"len - end > 0" can never be false because "end" is unsigned, so the
whole left handside of the expression is unsigned, so always positive.
Error: INTEGER_OVERFLOW (CWE-190): [#def22] [important]
bluez-5.76/src/shared/ringbuf.c:240:2: ineffective_check: The check "len - end > 0UL", which appears to be a guard against integer overflow, is not a useful guard because it is either always true, or never true. This taints "len".
bluez-5.76/src/shared/ringbuf.c:242:3: overflow: The expression "len - end" might be negative, but is used in a context that treats it as unsigned.
bluez-5.76/src/shared/ringbuf.c:242:3: overflow_sink: "len - end", which might be negative, is passed to "memcpy(ringbuf->buffer, str + end, len - end)". [Note: The source code implementation of the function has been overridden by a builtin model.]
240| if (len - end > 0) {
241| /* Put the remainder of string at the beginning */
242|-> memcpy(ringbuf->buffer, str + end, len - end);
243|
244| if (ringbuf->in_tracing)
---
src/shared/ringbuf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/ringbuf.c b/src/shared/ringbuf.c
index 3dc7ed71b2b2..1b7adbb4f513 100644
--- a/src/shared/ringbuf.c
+++ b/src/shared/ringbuf.c
@@ -237,7 +237,7 @@ int ringbuf_vprintf(struct ringbuf *ringbuf, const char *format, va_list ap)
ringbuf->in_tracing(ringbuf->buffer + offset, end,
ringbuf->in_data);
- if (len - end > 0) {
+ if ((size_t) len > end) {
/* Put the remainder of string at the beginning */
memcpy(ringbuf->buffer, str + end, len - end);
--
2.45.2
