report
Possible integer overflow: left operand is tainted.
An integer overflow may occur due to arithmetic operation (addition)
between variable 'readsize' and value '1', when 'readsize'
is tainted { [-2147483648, -2], [0, 2147483647] }
Corrections explained:
- Combined error and overflow checks into a single condition: `if (readsize ==
-1 || readsize >= INT_MAX)`.
- Set `errno` to `ENAMETOOLONG` in case of overflow.
- Improved code readability and safety.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <[email protected]>
---
libbb/xreadlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libbb/xreadlink.c b/libbb/xreadlink.c
index 2682f6975..f504fba31 100644
--- a/libbb/xreadlink.c
+++ b/libbb/xreadlink.c
@@ -28,7 +28,7 @@ char* FAST_FUNC xmalloc_readlink(const char *path)
bufsize += GROWBY;
buf = xrealloc(buf, bufsize);
readsize = readlink(path, buf, bufsize);
- if (readsize == -1) {
+ if (readsize == -1 || readsize >= INT_MAX) {
free(buf);
return NULL;
}
--
2.30.2
_______________________________________________
busybox mailing list
[email protected]
https://lists.busybox.net/mailman/listinfo/busybox
