[master] 3a35d8284 v1f_read: Coveritification
Nils Goroll
nils.goroll at uplex.de
Tue Jun 3 15:05:05 UTC 2025
commit 3a35d82849e079c863d78421d1e59b81238f7900
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Tue Jun 3 16:54:23 2025 +0200
v1f_read: Coveritification
CID1605314 reports a potential overflow from i + l, which can not happen for
realistic values. Because the maximum is so far off realistic values (we are
reading into substantially smaller buffers), just add bounds checking stead of
detecting the overflow.
diff --git a/bin/varnishd/http1/cache_http1_vfp.c b/bin/varnishd/http1/cache_http1_vfp.c
index fbc3dcb8b..8a2fb3915 100644
--- a/bin/varnishd/http1/cache_http1_vfp.c
+++ b/bin/varnishd/http1/cache_http1_vfp.c
@@ -85,6 +85,10 @@ v1f_read(const struct vfp_ctx *vc, struct http_conn *htc, void *d, ssize_t len)
if (i == 0)
htc->doclose = SC_RESP_CLOSE;
}
+ assert(i >= 0);
+ assert(l >= 0);
+ assert(i < SSIZE_MAX / 2);
+ assert(l < SSIZE_MAX / 2);
return (i + l);
}
More information about the varnish-commit
mailing list