From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Tue, 7 Apr 2026 23:11:01 +0000 (+0100)
Subject: sd-bus: assert ALIGN8 result is not SIZE_MAX
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e60937b5853de50bbb0941fef49fe6faef213909;p=thirdparty%2Fsystemd.git

sd-bus: assert ALIGN8 result is not SIZE_MAX

Coverity flags sizeof(BusMessageHeader) + ALIGN8(m->fields_size)
as overflowing because ALIGN_TO can return SIZE_MAX as an overflow
sentinel. Assert that the aligned value is not SIZE_MAX to prove
the addition is safe.

CID#1548023
CID#1548046

Follow-up for 2ac7c17f9d8eeb403b91ee5a389562edaf47fb87
---

diff --git a/src/libsystemd/sd-bus/bus-message.h b/src/libsystemd/sd-bus/bus-message.h
index fe9679393ec..94eff878e56 100644
--- a/src/libsystemd/sd-bus/bus-message.h
+++ b/src/libsystemd/sd-bus/bus-message.h
@@ -153,7 +153,8 @@ static inline uint64_t BUS_MESSAGE_COOKIE(sd_bus_message *m) {
 }
 
 static inline size_t BUS_MESSAGE_SIZE(sd_bus_message *m) {
-        /* Silence static analyzers */
+        /* Silence static analyzers, fields_size is validated at message creation */
+        assert(ALIGN8(m->fields_size) != SIZE_MAX);
         assert(ALIGN8(m->fields_size) <= SIZE_MAX - sizeof(BusMessageHeader));
         assert(m->body_size <= SIZE_MAX - sizeof(BusMessageHeader) - ALIGN8(m->fields_size));
         return
@@ -163,7 +164,8 @@ static inline size_t BUS_MESSAGE_SIZE(sd_bus_message *m) {
 }
 
 static inline size_t BUS_MESSAGE_BODY_BEGIN(sd_bus_message *m) {
-        /* Silence static analyzers */
+        /* Silence static analyzers, fields_size is validated at message creation */
+        assert(ALIGN8(m->fields_size) != SIZE_MAX);
         assert(ALIGN8(m->fields_size) <= SIZE_MAX - sizeof(BusMessageHeader));
         return
                 sizeof(BusMessageHeader) +