Error: OVERRUN (CWE-119): [#def57] [important]
bluez-5.76/tools/rctest.c:556:3: return_constant: Function call "read(fd, buf, data_size)" may return -1. [Note: The source code implementation of the function has been overridden by a builtin model.]
bluez-5.76/tools/rctest.c:556:3: assignment: Assigning: "len" = "read(fd, buf, data_size)". The value of "len" is now -1.
bluez-5.76/tools/rctest.c:557:3: overrun-buffer-arg: Calling "send" with "buf" and "len" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
555| }
556| len = read(fd, buf, data_size);
557|-> send(sk, buf, len, 0);
558| close(fd);
559| return;
---
tools/rctest.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/rctest.c b/tools/rctest.c
index d31180880ef4..ff91eb2f159d 100644
--- a/tools/rctest.c
+++ b/tools/rctest.c
@@ -554,7 +554,8 @@ static void do_send(int sk)
exit(1);
}
len = read(fd, buf, data_size);
- send(sk, buf, len, 0);
+ if (len > 0)
+ send(sk, buf, len, 0);
close(fd);
return;
} else {
--
2.45.1
