Error: INTEGER_OVERFLOW (CWE-190): [#def20] [important]
bluez-5.77/tools/isotest.c:778:2: tainted_data_argument: The check "ret < count" contains the tainted expression "ret" which causes "count" to be considered tainted.
bluez-5.77/tools/isotest.c:779:3: overflow: The expression "count - ret" is deemed overflowed because at least one of its arguments has overflowed.
bluez-5.77/tools/isotest.c:779:3: overflow_sink: "count - ret", which might have underflowed, is passed to "read(fd, buf + ret, count - ret)". [Note: The source code implementation of the function has been overridden by a builtin model.]
777|
778| while (ret < count) {
779|-> len = read(fd, buf + ret, count - ret);
780| if (len < 0)
781| return -errno;
---
tools/isotest.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tools/isotest.c b/tools/isotest.c
index 2cac0e49cc39..0805faa66e47 100644
--- a/tools/isotest.c
+++ b/tools/isotest.c
@@ -779,6 +779,8 @@ static int read_stream(int fd, ssize_t count)
len = read(fd, buf + ret, count - ret);
if (len < 0)
return -errno;
+ if (len > SSIZE_MAX - ret)
+ return -EOVERFLOW;
ret += len;
usleep(1000);
--
2.45.2
