There was a theoretical (but unlikely to happen in practice) integer
overflow in sparse_array_len() in the case when
dynamic_bitmap_last_set() would return LONG_MAX.
Found by coverity:
overflow: The expression idx + 1L is considered to have possibly
overflowed.
CID 501214: (#1 of 1): Overflowed return value (INTEGER_OVERFLOW)
return_overflow: (idx > -1L) ? idx + 1L : 0L, which might have
overflowed, is returned from the function
Fixes: 39eb5b573388 ("Add sparse array.")
Signed-off-by: Dumitru Ceara <[email protected]>
---
lib/sparse-array.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/sparse-array.h b/lib/sparse-array.h
index 047b2f3046..2607075be9 100644
--- a/lib/sparse-array.h
+++ b/lib/sparse-array.h
@@ -38,7 +38,7 @@ static inline size_t
sparse_array_len(const struct sparse_array *array)
{
ssize_t idx = dynamic_bitmap_last_set(&array->bitmap);
- return idx > -1 ? idx + 1 : 0;
+ return idx > -1 ? (size_t) idx + 1 : 0;
}
/* It is safe to destroy array members during traversal, so there
--
2.52.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
