[master] 4ee3a2a2c cache_http1_pipe: Coveritification
Nils Goroll
nils.goroll at uplex.de
Tue Jun 3 15:05:05 UTC 2025
commit 4ee3a2a2ce79ccc1784bf6a6ccab7fd351639857
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Tue Jun 3 17:00:08 2025 +0200
cache_http1_pipe: Coveritification
CID1605321 reports an integer overflow. The only way I can see this happening is
if j > i then i -= j would _underflow_. Not sure if this is what coverity sees,
but at any rate, we know that write() will never return a value greater than the
length argument.
diff --git a/bin/varnishd/http1/cache_http1_pipe.c b/bin/varnishd/http1/cache_http1_pipe.c
index 32d7471fe..867281477 100644
--- a/bin/varnishd/http1/cache_http1_pipe.c
+++ b/bin/varnishd/http1/cache_http1_pipe.c
@@ -61,6 +61,7 @@ rdf(int fd0, int fd1, uint64_t *pcnt)
VTCP_Assert(j);
if (j <= 0)
return (1);
+ assert(j <= i);
*pcnt += j;
if (i != j)
VTIM_sleep(0.1); /* XXX hack */
More information about the varnish-commit
mailing list