From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=KazP3eK6; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 7EE435A0262 for ; Tue, 05 May 2026 12:13:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777976027; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9uMMYwLUStA2wW3nBrH1bfXNAA2T+HYL8yohWR93bDM=; b=KazP3eK6NS8rx1VVWfvvkGhI5hzuW5f3zfhQg6xuoK7Weg9t8uaXm65XuBOaEiC16bE+N7 Bv4yplJLmfMGJnvUPrqJBGoctppSbuto7wgNe8g+LxSNmLUW9kDDyouBfb6rnk59x+SK6e yuuxD+wT3ZZ1ilQpto/NMM9eiUnH2h0= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-561-YLUSauKENvK2LfXT_YX1ZA-1; Tue, 05 May 2026 06:13:45 -0400 X-MC-Unique: YLUSauKENvK2LfXT_YX1ZA-1 X-Mimecast-MFC-AGG-ID: YLUSauKENvK2LfXT_YX1ZA_1777976024 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-44a122a5128so3031762f8f.0 for ; Tue, 05 May 2026 03:13:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777976024; x=1778580824; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9uMMYwLUStA2wW3nBrH1bfXNAA2T+HYL8yohWR93bDM=; b=JWPPVmCaPtNxMUXIwslEAl2fKqodFvd9Z9xtAWVn6FzQAXyQ+0Jr8MWv85rACstN0c 04IUSLnhr443ntEKvqZAUsV3Awl8Eu1V/TvtMowkcIudYtKDJ++VmIk2506ojd2bk5nD HnPJdC8D263WRP2dMwDsBmRDUzg+CeUiP76TMtaQOGwl6jp6hJ18XZTf5oTShLliG1YG cBRMGQtmDUOSEY6PPz4U8DasORfeZgEXCUgI9A17fUhKVl7wLMdV7weMEgGKNcVR8W+P I7Z1no+TvnppaAf46cF01mXnYVH5+SpXTILAAB1FafDOO43gt+boCkS57eUWofEW6Wmr QB9w== X-Gm-Message-State: AOJu0Yy3GmR73wa/Bpq6ZCx5ryds9SHd6Wn97WildpayMjOffnN7Eh8b Pt8UigAyGWelsheJl8GuAkcV3b3rIpJTxLvFB+8xBvduG4FWpJB94FP+/wv7D1dA0xhgnqGZ1LJ 331T38c20otPFKZsG4RoALciMQJL8xQHB8XaJhOBj8nPkdrzVv7PxEQ== X-Gm-Gg: AeBDieso8YAR/mb4O+VpPYeqw1TGZK4Qct+RVA9br6Uxvb1nS4oKim1uoJVYFma/+rr /I9jKwx3xRKqRrMKhXPP0n3rBBvvGR2r9mfSwMNvXMVr7tzEUsCrO+msm98Ln2DVX0E4fxIUy4y 9Gh9x8xdEbwHGAcD9HwFbHptR7ArvZlzIQNoujb98up008EhFD7wqda+A2Dn5TXa9YI9FbURgli cNosTuost9zMxJbo+NSuMJmmUVdERbOBmlJdrtIZNeo3vdxCMtt51JVOHXrJO7Jb3tId5Tbnkvi LY5izmG4f0cbjMtMLE9ZVxlg5RdaBCshQjGHpEOxizINeRrnaUT6qwjAg3t0o0IeaaMGwDoHEHz gmyVUQLXJJw4xvI88URvSB44a6XhYY+/KbcWa4/HYao6rfnkofTHNsiyW5vth X-Received: by 2002:a05:6000:4305:b0:43c:fe0e:5bbc with SMTP id ffacd0b85a97d-44bb4722f88mr24771646f8f.19.1777976023815; Tue, 05 May 2026 03:13:43 -0700 (PDT) X-Received: by 2002:a05:6000:4305:b0:43c:fe0e:5bbc with SMTP id ffacd0b85a97d-44bb4722f88mr24771577f8f.19.1777976023219; Tue, 05 May 2026 03:13:43 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-45055960811sm3473217f8f.27.2026.05.05.03.13.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 03:13:42 -0700 (PDT) From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v7 18/18] fwd_rule: Fix static checkers warnings in fwd_rule_add() Message-ID: <20260505121340.3a548603@elisabeth> In-Reply-To: References: <20260504231142.1118652-1-sbrivio@redhat.com> <20260504231142.1118652-19-sbrivio@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Tue, 05 May 2026 12:13:41 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: Gf15HPi09DF6Hrh6_mGL03kxaHdi7b5i1rc4aUd6w50_1777976024 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: UHC6Z332PN7B2R4ESFV4AUJULCRLZ4O2 X-Message-ID-Hash: UHC6Z332PN7B2R4ESFV4AUJULCRLZ4O2 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Jon Maloy , Laurent Vivier X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Tue, 5 May 2026 16:22:43 +1000 David Gibson wrote: > On Tue, May 05, 2026 at 01:11:42AM +0200, Stefano Brivio wrote: > > The new checks are actually sufficient but not enough for Coverity > > Scan. Now that fwd->sock_count and new->last are affected or supplied > > by clients, we need explicit (albeit redundant) checks on them. > > > > Signed-off-by: Stefano Brivio > > I'm assuming this does squash the warnings, but I think it does so in > a somewhat confusing way. You don't need to assume that, you could try yourself without this patch and you'll see exactly two warnings with a lot of details. > > --- > > fwd_rule.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > > > diff --git a/fwd_rule.c b/fwd_rule.c > > index b55e4df..03e8e80 100644 > > --- a/fwd_rule.c > > +++ b/fwd_rule.c > > @@ -271,13 +271,22 @@ int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new) > > warn("Too many rules (maximum %d)", ARRAY_SIZE(fwd->rules)); > > return -ENOSPC; > > } > > + > > if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) { > > warn("Rules require too many listening sockets (maximum %d)", > > ARRAY_SIZE(fwd->socks)); > > return -ENOSPC; > > } > > + /* Redundant, to make static checkers happy */ > > + if (fwd->sock_count > ARRAY_SIZE(fwd->socks)) > > + return -ENOSPC; > > So there's actually two conditions that this is kind of relevant to: > > 1) (fwd->sock_count > ARRAY_SIZE(fwd->socks)) on entry > > That means something is horribly wrong before we were even called. > So, I think that would be better as an assert(). > > 2) (fwd->sock_count + num) overflows > > That's a closer-to-real concern. I'm pretty sure we can't hit it for > real, because num is necessarily <= 65536, so as long as (1) is true > this can't overflow. But that relies on the specific value of > ARRAY_SIZE(fwd->socks), so it's kind of fragile. > > I think an explicit check for this is a good idea, but it should > actually check for this, not just side-effects of it, so: > if (fwd->sock_count + num <= fwd->sock_count) { > warn("Blah blah overflow"); > return -EFAULT; /* or whatever */ > } > > > fwd->rulesocks[fwd->count] = &fwd->socks[fwd->sock_count]; > > + > > + /* Redundant ('num' checked above), but not for static checkers */ > > + if (new->last > ARRAY_SIZE(fwd->socks) + new->first) > > + return -ENOSPC; > > This way of organising the check is very confusing to me. I'm not > really sure what it's trying to catch. Same as above. > We've already checked that > last >= first, so using num is safer to deal with at this > point than ARRAY_SIZE() + first, which could in principle overflow > even if sock_count + num is perfectly ok. Using 'num' won't work. It shouldn't overflow anyway because the addition happens in 'int'. I'll try to change the rest if I find some time but it doesn't really look that critical to me. > > for (port = new->first; port <= new->last; port++) > > fwd->rulesocks[fwd->count][port - new->first] = -1; > > > > -- > > 2.43.0 > > > -- Stefano