On 27 Feb 2026, at 18:21, Mike Pattrick wrote:
> On Thu, Feb 26, 2026 at 5:59 AM Eelco Chaudron via dev < > [email protected]> wrote: > >> Coverity reports a tainted scalar issue (CID 368760) in the >> log_received_backtrace() function. The function reads untrusted data >> from a file descriptor into a backtrace structure but only validates >> the upper bound of n_frames, not the lower bound. Fixes this by >> checking both lower and upper bound. >> >> Fixes: 759a29dc2d97 ("backtrace: Extend the backtrace functionality.") >> Signed-off-by: Eelco Chaudron <[email protected]> >> --- >> lib/backtrace.c | 2 +- >> lib/util.h | 4 ++++ >> 2 files changed, 5 insertions(+), 1 deletion(-) >> >> diff --git a/lib/backtrace.c b/lib/backtrace.c >> index 65c92fd72..2e68bbb81 100644 >> --- a/lib/backtrace.c >> +++ b/lib/backtrace.c >> @@ -149,7 +149,7 @@ log_received_backtrace(int fd) >> if (read_received_backtrace(fd, &bt, sizeof bt)) { >> struct ds ds = DS_EMPTY_INITIALIZER; >> >> - bt.n_frames = MIN(bt.n_frames, BACKTRACE_MAX_FRAMES); >> + bt.n_frames = CLAMP(bt.n_frames, 0, BACKTRACE_MAX_FRAMES); >> > > Is the new define needed? The rest of the code base uses MAX(.., MIN(... ACK, will change to: bt.n_frames = MIN(MAX(bt.n_frames, 0), BACKTRACE_MAX_FRAMES); Thanks for the review! //Eelco _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
