Skip to content
Snippets Groups Projects
Commit 5e47cf87 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Return value of write() is tainted 

Since Coverity treates the return value of write() as tainted
(valid for negative values, not so valid for positive ones), do an
upper bound check on the result as well as lower bound to clear
the tainted flag.
parent adc78d16
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/syncterm/modem.c
+ 2
1
View file @ 5e47cf87
...@@ -87,9 +87,10 @@ modem_output_thread(void *args) ...@@ -87,9 +87,10 @@ modem_output_thread(void *args)
sent = 0; sent = 0;
while (com != COM_HANDLE_INVALID && sent < wr && !conn_api.terminate) { while (com != COM_HANDLE_INVALID && sent < wr && !conn_api.terminate) {
ret = comWriteBuf(com, conn_api.wr_buf + sent, wr - sent); ret = comWriteBuf(com, conn_api.wr_buf + sent, wr - sent);
if (ret > 0 && ret <= (wr - sent))
sent += ret;
if (ret < 0) if (ret < 0)
break; break;
sent += ret;
} }
} }
else { else {
......
src/syncterm/rlogin.c
+ 2
1
View file @ 5e47cf87
...@@ -65,9 +65,10 @@ rlogin_output_thread(void *args) ...@@ -65,9 +65,10 @@ rlogin_output_thread(void *args)
while (rlogin_sock != INVALID_SOCKET && sent < wr && !conn_api.terminate) { while (rlogin_sock != INVALID_SOCKET && sent < wr && !conn_api.terminate) {
if (socket_writable(rlogin_sock, 100)) { if (socket_writable(rlogin_sock, 100)) {
ret = sendsocket(rlogin_sock, conn_api.wr_buf + sent, wr - sent); ret = sendsocket(rlogin_sock, conn_api.wr_buf + sent, wr - sent);
if (ret > 0 && ret <= (wr - sent))
sent += ret;
if (ret < 0) if (ret < 0)
break; break;
sent += ret;
} }
} }
} }
......
src/xpdev/sockwrap.c
+ 1
1
View file @ 5e47cf87
...@@ -188,7 +188,7 @@ off_t sendfilesocket(int sock, int file, off_t *offset, off_t count) ...@@ -188,7 +188,7 @@ off_t sendfilesocket(int sock, int file, off_t *offset, off_t count)
break; break;
while (sent < rd) { while (sent < rd) {
ssize_t wr = sendsocket(sock, buf + sent, rd - sent); ssize_t wr = sendsocket(sock, buf + sent, rd - sent);
if (wr > 0) { if (wr > 0 && wr <= (rd - sent)) {
sent += wr; sent += wr;
} }
else if (wr == SOCKET_ERROR && SOCKET_ERRNO == EWOULDBLOCK) { else if (wr == SOCKET_ERROR && SOCKET_ERRNO == EWOULDBLOCK) {
......
src/xpdev/xpbeep.c
+ 1
1
View file @ 5e47cf87
...@@ -976,7 +976,7 @@ do_xp_play_sample(unsigned char *sampo, size_t sz, int *freed) ...@@ -976,7 +976,7 @@ do_xp_play_sample(unsigned char *sampo, size_t sz, int *freed)
size_t wr = 0; size_t wr = 0;
while (wr < sz) { while (wr < sz) {
ssize_t i = write(dsp, samp + wr, sz - wr); ssize_t i = write(dsp, samp + wr, sz - wr);
if (i >= 0) if (i >= 0 && i <= (sz - wr))
wr += i; wr += i;
else else
return false; return false;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment