On Mon, Mar 2, 2026 at 9:56 AM Eelco Chaudron via dev < [email protected]> wrote:
> > > On 27 Feb 2026, at 18:21, Mike Pattrick wrote: > > > On Thu, Feb 26, 2026 at 5:59 AM Eelco Chaudron via dev < > > [email protected]> wrote: > > > >> Coverity reports a tainted scalar issue (CID 368760) in the > >> log_received_backtrace() function. The function reads untrusted data > >> from a file descriptor into a backtrace structure but only validates > >> the upper bound of n_frames, not the lower bound. Fixes this by > >> checking both lower and upper bound. > >> > >> Fixes: 759a29dc2d97 ("backtrace: Extend the backtrace functionality.") > >> Signed-off-by: Eelco Chaudron <[email protected]> > >> --- > >> lib/backtrace.c | 2 +- > >> lib/util.h | 4 ++++ > >> 2 files changed, 5 insertions(+), 1 deletion(-) > >> > >> diff --git a/lib/backtrace.c b/lib/backtrace.c > >> index 65c92fd72..2e68bbb81 100644 > >> --- a/lib/backtrace.c > >> +++ b/lib/backtrace.c > >> @@ -149,7 +149,7 @@ log_received_backtrace(int fd) > >> if (read_received_backtrace(fd, &bt, sizeof bt)) { > >> struct ds ds = DS_EMPTY_INITIALIZER; > >> > >> - bt.n_frames = MIN(bt.n_frames, BACKTRACE_MAX_FRAMES); > >> + bt.n_frames = CLAMP(bt.n_frames, 0, BACKTRACE_MAX_FRAMES); > >> > > > > Is the new define needed? The rest of the code base uses MAX(.., MIN(... > > ACK, will change to: > > bt.n_frames = MIN(MAX(bt.n_frames, 0), BACKTRACE_MAX_FRAMES); > > Thanks for the review! > > //Eelco > Hi Eelco, just one question, I've found only the following that mentions a possibility of being <0: "The return value may be (size_t)(-1) instead of 0 on some platforms: FreeBSD 12.4/i386." https://www.gnu.org/software/gnulib/manual/html_node/backtrace.html For libunwind, it seems the value can never be less than 0. So I guess the check is really only for FreeBSD then right? > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev Regards, Ales _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
