On Wed, May 06, 2026 at 11:22:36AM +0200, Stefano Brivio wrote: > The new checks are actually sufficient but not enough for Coverity > Scan. Now that fwd->sock_count and new->last are affected or supplied > by clients, we need explicit (albeit redundant) checks on them. > > Signed-off-by: Stefano Brivio Thanks for the extra details. I still think this can probably be done more neatly. but it's good enough for the time being. Reviewed-by: David Gibson > --- > fwd_rule.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/fwd_rule.c b/fwd_rule.c > index b55e4df..200f4b5 100644 > --- a/fwd_rule.c > +++ b/fwd_rule.c > @@ -271,13 +271,24 @@ int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new) > warn("Too many rules (maximum %d)", ARRAY_SIZE(fwd->rules)); > return -ENOSPC; > } > + > if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) { > warn("Rules require too many listening sockets (maximum %d)", > ARRAY_SIZE(fwd->socks)); > return -ENOSPC; > } > + /* Redundant (see check just above), to make static checkers happy */ > + if (fwd->sock_count > ARRAY_SIZE(fwd->socks)) > + return -ENOSPC; > > fwd->rulesocks[fwd->count] = &fwd->socks[fwd->sock_count]; > + > + /* Redundant, but not for static checkers, that might be missing that > + * due to the check on 'num' above against ARRAY_SIZE(fwd->socks), we > + * have a proper upper bound for new->last in the loop below. > + */ > + if (new->last > ARRAY_SIZE(fwd->socks) + new->first) > + return -ENOSPC; > for (port = new->first; port <= new->last; port++) > fwd->rulesocks[fwd->count][port - new->first] = -1; > > -- > 2.43.0 > -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson