Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID :207980] Untrusted loop bound in tests/net/socket/websocket/src/main.c #22433

Closed
zephyrbot opened this issue Feb 3, 2020 · 1 comment
Closed

[Coverity CID :207980] Untrusted loop bound in tests/net/socket/websocket/src/main.c #22433

zephyrbot opened this issue Feb 3, 2020 · 1 comment
Assignees
@pfalcon @jukkar @tbursztyka
Labels
area: Networking bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/a3e89e84a801d9bc048b0ee2177f0fb11d1a925a/tests/net/socket/websocket/src/main.c#L306

Category: Insecure data handling
Function: verify_sent_and_received_msg
Component: Tests
CID: 207980

Details:

300             zassert_true(ret > 0, "Cannot read data (%d)", ret);
301    
302             total_read = ret;
303         }
304    
305         /* Then the data */
>>>     CID 207980:    (TAINTED_SCALAR)
>>>     Using tainted variable "remaining" as a loop boundary.
306         while (remaining > 0) {
307             ret = test_recv_buf((u8_t *)msg->msg_iov[1].iov_base +
308                                     total_read,
309                         msg->msg_iov[1].iov_len - total_read,
310                         &ctx, &msg_type, &remaining,
311                         recv_buf, sizeof(recv_buf));
300             zassert_true(ret > 0, "Cannot read data (%d)", ret);
301    
302             total_read = ret;
303         }
304    
305         /* Then the data */
>>>     CID 207980:    (TAINTED_SCALAR)
>>>     Using tainted variable "remaining" as a loop boundary.
306         while (remaining > 0) {
307             ret = test_recv_buf((u8_t *)msg->msg_iov[1].iov_base +
308                                     total_read,
309                         msg->msg_iov[1].iov_len - total_read,
310                         &ctx, &msg_type, &remaining,
311                         recv_buf, sizeof(recv_buf));

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v32951/p12996.

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Feb 3, 2020
@jukkar
Copy link
Member

jukkar commented Feb 12, 2020

False positive.

@jukkar jukkar closed this as completed Feb 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pfalcon pfalcon

@jukkar jukkar

@tbursztyka tbursztyka

Labels
area: Networking bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pfalcon @jukkar @tbursztyka @zephyrbot