Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Coverity issue #228

Closed
shankru5 opened this issue Mar 21, 2024 · 3 comments · Fixed by #229
Closed

Coverity issue #228

shankru5 opened this issue Mar 21, 2024 · 3 comments · Fixed by #229

Comments

@shankru5
Copy link

Coverity complains that inside cyaml_sign_pad, for size = 0 case, the padding becomes ((8-0) * 8) = 64 and left shifting of 1UL by more than 63 bits is undefined behavior. Any idea what is the use case of size = 0 ? Could you please clarify what should be the resolution for this ?
@tlsa
Copy link
Owner

tlsa commented Mar 21, 2024

That could only happen with an invalid data_size in the client schema. So it's not something that can happen if you have a meaningful schema. The load code explicitly rejects it, but to create such a schema the user supplied schema has to be explicitly crafted to be broken.

@tlsa
Copy link
Owner

tlsa commented Mar 21, 2024

In fact, the save code will return CYAML_ERR_INVALID_DATA_SIZE anyway. Because the cyaml_data_read call will return an error.

I can rearrange it slightly which will hopefully suppress Coverity's false positive.

tlsa added a commit that referenced this issue Mar 21, 2024
@tlsa
save: Avoid call to sign pad before checking data read error
5dc7f05 
Closes #228
tlsa added a commit that referenced this issue Mar 21, 2024
@tlsa
save: Avoid call to sign pad before checking data read error
244888e 
This doesn't change behaviour; it still returns
`CYAML_ERR_INVALID_DATA_SIZE` if the schema's `data_size`
is invalid.

Closes #228
@tlsa tlsa mentioned this issue Mar 21, 2024
Merged
@tlsa tlsa closed this as completed in #229 Mar 21, 2024
@shankru5
Copy link
Author

Thank you @tlsa !

tlsa added a commit that referenced this issue Aug 26, 2024
@tlsa
save: Avoid call to sign pad before checking data read error
1d19dc4 
This doesn't change behaviour; it still returns
`CYAML_ERR_INVALID_DATA_SIZE` if the schema's `data_size`
is invalid.

Closes #228
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

save: Avoid call to sign pad before checking data read error tlsa/libcyaml
2 participants
@tlsa @shankru5