sd-event: add assert to help static analysis trace signal bounds

Coverity flags the signal_sources array access as a potential
out-of-bounds read because it cannot trace through the SIGNAL_VALID()
macro to know that ssi_signo < _NSIG. Add an explicit assert after
the runtime check to make the constraint visible to static analyzers.

CID#1548033

Follow-up for 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9

diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index b78cfe86fa40e371dea123ed28d20670319dd5e8..6867385e92a64bbaecab01d9d9f4e48b6441ca5d 100644 (file)
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -3807,6 +3807,9 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i
                 if (_unlikely_(!SIGNAL_VALID(si.ssi_signo)))
                         return -EIO;
 
+                /* Silence static analyzers */
+                assert(si.ssi_signo < _NSIG);
+
                 if (e->signal_sources)
                         s = e->signal_sources[si.ssi_signo];
                 if (!s)