Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1357704lqb;
        Thu, 30 May 2024 08:01:55 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXCV6sOUZ57Wec5XKca/IcxrchXbs4Ln+/Wh01F5gpLUeFMybKvPFmkVeX++sPrmFxK2b8fsHFm6eMnaDDov3vfLi+vqqlimkrgiqzqRg==
X-Google-Smtp-Source: AGHT+IHSZJjOcJrwF/Htp7T7whTXRBFi3tTsPkHEiPoOgowYzz9JS7q15ubu+gBkzvaFGD0Z8wuE
X-Received: by 2002:a17:902:ce90:b0:1f4:64d6:919d with SMTP id d9443c01a7336-1f619b2d1e4mr25184025ad.66.1717081315229;
        Thu, 30 May 2024 08:01:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717081315; cv=pass;
        d=google.com; s=arc-20160816;
        b=QB9FnAWzLqmJ4/g6TBTZ9ZjTLzJGtu5rV1k4HpZbre/+rabwaXMI3Y7yEjFe1891qn
         ewsrVzf+QQQDPkQKjtZHMEpOAAZACZB4xxUeaAP7TPUWcVYdCyLogqqnFcR4r3h9DIPd
         v6k/cMoGvhy3M2w9lbga6KCv1KW5ltd/61sz5P6MGYXCzLfgF24gJA2O5673Kt9tAFuT
         Oc7hUrBRUsv1NguzSUkWO+lRwENozQvsd88leKokpMdJiQj9Ty/fDrEttpn/9TkpkjvL
         +QVfG0sMiq0EQGhauuP0/r6MLr+DFa/Km4H6nVn00HhWhMXYejIdFd0sS6fYgKlc9R4a
         BSJA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from;
        bh=rsXErqz7DsV3JjjCeqnFUdGy0wp7VnozwtqgZGxob08=;
        fh=uo5u2TQK/HQlhydMwGLjBAnuDwaLxndJ/cgWTjIagS8=;
        b=RyvELvAL9cuETjZ5Ga2mJ9iM5l2uvzlxcgKWflMZZSwagBBv5SFNHLDHPZa+z2C/2/
         H0wG9O6pPKnoR7c5NdTSoEPQwgwXMV5i0EV86hNQ5f3YIXbeuPMW6B2uLlVKy3wxUMKC
         dTsUrFi32M/D7KsE1fvQq6/BtVAj3GDKD4kLsp0Ku/weIo9Z6COitjM3aJ8K0HMPVqRY
         v6Pu6+JiWZIb7nF9LRpK0XkkYVDC5YlwEuX13VU/CuSFEJV59CHJ1Ff+t5ixc6+HcIGw
         9UBN5aSN4vHC2zvhGGKU8nnNET8bCwjJFyD6ZJSeqzMonvlBGDTLZZC/omm7rVOHV74E
         ktng==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=hadess.net);
       spf=pass (google.com: domain of linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id d9443c01a7336-1f60fc5c218si20229785ad.624.2024.05.30.08.01.54
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 08:01:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1 spf=pass spfdomain=hadess.net);
       spf=pass (google.com: domain of linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8DEC9B23BE9
	for <linux.lists.archive@gmail.com>; Thu, 30 May 2024 15:01:25 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id E9AB717F512;
	Thu, 30 May 2024 15:01:03 +0000 (UTC)
X-Original-To: linux-bluetooth@vger.kernel.org
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4AE5839E3
	for <linux-bluetooth@vger.kernel.org>; Thu, 30 May 2024 15:01:00 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.200
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717081263; cv=none; b=FqFwtDXbrm8uuGFNMaWbfgYFF4DOgaEq5iNtiTDBPX9l9CDj1eMCCuSYxsV9QA+JRL6QuaHXmLWFA59hMgP6nX1JDCEFRQFPiBgj6V3Ran1HjMnr5JaFEs8SaGYwN/Hus70doopBjYgEJmDUB+5bei3PBhLe5A/yByb06/RRxm0=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717081263; c=relaxed/simple;
	bh=ee2MtFQfQtU/kqb6rS+D2WqPs7QmF9VRRDIgJT6sSE0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=pokO8uSHx89xVeAwIeDl6wbyrJWmXyeSEVqIT1oBQGY8+jJZ+SIUm6VntfR8OJSLD4cH8Vl4KondpIlmlh3chqw+lObrZdx4+y4hre3bBEz62UOI+XjLt8X0EzU1yXZS6GgkUSWiJ3ep5iyTDKxGzBEtsbgzlJTpWKKAMYROE40=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.200
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net
Received: by mail.gandi.net (Postfix) with ESMTPSA id D1DAC2000A;
	Thu, 30 May 2024 15:00:58 +0000 (UTC)
From: Bastien Nocera <hadess@hadess.net>
To: linux-bluetooth@vger.kernel.org
Cc: Bastien Nocera <hadess@hadess.net>
Subject: [BlueZ 4/9] rfkill: Avoid using a signed int for an unsigned variable
Date: Thu, 30 May 2024 16:57:58 +0200
Message-ID: <20240530150057.444585-5-hadess@hadess.net>
X-Mailer: git-send-email 2.45.1
In-Reply-To: <20240530150057.444585-1-hadess@hadess.net>
References: <20240530150057.444585-1-hadess@hadess.net>
Precedence: bulk
X-Mailing-List: linux-bluetooth@vger.kernel.org
List-Id: <linux-bluetooth.vger.kernel.org>
List-Subscribe: <mailto:linux-bluetooth+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-bluetooth+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-GND-Sasl: hadess@hadess.net

Error: INTEGER_OVERFLOW (CWE-190): [#def37] [important]
bluez-5.76/src/rfkill.c:101:3: tainted_data_argument: The value "event" is considered tainted.
bluez-5.76/src/rfkill.c:105:3: tainted_data_argument: "event.idx" is considered tainted.
bluez-5.76/src/rfkill.c:105:3: underflow: The cast of "event.idx" to a signed type could result in a negative number.
103|			break;
104|
105|->		id = get_adapter_id_for_rfkill(event.idx);
106|
107|		if (index == id) {

Error: INTEGER_OVERFLOW (CWE-190): [#def38] [important]
bluez-5.76/src/rfkill.c:133:2: tainted_data_argument: The value "event" is considered tainted.
bluez-5.76/src/rfkill.c:143:2: tainted_data_argument: "event.idx" is considered tainted.
bluez-5.76/src/rfkill.c:157:2: underflow: The cast of "event.idx" to a signed type could result in a negative number.
155|		return TRUE;
156|
157|->	id = get_adapter_id_for_rfkill(event.idx);
158|	if (id < 0)
159|		return TRUE;
---
 src/rfkill.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rfkill.c b/src/rfkill.c
index a0a50d9e45d9..8a0e48f01c4f 100644
--- a/src/rfkill.c
+++ b/src/rfkill.c
@@ -55,7 +55,7 @@ struct rfkill_event {
 };
 #define RFKILL_EVENT_SIZE_V1    8
 
-static int get_adapter_id_for_rfkill(int rfkill_id)
+static int get_adapter_id_for_rfkill(uint32_t rfkill_id)
 {
 	char sysname[PATH_MAX];
 	int namefd;
-- 
2.45.1