sd-bus: use INC_SAFE and assert for message_from_header allocation

Coverity flags ALIGN() as potentially returning SIZE_MAX and the
subsequent a += label_sz + 1 as overflowing. Assert ALIGN result
is not SIZE_MAX and use INC_SAFE for the addition.

CID#1548030

Follow-up for 55354d5930fd0b7952d649d9ad5a850279fc73e1

diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index 507c5d7ff40600b2ee26a8627bae4c78aafb2167..f66b2fa3e22648c7a5a2bd03ed23b8e487e80301 100644 (file)
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -359,12 +359,12 @@ static int message_from_header(
         /* Note that we are happy with unknown flags in the flags header! */
 
         a = ALIGN(sizeof(sd_bus_message));
+        /* Silence static analyzers, ALIGN cannot overflow for sizeof() */
+        assert(a != SIZE_MAX);
 
         if (label) {
                 label_sz = strlen(label);
-                /* Silence static analyzers */
-                assert(label_sz <= SIZE_MAX - ALIGN(sizeof(sd_bus_message)) - 1);
-                a += label_sz + 1;
+                assert_se(INC_SAFE(&a, label_sz + 1));
         }
 
         m = malloc0(a);