Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Coverity CID: 240703] Improper use of negative value in drivers/bluetooth/hci/h4.c #39805

Closed
zephyrbot opened this issue Oct 28, 2021 · 0 comments · Fixed by #39887
Closed

[Coverity CID: 240703] Improper use of negative value in drivers/bluetooth/hci/h4.c #39805

zephyrbot opened this issue Oct 28, 2021 · 0 comments · Fixed by #39887
Assignees
@jhedberg @joerchan @Vudentz
Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug

Comments

@zephyrbot
Copy link
Collaborator

Static code scan issues found in file:

https://github.com/zephyrproject-rtos/zephyr/tree/c0fcd35531611bbe35376c62a9e50744d6904940/drivers/bluetooth/hci/h4.c#L294

Category: Integer handling issues
Function: read_payload
Component: Bluetooth
CID: 240703

Details:

zephyr/drivers/bluetooth/hci/h4.c

Line 294 in c0fcd35

net_buf_add(rx.buf, read); 

288              }
289     
290              copy_hdr(rx.buf);
291      }
292     
293      read = uart_fifo_read(h4_dev, net_buf_tail(rx.buf), rx.remaining);
>>>     CID 240703:  Integer handling issues  (NEGATIVE_RETURNS)
>>>     "read" is passed to a parameter that cannot be negative.
294      net_buf_add(rx.buf, read);
295      rx.remaining -= read;
296     
297      BT_DBG("got %d bytes, remaining %u", read, rx.remaining);
298      BT_DBG("Payload (len %u): %s", rx.buf->len,
299             bt_hex(rx.buf->data, rx.buf->len));

For more information about the violation, check the Coverity Reference. (CWE-394)

Please fix or provide comments in coverity using the link:

https://scan9.coverity.com/reports.htm#v29271/p12996

Note: This issue was created automatically. Priority was set based on classification
of the file affected and the impact field in coverity. Assignees were set using the CODEOWNERS file.
@zephyrbot zephyrbot added bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug labels Oct 28, 2021
@jhedberg jhedberg mentioned this issue Oct 28, 2021
Merged
jhedberg pushed a commit to jhedberg/zephyr that referenced this issue Nov 9, 2021
Bluetooth: drivers: h4: Fix uart_fifo_read return value handling
e6ba465 
Make sure negative error returns from uart_fifo_read() are correctly
handled.

In the same go, the logic of reading packet headers (ACL/event/ISO) is
refactored into its own helper function. This also fixes having an
appropriate name for the variable that tracks how many header bytes have
already been read (it was called "to_read" and now it's called
"bytes_read").

Fixes zephyrproject-rtos#39805

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
carlescufi pushed a commit that referenced this issue Nov 10, 2021
@carlescufi
Bluetooth: drivers: h4: Fix uart_fifo_read return value handling
cc2d5f8 
Make sure negative error returns from uart_fifo_read() are correctly
handled.

In the same go, the logic of reading packet headers (ACL/event/ISO) is
refactored into its own helper function. This also fixes having an
appropriate name for the variable that tracks how many header bytes have
already been read (it was called "to_read" and now it's called
"bytes_read").

Fixes #39805

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhedberg jhedberg

@joerchan joerchan

@Vudentz Vudentz

Labels
bug The issue is a bug, or the PR is fixing a bug Coverity A Coverity detected issue or its fix priority: low Low impact/importance bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bluetooth: drivers: h4: Fix UART API error handling jhedberg/zephyr
4 participants
@jhedberg @joerchan @Vudentz @zephyrbot