misc: safer (and uniform) handling of return value

When `rc` is `INT_MAX`, `rc + 1` result in signed integer overflow. Signed-off-by: Karel Zak <kzak@redhat.com>
2016-02-27 19:27:29 +03:00 · 2016-02-27 19:27:29 +03:00 · 06fa581748
parent ff27b20f3c
commit 06fa581748
13 changed files with 37 additions and 35 deletions
--- a/disk-utils/fsck.c
+++ b/disk-utils/fsck.c
@ -316,7 +316,7 @@ static int is_irrotational_disk(dev_t disk)
 			"/sys/dev/block/%d:%d/queue/rotational",
 			major(disk), minor(disk));

-	if (rc < 0 || (unsigned int) (rc + 1) > sizeof(path))
+	if (rc < 0 || (unsigned int) rc >= sizeof(path))
 		return 0;

 	f = fopen(path, "r");
--- a/lib/at.c
+++ b/lib/at.c
@ -31,7 +31,7 @@ int fstat_at(int dir __attribute__ ((__unused__)), const char *dirname,
 		int len;

 		len = snprintf(path, sizeof(path), "%s/%s", dirname, filename);
-		if (len < 0 || len + 1 > sizeof(path))
+		if (len < 0 || (size_t)len >= sizeof(path))
 			return -1;

 		return nofollow ? lstat(path, st) : stat(path, st);
@ -56,7 +56,7 @@ int open_at(int dir __attribute__((__unused__)), const char *dirname,
 		int len;

 		len = snprintf(path, sizeof(path), "%s/%s", dirname, filename);
-		if (len < 0 || len + 1 > sizeof(path))
+		if (len < 0 || (size_t)len >= sizeof(path))
 			return -1;

 		return open(path, flags);
@ -91,7 +91,7 @@ ssize_t readlink_at(int dir __attribute__((__unused__)), const char *dirname,
 		int len;

 		len = snprintf(path, sizeof(path), "%s/%s", dirname, pathname);
-		if (len < 0 || len + 1 > sizeof(path))
+		if (len < 0 || (size_t)len >= sizeof(path))
 			return -1;

 		return readlink(path, buf, bufsiz);
--- a/lib/cpuset.c
+++ b/lib/cpuset.c
@ -177,13 +177,10 @@ char *cpulist_create(char *str, size_t len,
 				rlen = snprintf(ptr, len, "%zu-%zu,", i, i + run);
 				i += run;
 			}
-			if (rlen < 0 || (size_t) rlen + 1 > len)
+			if (rlen < 0 || (size_t) rlen >= len)
 				return NULL;
 			ptr += rlen;
-			if (rlen > 0 && len > (size_t) rlen)
-				len -= rlen;
-			else
-				len = 0;
+			len -= rlen;
 		}
 	}
 	ptr -= entry_made;
--- a/lib/sysfs.c
+++ b/lib/sysfs.c
@ -26,7 +26,7 @@ char *sysfs_devno_attribute_path(dev_t devno, char *buf,
 		len = snprintf(buf, bufsiz, _PATH_SYS_DEVBLOCK "/%d:%d",
 			major(devno), minor(devno));

-	return (len < 0 || (size_t) len + 1 > bufsiz) ? NULL : buf;
+	return (len < 0 || (size_t) len >= bufsiz) ? NULL : buf;
 }

 int sysfs_devno_has_attribute(dev_t devno, const char *attr)
@ -82,7 +82,7 @@ dev_t sysfs_devname_to_devno(const char *name, const char *parent)
 				_PATH_SYS_BLOCK "/%s/%s/dev", _parent, _name);
 		free(_name);
 		free(_parent);
-		if (len < 0 || (size_t) len + 1 > sizeof(buf))
+		if (len < 0 || (size_t) len >= sizeof(buf))
 			return 0;
 		path = buf;

@ -100,7 +100,7 @@ dev_t sysfs_devname_to_devno(const char *name, const char *parent)
 		len = snprintf(buf, sizeof(buf),
 				_PATH_SYS_BLOCK "/%s/dev", _name);
 		free(_name);
-		if (len < 0 || (size_t) len + 1 > sizeof(buf))
+		if (len < 0 || (size_t) len >= sizeof(buf))
 			return 0;
 		path = buf;
 	}
@ -463,7 +463,7 @@ int sysfs_write_u64(struct sysfs_cxt *cxt, const char *attr, uint64_t num)
 		return -errno;

 	len = snprintf(buf, sizeof(buf), "%" PRIu64, num);
-	if (len < 0 || (size_t) len + 1 > sizeof(buf))
+	if (len < 0 || (size_t) len >= sizeof(buf))
 		rc = len < 0 ? -errno : -E2BIG;
 	else
 		rc = write_all(fd, buf, len);
@ -930,7 +930,7 @@ static char *sysfs_scsi_host_attribute_path(struct sysfs_cxt *cxt,
 		len = snprintf(buf, bufsz, _PATH_SYS_CLASS "/%s_host/host%d",
 				type, host);

-	return (len < 0 || (size_t) len + 1 > bufsz) ? NULL : buf;
+	return (len < 0 || (size_t) len >= bufsz) ? NULL : buf;
 }

 char *sysfs_scsi_host_strdup_attribute(struct sysfs_cxt *cxt,
@ -979,7 +979,7 @@ static char *sysfs_scsi_attribute_path(struct sysfs_cxt *cxt,
 	else
 		len = snprintf(buf, bufsz, _PATH_SYS_SCSI "/devices/%d:%d:%d:%d",
 				h,c,t,l);
-	return (len < 0 || (size_t) len + 1 > bufsz) ? NULL : buf;
+	return (len < 0 || (size_t) len >= bufsz) ? NULL : buf;
 }

 int sysfs_scsi_has_attribute(struct sysfs_cxt *cxt, const char *attr)
--- a/libfdisk/src/ask.c
+++ b/libfdisk/src/ask.c
@ -383,15 +383,11 @@ static char *mk_string_list(char *ptr, size_t *len, size_t *begin,
 			snprintf(ptr, *len, "%c-%c,", tochar(*begin), tochar(*begin + *run)) :
 			snprintf(ptr, *len, "%zu-%zu,", *begin, *begin + *run);

-	if (rlen < 0 || (size_t) rlen + 1 > *len)
+	if (rlen < 0 || (size_t) rlen >= *len)
 		return NULL;

 	ptr += rlen;
-
-	if (rlen > 0 && *len > (size_t) rlen)
-		*len -= rlen;
-	else
-		*len = 0;
+	*len -= rlen;

 	if (cur == -1 && *begin) {
 		/* end of the list */
--- a/login-utils/login.c
+++ b/login-utils/login.c
@ -1057,7 +1057,7 @@ static void init_environ(struct login_context *cxt)

 	/* mailx will give a funny error msg if you forget this one */
 	len = snprintf(tmp, sizeof(tmp), "%s/%s", _PATH_MAILDIR, pwd->pw_name);
-	if (len > 0 && (size_t) len + 1 <= sizeof(tmp))
+	if (len > 0 && (size_t) len < sizeof(tmp))
 		setenv("MAIL", tmp, 0);

 	/* LOGNAME is not documented in login(1) but HP-UX 6.5 does it. We'll
--- a/login-utils/lslogins.c
+++ b/login-utils/lslogins.c
@ -397,7 +397,7 @@ again:
 			x = snprintf(p, len, "%s,", grp->gr_name);
 		}

-		if (x < 0 || (size_t) x + 1 > len) {
+		if (x < 0 || (size_t) x >= len) {
 			size_t cur = p - res;

 			maxlen *= 2;
--- a/misc-utils/cal.c
+++ b/misc-utils/cal.c
@ -514,10 +514,15 @@ static void headers_init(struct cal_control *ctl)
 	size_t i, wd;
 	char *cur_dh = day_headings;
 	char tmp[FMT_ST_CHARS];
-	size_t year_len;
+	int year_len;

 	year_len = snprintf(tmp, sizeof(tmp), "%d", ctl->req.year);

+	if (year_len < 0 || (size_t)year_len >= sizeof(tmp)) {
+		/* XXX impossible error */
+		return;
+	}
+
 	for (i = 0; i < DAYS_IN_WEEK; i++) {
 		size_t space_left;
 		wd = (i + ctl->weekstart) % DAYS_IN_WEEK;
--- a/sys-utils/lscpu.c
+++ b/sys-utils/lscpu.c
@ -1273,12 +1273,14 @@ get_cell_data(struct lscpu_desc *desc, int idx, int col,
 			if (cpuset_ary_isset(cpu, ca->sharedmaps,
 					     ca->nsharedmaps, setsize, &i) == 0) {
 				int x = snprintf(p, sz, "%zu", i);
-				if (x <= 0 || (size_t) x + 2 >= sz)
+				if (x < 0 || (size_t) x >= sz)
 					return NULL;
 				p += x;
 				sz -= x;
 			}
 			if (j != 0) {
+				if (sz < 2)
+					return NULL;
 				*p++ = mod->compat ? ',' : ':';
 				*p = '\0';
 				sz--;
@ -1346,11 +1348,13 @@ get_cell_header(struct lscpu_desc *desc, int col,

 		for (i = desc->ncaches - 1; i >= 0; i--) {
 			int x = snprintf(p, sz, "%s", desc->caches[i].name);
-			if (x <= 0 || (size_t) x + 2 > sz)
+			if (x < 0 || (size_t) x >= sz)
 				return NULL;
 			sz -= x;
 			p += x;
 			if (i > 0) {
+				if (sz < 2)
+					return NULL;
 				*p++ = mod->compat ? ',' : ':';
 				*p = '\0';
 				sz--;
--- a/sys-utils/mountpoint.c
+++ b/sys-utils/mountpoint.c
@ -71,7 +71,7 @@ static int dir_to_device(struct mountpoint_control *ctl)
 		len = snprintf(buf, sizeof(buf), "%s/..", cn ? cn : ctl->path);
 		free(cn);

-		if (len < 0 || (size_t) len + 1 > sizeof(buf))
+		if (len < 0 || (size_t) len >= sizeof(buf))
 			return -1;
 		if (stat(buf, &pst) !=0)
 			return -1;
--- a/term-utils/agetty.c
+++ b/term-utils/agetty.c
@ -1001,8 +1001,8 @@ static void open_tty(char *tty, struct termios *tp, struct options *op)
 		if ((gr = getgrnam("tty")))
 			gid = gr->gr_gid;

-		if (((len = snprintf(buf, sizeof(buf), "/dev/%s", tty)) >=
-		     (int)sizeof(buf)) || (len < 0))
+		len = snprintf(buf, sizeof(buf), "/dev/%s", tty);
+		if (len < 0 || (size_t)len >= sizeof(buf))
 			log_err(_("/dev/%s: cannot open as standard input: %m"), tty);

 		/* Open the tty as standard input. */
--- a/term-utils/ttymsg.c
+++ b/term-utils/ttymsg.c
@ -90,7 +90,7 @@ ttymsg(struct iovec *iov, size_t iovcnt, char *line, int tmout) {
 	   also wrong since people use /dev/pts/xxx. */

 	len = snprintf(device, sizeof(device), "%s%s", _PATH_DEV, line);
-	if (len < 0 || len + 1 > (ssize_t) sizeof(device)) {
+	if (len < 0 || (size_t)len >= sizeof(device)) {
 		snprintf(errbuf, sizeof(errbuf), _("excessively long line arg"));
 		return errbuf;
 	}
@ -104,7 +104,7 @@ ttymsg(struct iovec *iov, size_t iovcnt, char *line, int tmout) {
 			return NULL;

 		len = snprintf(errbuf, sizeof(errbuf), "%s: %m", device);
-		if (len < 0 || len + 1 > (ssize_t) sizeof(errbuf))
+		if (len < 0 || (size_t)len >= sizeof(errbuf))
 			snprintf(errbuf, sizeof(errbuf), _("open failed"));
 		return errbuf;
 	}
@ -145,7 +145,7 @@ ttymsg(struct iovec *iov, size_t iovcnt, char *line, int tmout) {
 			cpid = fork();
 			if (cpid < 0) {
 				len = snprintf(errbuf, sizeof(errbuf), _("fork: %m"));
-				if (len < 0 || len + 1 > (ssize_t) sizeof(errbuf))
+				if (len < 0 || (size_t)len >= sizeof(errbuf))
 					snprintf(errbuf, sizeof(errbuf), _("cannot fork"));
 				close(fd);
 				return errbuf;
@ -177,7 +177,7 @@ ttymsg(struct iovec *iov, size_t iovcnt, char *line, int tmout) {
 			_exit(EXIT_FAILURE);

 		len = snprintf(errbuf, sizeof(errbuf), "%s: %m", device);
-		if (len < 0 || len + 1 > (ssize_t) sizeof(errbuf))
+		if (len < 0 || (size_t)len >= sizeof(errbuf))
 			snprintf(errbuf, sizeof(errbuf),
 					_("%s: BAD ERROR, message is "
 					  "far too long"), device);
--- a/term-utils/wall.c
+++ b/term-utils/wall.c
@ -217,8 +217,8 @@ static void buf_printf(struct buffer *bs, const char *fmt, ...)
 	rc = vsnprintf(bs->data + bs->used, limit, fmt, ap);
 	va_end(ap);

-	if (rc > 0 && (size_t) rc + 1 > limit) {	/* not enoght, enlarge */
-		buf_enlarge(bs, rc + 1);
+	if (rc >= 0 && (size_t) rc >= limit) {	/* not enoght, enlarge */
+		buf_enlarge(bs, (size_t)rc + 1);
 		limit = bs->sz - bs->used;
 		va_start(ap, fmt);
 		rc = vsnprintf(bs->data  + bs->used, limit, fmt, ap);;