This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=281c308ee91efaebfc5fa1b347670ff39e77680a commit 281c308ee91efaebfc5fa1b347670ff39e77680a Author: Guillem Jover <guil...@debian.org> AuthorDate: Tue Mar 26 04:01:30 2024 +0100 libdpkg: Handle readlink() failures in file_readlink() We should not use the linksize to update the varbuf if readlink() failed, as that implies a negative number. Reported-by: coverity --- lib/dpkg/file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/dpkg/file.c b/lib/dpkg/file.c index 0da51d628..151ab5a21 100644 --- a/lib/dpkg/file.c +++ b/lib/dpkg/file.c @@ -49,6 +49,9 @@ file_readlink(const char *slink, struct varbuf *content, size_t content_len) varbuf_grow(content, content_len + 1); linksize = readlink(slink, content->buf, content->size); + if (linksize < 0) + return linksize; + varbuf_trunc(content, linksize); varbuf_end_str(content); -- Dpkg.Org's dpkg