[master] 4ee3a2a2c cache_http1_pipe: Coveritification

Nils Goroll nils.goroll at uplex.de
Tue Jun 3 15:05:05 UTC 2025


commit 4ee3a2a2ce79ccc1784bf6a6ccab7fd351639857
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Tue Jun 3 17:00:08 2025 +0200

    cache_http1_pipe: Coveritification
    
    CID1605321 reports an integer overflow. The only way I can see this happening is
    if j > i then i -= j would _underflow_. Not sure if this is what coverity sees,
    but at any rate, we know that write() will never return a value greater than the
    length argument.

diff --git a/bin/varnishd/http1/cache_http1_pipe.c b/bin/varnishd/http1/cache_http1_pipe.c
index 32d7471fe..867281477 100644
--- a/bin/varnishd/http1/cache_http1_pipe.c
+++ b/bin/varnishd/http1/cache_http1_pipe.c
@@ -61,6 +61,7 @@ rdf(int fd0, int fd1, uint64_t *pcnt)
 		VTCP_Assert(j);
 		if (j <= 0)
 			return (1);
+		assert(j <= i);
 		*pcnt += j;
 		if (i != j)
 			VTIM_sleep(0.1);		/* XXX hack */


More information about the varnish-commit mailing list