Re: [libvirt PATCH] nwfilter: Fix timeout data type reported by coverity

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Tue, 23 Aug 2022 11:53:56 +0100

On Tue, Aug 23, 2022 at 12:48:48PM +0200, Michal Prívozník wrote:
> On 8/19/22 10:41, Erik Skultety wrote:
> > Coverity reports:
> >     virNWFilterSnoopIPLeaseUpdate(virNWFilterSnoopIPLease *ipl,
> >                                   time_t timeout)
> >     {
> >         if (timeout < ipl->timeout)
> >             return;  /* no take-backs */
> > 
> >         virNWFilterSnoopIPLeaseTimerDel(ipl);
> >  >>> CID 396747:  High impact quality  (Y2K38_SAFETY)
> >  >>> A "time_t" value is stored in an integer with too few bits
> >      to accommodate it. The expression "timeout" is cast to
> >      "unsigned int".
> >         ipl->timeout = timeout;
> >         virNWFilterSnoopIPLeaseTimerAdd(ipl);
> >     }
> > 
> > This is a safe fix, since time_t is just long int and scales
> > automatically with platform (more specifically it's 64bit on all
> > platforms we care about).
> > 
> > Signed-off-by: Erik Skultety <eskultet@xxxxxxxxxx>
> > ---
> >  src/nwfilter/nwfilter_dhcpsnoop.c | 6 +++---
> >  1 file changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
> > index a10a14cfc1..4133d4c672 100644
> > --- a/src/nwfilter/nwfilter_dhcpsnoop.c
> > +++ b/src/nwfilter/nwfilter_dhcpsnoop.c
> > @@ -146,7 +146,7 @@ struct _virNWFilterSnoopIPLease {
> >      virSocketAddr              ipAddress;
> >      virSocketAddr              ipServer;
> >      virNWFilterSnoopReq *    snoopReq;
> > -    unsigned int               timeout;
> > +    time_t timeout;
> >      /* timer list */
> >      virNWFilterSnoopIPLease *prev;
> >      virNWFilterSnoopIPLease *next;
> > @@ -1580,7 +1580,7 @@ virNWFilterSnoopLeaseFileWrite(int lfd, const char *ifkey,
> >          return -1;
> >  
> >      /* time intf ip dhcpserver */
> > -    lbuf = g_strdup_printf("%u %s %s %s\n", ipl->timeout, ifkey, ipstr, dhcpstr);
> > +    lbuf = g_strdup_printf("%lu %s %s %s\n", ipl->timeout, ifkey, ipstr, dhcpstr);
> 
> Doesn't this use of ->timeout need to be typecasted? I mean, we are not
> guaranteed that time_t is unsigned long. Elsewhere in the code we even
> typecast to long long.

Yes, this would fail on 32-bit builds I believe. 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|