[master] 3a35d8284 v1f_read: Coveritification

Nils Goroll nils.goroll at uplex.de
Tue Jun 3 15:05:05 UTC 2025


commit 3a35d82849e079c863d78421d1e59b81238f7900
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Tue Jun 3 16:54:23 2025 +0200

    v1f_read: Coveritification
    
    CID1605314 reports a potential overflow from i + l, which can not happen for
    realistic values. Because the maximum is so far off realistic values (we are
    reading into substantially smaller buffers), just add bounds checking stead of
    detecting the overflow.

diff --git a/bin/varnishd/http1/cache_http1_vfp.c b/bin/varnishd/http1/cache_http1_vfp.c
index fbc3dcb8b..8a2fb3915 100644
--- a/bin/varnishd/http1/cache_http1_vfp.c
+++ b/bin/varnishd/http1/cache_http1_vfp.c
@@ -85,6 +85,10 @@ v1f_read(const struct vfp_ctx *vc, struct http_conn *htc, void *d, ssize_t len)
 		if (i == 0)
 			htc->doclose = SC_RESP_CLOSE;
 	}
+	assert(i >= 0);
+	assert(l >= 0);
+	assert(i < SSIZE_MAX / 2);
+	assert(l < SSIZE_MAX / 2);
 	return (i + l);
 }
 


More information about the varnish-commit mailing list