From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=tMFc/nE7;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id C44355A06E2
	for <passt-dev@passt.top>; Wed, 07 Jan 2026 01:16:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1767744971;
	bh=UMfGpH444HRuuhY6I9PEb5mrClRAUMAgifH5kDjlqJQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=tMFc/nE7MYMvgOcmynSsrtJFQSp6VQD9YQa+9dVrTInIzU2XPBKFeK+jXgK8G5gKD
	 POLdaRHRdhZUHHAt7Q5aoa3BC+by563M7zShwgVeIFvHu961xW9NpzrH6y2bYcSt9d
	 mYkzJ/bK01evFG/bFuSy4FT9x9J0hEr6hB+kDWl6dqfcKflQn58YwdvdXoJhkZlgXB
	 Uwc1cr2vpPalAxNrUglPMVhq+vvsu2ISuLIUqJiuXAZStey8Ri+ht6ayv40cFTTr2V
	 VVFcuZ8+Vs0YV+xRUBkZe13fekSKDEUzg5EPJevOXpyI4OyK5Q0PIqXwcB7Z/NAPUp
	 6KhE7qW2MSSfw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dm7qb1Lhmz4wR8; Wed, 07 Jan 2026 11:16:11 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 1/5] util: Be more defensive about buffer overruns in read_file()
Date: Wed,  7 Jan 2026 11:16:05 +1100
Message-ID: <20260107001609.910615-2-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260107001609.910615-1-david@gibson.dropbear.id.au>
References: <20260107001609.910615-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: BLDXXVSTADPRBTZ65IR5RQM5XFNGQ77B
X-Message-ID-Hash: BLDXXVSTADPRBTZ65IR5RQM5XFNGQ77B
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>, Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260107001609.910615-2-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/BLDXXVSTADPRBTZ65IR5RQM5XFNGQ77B/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

clang-21.1.7 complains about read_file(), thinking that total_read might
come to exceed buf_size, leading to an out of bounds access at the end of
the function.  In fact, the semantics of read()'s return mean this can't
ever happen.  But we already have to check for the total_read == buf_size
case, so it's basically free to change it to >= and suppress the error.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 27303950..a48f727c 100644
--- a/util.c
+++ b/util.c
@@ -715,7 +715,7 @@ static ssize_t read_file(const char *path, char *buf, size_t buf_size)
 
 	close(fd);
 
-	if (total_read == buf_size) {
+	if (total_read >= buf_size) {
 		buf[buf_size - 1] = '\0';
 		return -ENOBUFS;
 	}
-- 
2.52.0