From a2dcf74fce24aeba2a7e191a4b294b8f9622a3a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Tue, 8 Nov 2022 07:41:00 +0100 Subject: [PATCH 4/4] test/getrandom-fallback.c: Fix 'OVERRUN' found by Covscan. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CWE-119: Out-of-bounds access to a buffer (OVERRUN) overrun-buffer-arg: Calling memset with buf and buflen is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned. Limiting buflen to INT16_MAX is big enough for our purposes. Signed-off-by: Björn Esser --- test/getrandom-fallbacks.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/getrandom-fallbacks.c b/test/getrandom-fallbacks.c index bd97667..b124c18 100644 --- a/test/getrandom-fallbacks.c +++ b/test/getrandom-fallbacks.c @@ -77,7 +77,7 @@ __wrap_getrandom (void *buf, size_t buflen, unsigned int ARG_UNUSED(flags)) } else { - buflen = MIN (buflen, SSIZE_MAX); + buflen = MIN (buflen, INT16_MAX); memset (buf, MOCK_getrandom, buflen); return (ssize_t)buflen; } @@ -130,7 +130,7 @@ __wrap_syscall(long number, ...) va_start (ap, number); void *buf = va_arg (ap, void *); size_t buflen = va_arg (ap, size_t); - buflen = MIN (buflen, SSIZE_MAX); + buflen = MIN (buflen, INT16_MAX); va_end (ap); memset (buf, MOCK_sys_getrandom, buflen); return (ssize_t)buflen; @@ -205,7 +205,7 @@ __wrap_read (int fd, void *buf, size_t count) } else { - count = MIN (count, SSIZE_MAX); + count = MIN (count, INT16_MAX); memset (buf, MOCK_urandom, count); return (ssize_t)count; } -- 2.38.1