From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=L0K+2olC;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 904445A06E2
	for <passt-dev@passt.top>; Wed, 07 Jan 2026 02:46:10 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1767750367;
	bh=UMfGpH444HRuuhY6I9PEb5mrClRAUMAgifH5kDjlqJQ=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=L0K+2olCavcnqdRJFdZWhICB4VjP5d/aUbo2p1NovxgoovAnCDLjSIIbHvD+KeH+D
	 EuCdT+D+hWWS7wYolxx/ozuVoj6d/2uC8Ak6SDBbiFLlwGB9rev7sMMcKN57A7iswS
	 3LatXHErf8C4YKrLuQqc0irA1F5MvG/g/cP1N27I1kYTKWrXD2Ed3uHyvUgTplZ82W
	 AD5nOHtjuZmQCLBsItD1neGJBTjnVa1qJjlQrhgCUh0l6tG/F5nW3T+Rim5n2gE1Tu
	 mhiJqASWSvAVmXX+PvCF8KxHyGiHCeZ2Jc/4tmA4wZzu7qm2FtLeX9H0nzU8eZHB49
	 ifPLOxXlky5eg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dm9qM6V7pz4wGx; Wed, 07 Jan 2026 12:46:07 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>,
	passt-dev@passt.top
Subject: [PATCH v3 1/5] util: Be more defensive about buffer overruns in read_file()
Date: Wed,  7 Jan 2026 12:46:02 +1100
Message-ID: <20260107014606.1513722-2-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260107014606.1513722-1-david@gibson.dropbear.id.au>
References: <20260107014606.1513722-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: XEKTMKYMVWRQTP2HA3YC5OWNTOEB5M7H
X-Message-ID-Hash: XEKTMKYMVWRQTP2HA3YC5OWNTOEB5M7H
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>, Laurent Vivier <lvivier@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260107014606.1513722-2-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/XEKTMKYMVWRQTP2HA3YC5OWNTOEB5M7H/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

clang-21.1.7 complains about read_file(), thinking that total_read might
come to exceed buf_size, leading to an out of bounds access at the end of
the function.  In fact, the semantics of read()'s return mean this can't
ever happen.  But we already have to check for the total_read == buf_size
case, so it's basically free to change it to >= and suppress the error.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 27303950..a48f727c 100644
--- a/util.c
+++ b/util.c
@@ -715,7 +715,7 @@ static ssize_t read_file(const char *path, char *buf, size_t buf_size)
 
 	close(fd);
 
-	if (total_read == buf_size) {
+	if (total_read >= buf_size) {
 		buf[buf_size - 1] = '\0';
 		return -ENOBUFS;
 	}
-- 
2.52.0