1. Patchew
  2. Libvirt
  3. [libvirt PATCH v2 0/2] Fail tests on UBSAN findings
  4. View patch

[libvirt PATCH v2 1/2] virFileReadLimFD: Cast maxlen to size_t before adding

Tim Wiederhake posted 2 patches 4 years, 6 months ago
[libvirt PATCH v2 1/2] virFileReadLimFD: Cast maxlen to size_t before adding
Posted by Tim Wiederhake 4 years, 6 months ago 
If the function is called with maxlen equal to `INT_MAX`, adding
one will trigger a signed integer overflow.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
---
 src/util/virfile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/virfile.c b/src/util/virfile.c
index 723e1ca6e5..ad491251a2 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -1422,7 +1422,7 @@ virFileReadLimFD(int fd, int maxlen, char **buf)
         errno = EINVAL;
         return -1;
     }
-    s = saferead_lim(fd, maxlen+1, &len);
+    s = saferead_lim(fd, (size_t) maxlen + 1, &len);
     if (s == NULL)
         return -1;
     if (len > maxlen || (int)len != len) {
-- 
2.31.1
Re: [libvirt PATCH v2 1/2] virFileReadLimFD: Cast maxlen to size_t before adding
Posted by Daniel P. Berrangé 4 years, 6 months ago 
On Thu, Jul 22, 2021 at 11:00:17AM +0200, Tim Wiederhake wrote:
> If the function is called with maxlen equal to `INT_MAX`, adding
> one will trigger a signed integer overflow.
> 
> Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
> ---
>  src/util/virfile.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.