils: Fix get_window_height() return value Found by Covscan. "Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/utils/regedit_list.c:522: tainted_data_return: Called function ""get_window_height(list)"", and a possible return value may be less than zero. samba-4.20.0rc2/source3/utils/regedit_list.c:522: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow. samba-4.20.0rc2/source3/utils/regedit_list.c:526: overflow: The expression ""list->cursor_row -= page"" is deemed underflowed because at least one of its arguments has underflowed. samba-4.20.0rc2/source3/utils/regedit_list.c:529: overflow_sink: ""list->cursor_row"", which might have underflowed, is passed to ""data_get_row_n(list, list->cursor_row)"". 527| list->start_row -= page; 528| } 529|-> tmp = data_get_row_n(list, list->cursor_row); 530| break; 531| case ML_CURSOR_PGDN:" Signed-off-by: Andreas Schneider Reviewed-by: Signed-off-by: Martin Schwenke --- diff --git a/source3/utils/regedit_list.c b/source3/utils/regedit_list.c index b5405f286da..83eac2ad11f 100644 --- a/source3/utils/regedit_list.c +++ b/source3/utils/regedit_list.c @@ -20,6 +20,9 @@ #include "regedit_list.h" #include "regedit.h" +#define CLAMP(x, low, high) \ + (((x) > (high)) ? (high) : (((x) < (low)) ? (low) : (x))) + struct multilist { WINDOW *window; WINDOW *pad; @@ -405,21 +408,22 @@ WERROR multilist_set_data(struct multilist *list, const void *data) return WERR_OK; } -static int get_window_height(struct multilist *list) +static unsigned get_window_height(struct multilist *list) { - int height; + unsigned height; height = list->window_height; - if (list->cb->get_column_header) { + if (height > 0 && list->cb->get_column_header) { height--; } - return height; + /* Clamp to some sensible values */ + return CLAMP(height, 1, 16384); } static void fix_start_row(struct multilist *list) { - int height; + unsigned height; /* adjust start_row so that the cursor appears on the screen */