From: Gary Lockyer <gary@catalyst.net.nz>
Date: Tue, 14 Apr 2026 22:58:15 +0000 (+1200)
Subject: s3:libsmb:clilist fix tautological-compare
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=fae07aecfed5b3b8f53bbad4500a0ba4d8785da1;p=thirdparty%2Fsamba.git

s3:libsmb:clilist fix tautological-compare

The wrapping of pointer arithmetic is undefined behaviour. Clang from version 20
onwards will treat an overflow check of the following form:
   ptr + offset < ptr
as always evaluating to false.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=16092

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index 9ec3e3240f4..f8d23c634cc 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -22,6 +22,7 @@
 #include "source3/libsmb/proto.h"
 #include "source3/libsmb/cli_smb2_fnum.h"
 #include "../lib/util/tevent_ntstatus.h"
+#include "../lib/util/overflow.h"
 #include "async_smb.h"
 #include "trans2.h"
 #include "../libcli/smb/smbXcli_base.h"
@@ -97,8 +98,8 @@ static size_t calc_next_entry_offset(const char *base, const char *pdata_end)
 	size_t next_entry_offset = (size_t)IVAL(base,0);
 
 	if (next_entry_offset == 0 ||
-			base + next_entry_offset < base ||
-			base + next_entry_offset > pdata_end) {
+	    offset_outside_range(base, pdata_end, next_entry_offset))
+	{
 		next_entry_offset = pdata_end - base;
 	}
 	return next_entry_offset;
@@ -283,7 +284,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
 				return pdata_end - base;
 			}
 			p += 24; /* short name? */
-			if (p + namelen < p || p + namelen > pdata_end) {
+			if (offset_outside_range(p, pdata_end, namelen)) {
 				return pdata_end - base;
 			}
 			ret = pull_string_talloc(ctx,