From 067a30c5273e866e743815b08bf205e7e48b44c4 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 19 Jun 2024 11:17:22 +0200 Subject: [PATCH] s3:utils: Fix get_window_height() return value Found by Covscan. "Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/utils/regedit_list.c:522: tainted_data_return: Called function ""get_window_height(list)"", and a possible return value may be less than zero. samba-4.20.0rc2/source3/utils/regedit_list.c:522: cast_underflow: An assign of a possibly negative number to an unsigned type, which might trigger an underflow. samba-4.20.0rc2/source3/utils/regedit_list.c:526: overflow: The expression ""list->cursor_row -= page"" is deemed underflowed because at least one of its arguments has underflowed. samba-4.20.0rc2/source3/utils/regedit_list.c:529: overflow_sink: ""list->cursor_row"", which might have underflowed, is passed to ""data_get_row_n(list, list->cursor_row)"". 527| list->start_row -= page; 528| } 529|-> tmp = data_get_row_n(list, list->cursor_row); 530| break; 531| case ML_CURSOR_PGDN:" Signed-off-by: Andreas Schneider Reviewed-by: Signed-off-by: Martin Schwenke --- source3/utils/regedit_list.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/source3/utils/regedit_list.c b/source3/utils/regedit_list.c index b5405f286da..83eac2ad11f 100644 --- a/source3/utils/regedit_list.c +++ b/source3/utils/regedit_list.c @@ -20,6 +20,9 @@ #include "regedit_list.h" #include "regedit.h" +#define CLAMP(x, low, high) \ + (((x) > (high)) ? (high) : (((x) < (low)) ? (low) : (x))) + struct multilist { WINDOW *window; WINDOW *pad; @@ -405,21 +408,22 @@ WERROR multilist_set_data(struct multilist *list, const void *data) return WERR_OK; } -static int get_window_height(struct multilist *list) +static unsigned get_window_height(struct multilist *list) { - int height; + unsigned height; height = list->window_height; - if (list->cb->get_column_header) { + if (height > 0 && list->cb->get_column_header) { height--; } - return height; + /* Clamp to some sensible values */ + return CLAMP(height, 1, 16384); } static void fix_start_row(struct multilist *list) { - int height; + unsigned height; /* adjust start_row so that the cursor appears on the screen */ -- 2.47.3