This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=983fadb9e00bb7a7816ace1952b4f704632c6c83 commit 983fadb9e00bb7a7816ace1952b4f704632c6c83 Author: Guillem Jover <guil...@debian.org> AuthorDate: Tue Jul 9 03:00:57 2024 +0200 libdpkg: Do not accept len >= INT_MAX in fd_read() and fd_write() The read() and write() functions return errors as negative numbers via a ssize_t type, and also the amount read or written. This means that if we pass a value greater than SSIZE_MAX, then it might not be representable as a return value and would overflow. Warned-by: coverity --- lib/dpkg/fdio.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/dpkg/fdio.c b/lib/dpkg/fdio.c index b50322bad..831b0cf85 100644 --- a/lib/dpkg/fdio.c +++ b/lib/dpkg/fdio.c @@ -22,10 +22,12 @@ #include <compat.h> #include <errno.h> +#include <limits.h> #include <fcntl.h> #include <unistd.h> #include <dpkg/fdio.h> +#include <dpkg/ehandle.h> ssize_t fd_read(int fd, void *buf, size_t len) @@ -33,6 +35,9 @@ fd_read(int fd, void *buf, size_t len) ssize_t total = 0; char *ptr = buf; + if (len > SSIZE_MAX) + internerr("len=%zu exceeds SSIZE_MAX=%zd", len, SSIZE_MAX); + while (len > 0) { ssize_t n; @@ -58,6 +63,9 @@ fd_write(int fd, const void *buf, size_t len) ssize_t total = 0; const char *ptr = buf; + if (len > SSIZE_MAX) + internerr("len=%zu exceeds SSIZE_MAX=%zd", len, SSIZE_MAX); + while (len > 0) { ssize_t n; -- Dpkg.Org's dpkg
