From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=NkqH/OTC;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 293935A06E2
	for <passt-dev@passt.top>; Mon, 05 Jan 2026 08:53:42 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1767599619;
	bh=BMHB9WoGgoxHbV7SINJdrqD110SWcSxN9GLzwwoW9Ek=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=NkqH/OTCZSh7zLVjfu/nlMhJKTojRv69Qp7ttlFdGd03GtrrZ+TBzXbDeIF+9bJhR
	 7firPK61vPG/ocZvA6dICg9/Czakpd7gq/yf71wMz4bq1o7siCRRaJr/IJXVrTd23Y
	 GjdnqcyHMJPp6RfjyWVAz9nWBIEieSNU2LIr6ZB0zMNpHPiH3r6/JF0k6m+B/r1NA4
	 IdRvKRlMQrE1uasKrVPAKPKGQb7+RmBULUxQl4PRC5iMFSwLDqXaDk+ddq5fu090nC
	 0BR5xO8EOMTLWZrTqnRDWylMhREdYYw6SdYYHjGW4nAawPIk/9AUWXR7c6A3aeglaF
	 FRhz4OvJXai4Q==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dl64M0xNHz4w0Q; Mon, 05 Jan 2026 18:53:39 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 1/5] util: Be more defensive about buffer overruns in read_file()
Date: Mon,  5 Jan 2026 18:53:33 +1100
Message-ID: <20260105075337.1724962-2-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260105075337.1724962-1-david@gibson.dropbear.id.au>
References: <20260105075337.1724962-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: LROPGQUQFPKARTX4XZBZ7PL7IUOG63MQ
X-Message-ID-Hash: LROPGQUQFPKARTX4XZBZ7PL7IUOG63MQ
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260105075337.1724962-2-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/LROPGQUQFPKARTX4XZBZ7PL7IUOG63MQ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

clang-21.1.7 complains about read_file(), thinking that total_read might
come to exceed buf_size, leading to an out of bounds access at the end of
the function.  In fact, the semantics of read()'s return mean this can't
ever happen.  But we already have to check for the total_read == buf_size
case, so it's basically free to change it to >= and suppress the error.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 27303950..a48f727c 100644
--- a/util.c
+++ b/util.c
@@ -715,7 +715,7 @@ static ssize_t read_file(const char *path, char *buf, size_t buf_size)
 
 	close(fd);
 
-	if (total_read == buf_size) {
+	if (total_read >= buf_size) {
 		buf[buf_size - 1] = '\0';
 		return -ENOBUFS;
 	}
-- 
2.52.0