From 5e47cf8751e22ae580356bf10fe37ed903a2724b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Fri, 3 Jan 2025 14:43:45 -0500
Subject: [PATCH] Return value of write() is tainted

Since Coverity treates the return value of write() as tainted
(valid for negative values, not so valid for positive ones), do an
upper bound check on the result as well as lower bound to clear
the tainted flag.
---
 src/syncterm/modem.c  | 3 ++-
 src/syncterm/rlogin.c | 3 ++-
 src/xpdev/sockwrap.c  | 2 +-
 src/xpdev/xpbeep.c    | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/syncterm/modem.c b/src/syncterm/modem.c
index c309211dc4..d4a2a7bb6b 100644
--- a/src/syncterm/modem.c
+++ b/src/syncterm/modem.c
@@ -87,9 +87,10 @@ modem_output_thread(void *args)
 			sent = 0;
 			while (com != COM_HANDLE_INVALID && sent < wr && !conn_api.terminate) {
 				ret = comWriteBuf(com, conn_api.wr_buf + sent, wr - sent);
+				if (ret > 0 && ret <= (wr - sent))
+					sent += ret;
 				if (ret < 0)
 					break;
-				sent += ret;
 			}
 		}
 		else {
diff --git a/src/syncterm/rlogin.c b/src/syncterm/rlogin.c
index fb5a1e6994..ffffd2408f 100644
--- a/src/syncterm/rlogin.c
+++ b/src/syncterm/rlogin.c
@@ -65,9 +65,10 @@ rlogin_output_thread(void *args)
 			while (rlogin_sock != INVALID_SOCKET && sent < wr && !conn_api.terminate) {
 				if (socket_writable(rlogin_sock, 100)) {
 					ret = sendsocket(rlogin_sock, conn_api.wr_buf + sent, wr - sent);
+					if (ret > 0 && ret <= (wr - sent))
+						sent += ret;
 					if (ret < 0)
 						break;
-					sent += ret;
 				}
 			}
 		}
diff --git a/src/xpdev/sockwrap.c b/src/xpdev/sockwrap.c
index bb458a4a91..f013652f78 100644
--- a/src/xpdev/sockwrap.c
+++ b/src/xpdev/sockwrap.c
@@ -188,7 +188,7 @@ off_t sendfilesocket(int sock, int file, off_t *offset, off_t count)
 			break;
 		while (sent < rd) {
 			ssize_t wr = sendsocket(sock, buf + sent, rd - sent);
-			if (wr > 0) {
+			if (wr > 0 && wr <= (rd - sent)) {
 				sent += wr;
 			}
 			else if (wr == SOCKET_ERROR && SOCKET_ERRNO == EWOULDBLOCK) {
diff --git a/src/xpdev/xpbeep.c b/src/xpdev/xpbeep.c
index 27fe510878..eb4c864952 100644
--- a/src/xpdev/xpbeep.c
+++ b/src/xpdev/xpbeep.c
@@ -976,7 +976,7 @@ do_xp_play_sample(unsigned char *sampo, size_t sz, int *freed)
 		size_t wr = 0;
 		while (wr < sz) {
 			ssize_t i = write(dsp, samp + wr, sz - wr);
-			if (i >= 0)
+			if (i >= 0 && i <= (sz - wr))
 				wr += i;
 			else
 				return false;
-- 
GitLab