fabtests: Address integer overflow coverity issues in fabtests #10142
Conversation
There are 4 integer overflow issues in fabtests. All of them need a check that ensures integer overflow does not oocur. 1. changes to harness.c: This modification includes a check to ensure that adding ret to m does not exceed SIZE_MAX. 2. changes to shared.c: This modification includes a check before the addition to ensure that (rcvd + ret) or (sent + ret) does not exceed SIZE_MAX. If the addition would exceed SIZE_MAX, it sets err to an error value and breaks from the loop, preventing overflow. Signed-off-by: Juee Himalbhai Desai <juee.himalbhai.desai@intel.com>
|
This PR is not needed. This is the case where coverity is not aware of the APIs. We are calculating size used for send/recv calls to not exceed the value (size_t lens) passed to our functions. The for-loop/while-loop will only continue if there is more data. You should disposition the coverity issues as "False Positive" and move on. |
|
@chien-intel I agree with you. I myself was on the fence but coverity has marked it as a high priority issue and since it falls under CWE top 25 defects, I added this check. If there is a consensus on not needing this, I'll mark it as "False Positive" and close the PR. @j-xiong Please let me know if you think this is not needed. |
|
Yes, those are false positives. Coverity doesn't understand the semantics of ofi_send_socket() and ofi_recv_socket() and assumes arbitrary range of return values. |
|
Coverity issues marked "False Positive". Closing the PR. |
There are 4 integer overflow issues in fabtests. All of them need a check that ensures integer overflow does not oocur.
changes to harness.c: This modification includes a check to ensure that adding ret to m does not exceed SIZE_MAX.
changes to shared.c: This modification includes a check before the addition to ensure that (rcvd + ret) or (sent + ret) does not exceed SIZE_MAX. If the addition would exceed SIZE_MAX, it sets err to an error value and breaks from the loop, preventing overflow.