compress: add assert for space doubling overflow safety

Coverity flags 2 * space as a potential overflow. The space value
is bounded by prior allocation success, but add an explicit assert
to document this for static analyzers.

CID#1548056

Follow-up for 5e592c66bdf76dfc8445b332f7a5088ca504ee90

diff --git a/src/basic/compress.c b/src/basic/compress.c
index 5c9ca829dfef369d94d9634d5a9ef8fae9bc78fd..d9759ad417fba868421c45a9e09ea7dbc2547455 100644 (file)
--- a/src/basic/compress.c
+++ b/src/basic/compress.c
@@ -398,6 +398,8 @@ int decompress_blob_xz(
                         return -ENOBUFS;
 
                 used = space - s.avail_out;
+                /* Silence static analyzers, space is bounded by allocation size */
+                assert(space <= SIZE_MAX / 2);
                 space = MIN(2 * space, dst_max ?: SIZE_MAX);
                 if (!greedy_realloc(dst, space, 1))
                         return -ENOMEM;