On Thu, Feb 26, 2026 at 5:59 AM Eelco Chaudron via dev <
[email protected]> wrote:
> Coverity reports a tainted scalar issue (CID 368760) in the
> log_received_backtrace() function. The function reads untrusted data
> from a file descriptor into a backtrace structure but only validates
> the upper bound of n_frames, not the lower bound. Fixes this by
> checking both lower and upper bound.
>
> Fixes: 759a29dc2d97 ("backtrace: Extend the backtrace functionality.")
> Signed-off-by: Eelco Chaudron <[email protected]>
> ---
> lib/backtrace.c | 2 +-
> lib/util.h | 4 ++++
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/lib/backtrace.c b/lib/backtrace.c
> index 65c92fd72..2e68bbb81 100644
> --- a/lib/backtrace.c
> +++ b/lib/backtrace.c
> @@ -149,7 +149,7 @@ log_received_backtrace(int fd)
> if (read_received_backtrace(fd, &bt, sizeof bt)) {
> struct ds ds = DS_EMPTY_INITIALIZER;
>
> - bt.n_frames = MIN(bt.n_frames, BACKTRACE_MAX_FRAMES);
> + bt.n_frames = CLAMP(bt.n_frames, 0, BACKTRACE_MAX_FRAMES);
>
Is the new define needed? The rest of the code base uses MAX(.., MIN(...
Cheers,
M
> ds_put_cstr(&ds, BACKTRACE_DUMP_MSG);
> backtrace_format(&ds, &bt, "\n");
> diff --git a/lib/util.h b/lib/util.h
> index ef993626a..fde8c3313 100644
> --- a/lib/util.h
> +++ b/lib/util.h
> @@ -99,6 +99,10 @@ ovs_prefetch_range(const void *start, size_t size)
> #define MAX(X, Y) ((X) > (Y) ? (X) : (Y))
> #endif
>
> +#ifndef CLAMP
> +#define CLAMP(X, MIN, MAX) ((X) < (MIN) ? (MIN) : (X) > (MAX) ? (MAX) :
> (X))
> +#endif
> +
> /* Comparisons for ints with modular arithmetic */
> #define INT_MOD_LT(a,b) ((int) ((a)-(b)) < 0)
> #define INT_MOD_LEQ(a,b) ((int) ((a)-(b)) <= 0)
> --
> 2.52.0
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
