From 6c711b23bd5bc6eb6b91f6c425080f2d6966f164 Mon Sep 17 00:00:00 2001 From: Mathieu Desnoyers Date: Tue, 15 Aug 2017 17:30:03 -0400 Subject: [PATCH] Fix: add missing overflow check in bt_ctf_stream_pos_access_ok MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Found by Coverity: 2. overflow: Subtract operation overflows on operands bit_offset and 1UL. CID 1377278 (#1 of 1): Overflowed return value (INTEGER_OVERFLOW). overflow_sink: Overflowed or truncated value (or a value computed from an overflowed or truncated value) bt_ctf_stream_pos_move(pos, ({...})) used as return value. Signed-off-by: Mathieu Desnoyers Signed-off-by: Jérémie Galarneau --- include/babeltrace/ctf-writer/serialize-internal.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/babeltrace/ctf-writer/serialize-internal.h b/include/babeltrace/ctf-writer/serialize-internal.h index b0ef6cb9..781a3dd7 100644 --- a/include/babeltrace/ctf-writer/serialize-internal.h +++ b/include/babeltrace/ctf-writer/serialize-internal.h @@ -84,6 +84,9 @@ int bt_ctf_stream_pos_access_ok(struct bt_ctf_stream_pos *pos, uint64_t bit_len) /* Writes may take place up to the end of the packet. */ max_len = pos->packet_size; } + if (unlikely(pos->offset < 0 || bit_len > INT64_MAX - pos->offset)) { + return 0; + } if (unlikely(pos->offset + bit_len > max_len)) return 0; return 1; -- 2.34.1