Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1357704lqb; Thu, 30 May 2024 08:01:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXCV6sOUZ57Wec5XKca/IcxrchXbs4Ln+/Wh01F5gpLUeFMybKvPFmkVeX++sPrmFxK2b8fsHFm6eMnaDDov3vfLi+vqqlimkrgiqzqRg== X-Google-Smtp-Source: AGHT+IHSZJjOcJrwF/Htp7T7whTXRBFi3tTsPkHEiPoOgowYzz9JS7q15ubu+gBkzvaFGD0Z8wuE X-Received: by 2002:a17:902:ce90:b0:1f4:64d6:919d with SMTP id d9443c01a7336-1f619b2d1e4mr25184025ad.66.1717081315229; Thu, 30 May 2024 08:01:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717081315; cv=pass; d=google.com; s=arc-20160816; b=QB9FnAWzLqmJ4/g6TBTZ9ZjTLzJGtu5rV1k4HpZbre/+rabwaXMI3Y7yEjFe1891qn ewsrVzf+QQQDPkQKjtZHMEpOAAZACZB4xxUeaAP7TPUWcVYdCyLogqqnFcR4r3h9DIPd v6k/cMoGvhy3M2w9lbga6KCv1KW5ltd/61sz5P6MGYXCzLfgF24gJA2O5673Kt9tAFuT Oc7hUrBRUsv1NguzSUkWO+lRwENozQvsd88leKokpMdJiQj9Ty/fDrEttpn/9TkpkjvL +QVfG0sMiq0EQGhauuP0/r6MLr+DFa/Km4H6nVn00HhWhMXYejIdFd0sS6fYgKlc9R4a BSJA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=rsXErqz7DsV3JjjCeqnFUdGy0wp7VnozwtqgZGxob08=; fh=uo5u2TQK/HQlhydMwGLjBAnuDwaLxndJ/cgWTjIagS8=; b=RyvELvAL9cuETjZ5Ga2mJ9iM5l2uvzlxcgKWflMZZSwagBBv5SFNHLDHPZa+z2C/2/ H0wG9O6pPKnoR7c5NdTSoEPQwgwXMV5i0EV86hNQ5f3YIXbeuPMW6B2uLlVKy3wxUMKC dTsUrFi32M/D7KsE1fvQq6/BtVAj3GDKD4kLsp0Ku/weIo9Z6COitjM3aJ8K0HMPVqRY v6Pu6+JiWZIb7nF9LRpK0XkkYVDC5YlwEuX13VU/CuSFEJV59CHJ1Ff+t5ixc6+HcIGw 9UBN5aSN4vHC2zvhGGKU8nnNET8bCwjJFyD6ZJSeqzMonvlBGDTLZZC/omm7rVOHV74E ktng==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f60fc5c218si20229785ad.624.2024.05.30.08.01.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 08:01:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=hadess.net); spf=pass (google.com: domain of linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-bluetooth+bounces-5041-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 8DEC9B23BE9 for ; Thu, 30 May 2024 15:01:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E9AB717F512; Thu, 30 May 2024 15:01:03 +0000 (UTC) X-Original-To: linux-bluetooth@vger.kernel.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4AE5839E3 for ; Thu, 30 May 2024 15:01:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.70.183.200 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717081263; cv=none; b=FqFwtDXbrm8uuGFNMaWbfgYFF4DOgaEq5iNtiTDBPX9l9CDj1eMCCuSYxsV9QA+JRL6QuaHXmLWFA59hMgP6nX1JDCEFRQFPiBgj6V3Ran1HjMnr5JaFEs8SaGYwN/Hus70doopBjYgEJmDUB+5bei3PBhLe5A/yByb06/RRxm0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717081263; c=relaxed/simple; bh=ee2MtFQfQtU/kqb6rS+D2WqPs7QmF9VRRDIgJT6sSE0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pokO8uSHx89xVeAwIeDl6wbyrJWmXyeSEVqIT1oBQGY8+jJZ+SIUm6VntfR8OJSLD4cH8Vl4KondpIlmlh3chqw+lObrZdx4+y4hre3bBEz62UOI+XjLt8X0EzU1yXZS6GgkUSWiJ3ep5iyTDKxGzBEtsbgzlJTpWKKAMYROE40= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net; spf=pass smtp.mailfrom=hadess.net; arc=none smtp.client-ip=217.70.183.200 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=hadess.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=hadess.net Received: by mail.gandi.net (Postfix) with ESMTPSA id D1DAC2000A; Thu, 30 May 2024 15:00:58 +0000 (UTC) From: Bastien Nocera To: linux-bluetooth@vger.kernel.org Cc: Bastien Nocera Subject: [BlueZ 4/9] rfkill: Avoid using a signed int for an unsigned variable Date: Thu, 30 May 2024 16:57:58 +0200 Message-ID: <20240530150057.444585-5-hadess@hadess.net> X-Mailer: git-send-email 2.45.1 In-Reply-To: <20240530150057.444585-1-hadess@hadess.net> References: <20240530150057.444585-1-hadess@hadess.net> Precedence: bulk X-Mailing-List: linux-bluetooth@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-GND-Sasl: hadess@hadess.net Error: INTEGER_OVERFLOW (CWE-190): [#def37] [important] bluez-5.76/src/rfkill.c:101:3: tainted_data_argument: The value "event" is considered tainted. bluez-5.76/src/rfkill.c:105:3: tainted_data_argument: "event.idx" is considered tainted. bluez-5.76/src/rfkill.c:105:3: underflow: The cast of "event.idx" to a signed type could result in a negative number. 103| break; 104| 105|-> id = get_adapter_id_for_rfkill(event.idx); 106| 107| if (index == id) { Error: INTEGER_OVERFLOW (CWE-190): [#def38] [important] bluez-5.76/src/rfkill.c:133:2: tainted_data_argument: The value "event" is considered tainted. bluez-5.76/src/rfkill.c:143:2: tainted_data_argument: "event.idx" is considered tainted. bluez-5.76/src/rfkill.c:157:2: underflow: The cast of "event.idx" to a signed type could result in a negative number. 155| return TRUE; 156| 157|-> id = get_adapter_id_for_rfkill(event.idx); 158| if (id < 0) 159| return TRUE; --- src/rfkill.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rfkill.c b/src/rfkill.c index a0a50d9e45d9..8a0e48f01c4f 100644 --- a/src/rfkill.c +++ b/src/rfkill.c @@ -55,7 +55,7 @@ struct rfkill_event { }; #define RFKILL_EVENT_SIZE_V1 8 -static int get_adapter_id_for_rfkill(int rfkill_id) +static int get_adapter_id_for_rfkill(uint32_t rfkill_id) { char sysname[PATH_MAX]; int namefd; -- 2.45.1