From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Sat, 28 Mar 2026 22:15:56 +0000 (+0000)
Subject: nspawn-oci: add asserts for UID/GID validity after dispatch
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=569c849be4ea60d9a83ea346bbb3af4634d7cf25;p=thirdparty%2Fsystemd.git

nspawn-oci: add asserts for UID/GID validity after dispatch

Coverity flags UINT32_MAX - data.container_id as an underflow
when container_id could be UID_INVALID (UINT32_MAX). After
successful sd_json_dispatch_uid_gid(), the values are guaranteed
valid, but Coverity cannot trace through the callback. Add
asserts to document this invariant.

CID#1548072

Follow-up for 91c4d1affdba02a323dc2c7caccabe240ccb8302
---

diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c
index 29091bd82c8..1fde98a9d9e 100644
--- a/src/nspawn/nspawn-oci.c
+++ b/src/nspawn/nspawn-oci.c
@@ -22,6 +22,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "time-util.h"
+#include "user-util.h"
 
 /* TODO:
  * OCI runtime tool implementation
@@ -685,6 +686,10 @@ static int oci_uid_gid_mappings(const char *name, sd_json_variant *v, sd_json_di
         if (r < 0)
                 return r;
 
+        /* Silence static analyzers, sd_json_dispatch_uid_gid() already validates */
+        assert(uid_is_valid(data.host_id));
+        assert(uid_is_valid(data.container_id));
+
         if (data.range > UINT32_MAX - data.host_id ||
             data.range > UINT32_MAX - data.container_id)
                 return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),