From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH 13/16] tcp, tcp_splice: False "Negative array index read"
 positives, CWE-129
Date: Tue, 05 Apr 2022 19:05:11 +0200
Message-ID: <20220405170514.2963773-14-sbrivio@redhat.com>
In-Reply-To: <20220405170514.2963773-1-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5173384887228521431=="

--===============5173384887228521431==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

A flag or event bit is always set by callers. Reported by Coverity.

Signed-by-off: Stefano Brivio <sbrivio(a)redhat.com>
---
 tcp.c        | 12 ++++++++----
 tcp_splice.c | 24 ++++++++++++++++--------
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/tcp.c b/tcp.c
index 1820e19..13a108e 100644
--- a/tcp.c
+++ b/tcp.c
@@ -868,15 +868,19 @@ static void conn_flag_do(const struct ctx *c, struct tc=
p_conn *conn,
 			return;
=20
 		conn->flags &=3D flag;
-		debug("TCP: index %li: %s dropped", conn - tc,
-		      tcp_flag_str[fls(~flag)]);
+		if (fls(~flag) >=3D 0) {
+			debug("TCP: index %li: %s dropped", conn - tc,
+			      tcp_flag_str[fls(~flag)]);
+		}
 	} else {
 		if (conn->flags & flag)
 			return;
=20
 		conn->flags |=3D flag;
-		debug("TCP: index %li: %s", conn - tc,
-		      tcp_flag_str[fls(flag)]);
+		if (fls(flag) >=3D 0) {
+			debug("TCP: index %li: %s", conn - tc,
+			      tcp_flag_str[fls(flag)]);
+		}
 	}
=20
 	if (flag =3D=3D STALLED || flag =3D=3D ~STALLED)
diff --git a/tcp_splice.c b/tcp_splice.c
index 7c19d99..1e24986 100644
--- a/tcp_splice.c
+++ b/tcp_splice.c
@@ -170,15 +170,19 @@ static void conn_flag_do(const struct ctx *c, struct tc=
p_splice_conn *conn,
 			return;
=20
 		conn->flags &=3D flag;
-		debug("TCP (spliced): index %li: %s dropped", conn - tc,
-		      tcp_splice_flag_str[fls(~flag)]);
+		if (fls(~flag) >=3D 0) {
+			debug("TCP (spliced): index %li: %s dropped", conn - tc,
+			      tcp_splice_flag_str[fls(~flag)]);
+		}
 	} else {
 		if (conn->flags & flag)
 			return;
=20
 		conn->flags |=3D flag;
-		debug("TCP (spliced): index %li: %s", conn - tc,
-		      tcp_splice_flag_str[fls(flag)]);
+		if (fls(flag) >=3D 0) {
+			debug("TCP (spliced): index %li: %s", conn - tc,
+			      tcp_splice_flag_str[fls(flag)]);
+		}
 	}
=20
 	if (flag =3D=3D CLOSING)
@@ -250,15 +254,19 @@ static void conn_event_do(const struct ctx *c, struct t=
cp_splice_conn *conn,
 			return;
=20
 		conn->events &=3D event;
-		debug("TCP (spliced): index %li, ~%s", conn - tc,
-		      tcp_splice_event_str[fls(~event)]);
+		if (fls(~event) >=3D 0) {
+			debug("TCP (spliced): index %li, ~%s", conn - tc,
+			      tcp_splice_event_str[fls(~event)]);
+		}
 	} else {
 		if (conn->events & event)
 			return;
=20
 		conn->events |=3D event;
-		debug("TCP (spliced): index %li, %s", conn - tc,
-		      tcp_splice_event_str[fls(event)]);
+		if (fls(event) >=3D 0) {
+			debug("TCP (spliced): index %li, %s", conn - tc,
+			      tcp_splice_event_str[fls(event)]);
+		}
 	}
=20
 	if (tcp_splice_epoll_ctl(c, conn))
--=20
2.35.1


--===============5173384887228521431==--