Fix: add missing overflow check in bt_ctf_stream_pos_access_ok

Found by Coverity:

2. overflow: Subtract operation overflows on operands bit_offset and 1UL.

CID 1377278 (#1 of 1): Overflowed return value (INTEGER_OVERFLOW).
overflow_sink: Overflowed or truncated value (or a value computed from
an overflowed or truncated value) bt_ctf_stream_pos_move(pos, ({...}))
used as return value.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/include/babeltrace/ctf-writer/serialize-internal.h b/include/babeltrace/ctf-writer/serialize-internal.h
index b0ef6cb9ffa13689aded75c679ac651840b801cf..781a3dd7f1938425892cf2fb7325170b165e9f9b 100644 (file)
--- a/include/babeltrace/ctf-writer/serialize-internal.h
+++ b/include/babeltrace/ctf-writer/serialize-internal.h
@@ -84,6 +84,9 @@ int bt_ctf_stream_pos_access_ok(struct bt_ctf_stream_pos *pos, uint64_t bit_len)
                /* Writes may take place up to the end of the packet. */
                max_len = pos->packet_size;
        }
+       if (unlikely(pos->offset < 0 || bit_len > INT64_MAX - pos->offset)) {
+               return 0;
+       }
        if (unlikely(pos->offset + bit_len > max_len))
                return 0;
        return 1;