[Coverity CID: 220314] Untrusted value as argument in subsys/bluetooth/services/ots/ots_dir_list.c

[zephyrbot]

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/169144afa1826511ee6ec3f53d590b2c0d39d3d4/subsys/bluetooth/services/ots/ots_dir_list.c#L124

Category: Insecure data handling
Function: bt_ots_dir_list_obj_remove
Component: Bluetooth
CID: 220314

Details:

zephyr/subsys/bluetooth/services/ots/ots_dir_list.c

Line 124 in 169144a

memmove(dir_list->net_buf.data + offset,

118             __ASSERT(len, "Invalid object length");
119    
120             if (id == obj->id) {
121                 /* Delete object by moving memory after the object to
122                  * the objects current location
123                  */
>>>     CID 220314:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "dir_list->net_buf.len - (offset + len)" to "memmove", which uses it as an offset. [Note: The source code implementation of the function has been overridden by a builtin model.]
124                 memmove(dir_list->net_buf.data + offset,
125                     dir_list->net_buf.data + offset + len,
126                     dir_list->net_buf.len - (offset + len));
127                 /* Decrement net_buf len to new length */
128                 dir_list->net_buf.len -= len;
129                 break;

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v29271/p12996

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.