From 20c6bd296bf5ff41f08c366fd250c9c8a4821acd Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Sat, 6 Aug 2016 15:50:17 +0900 Subject: [PATCH] eina log - keep coverity happy with potential ptr comparison overflow fixes CID 1361220 in theory yes end minus start could be insanely huge or end be very high in memory thus causing an overflow. this would have to be in the last few bytes of memory space, so it never going to happen. and the input from the env var has to be sane anyway as its user controlled. @fix --- src/lib/eina/eina_log.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/lib/eina/eina_log.c b/src/lib/eina/eina_log.c index 1db46b26a4..c08f93cc0a 100644 --- a/src/lib/eina/eina_log.c +++ b/src/lib/eina/eina_log.c @@ -972,9 +972,12 @@ eina_log_domain_parse_pendings(void) level = strtol((char *)(end + 1), &tmp, 10); if (tmp == (end + 1)) goto parse_end; - + // If the name of the log is more than 64k it's silly so give up + // as it's pointless and in theory could overflow pointer + if ((end - start) > 0xffff) + break; // Parse name - p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + end - start + 1); + p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + (end - start) + 1); if (!p) break;