| tedd_an/CheckPatch |
warning
|
WARNING:COMMIT_LOG_LONG_LINE: Possible unwrapped commit description (prefer a maximum 75 chars per line)
#63:
4095| reqhdr->plen = htons((t->reqsize + cstate_len) - sizeof(sdp_pdu_hdr_t));
/github/workspace/src/src/13680516.patch total: 0 errors, 1 warnings, 32 lines checked
NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.
/github/workspace/src/src/13680516.patch has style problems, please review.
NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO
NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
|
| tedd_an/GitLint |
fail
|
WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
11: B1 Line exceeds max length (214>80): "bluez-5.76/lib/sdp.c:4082:2: tainted_data_return: Called function "gen_attridseq_pdu(pdata, attrid_list, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))", and a possible return value is known to be less than zero."
12: B1 Line exceeds max length (148>80): "bluez-5.76/lib/sdp.c:4082:2: assign: Assigning: "seqlen" = "gen_attridseq_pdu(pdata, attrid_list, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))"."
13: B1 Line exceeds max length (109>80): "bluez-5.76/lib/sdp.c:4091:2: overflow: The expression "t->reqsize" is considered to have possibly overflowed."
14: B1 Line exceeds max length (154>80): "bluez-5.76/lib/sdp.c:4097:2: overflow: The expression "t->reqsize + cstate_len" is deemed overflowed because at least one of its arguments has overflowed."
15: B1 Line exceeds max length (174>80): "bluez-5.76/lib/sdp.c:4097:2: overflow_sink: "t->reqsize + cstate_len", which might have underflowed, is passed to "sdp_send_req(session, t->reqbuf, t->reqsize + cstate_len)"."
16: B3 Line contains hard tab characters (\t): "4095| reqhdr->plen = htons((t->reqsize + cstate_len) - sizeof(sdp_pdu_hdr_t));"
18: B3 Line contains hard tab characters (\t): "4097|-> if (sdp_send_req(session, t->reqbuf, t->reqsize + cstate_len) < 0) {"
19: B3 Line contains hard tab characters (\t): "4098| SDPERR("Error sending data:%m");"
20: B3 Line contains hard tab characters (\t): "4099| t->err = errno;"
23: B1 Line exceeds max length (210>80): "bluez-5.76/lib/sdp.c:4466:2: tainted_data_return: Called function "gen_attridseq_pdu(pdata, attrids, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))", and a possible return value is known to be less than zero."
24: B1 Line exceeds max length (144>80): "bluez-5.76/lib/sdp.c:4466:2: assign: Assigning: "seqlen" = "gen_attridseq_pdu(pdata, attrids, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))"."
25: B1 Line exceeds max length (106>80): "bluez-5.76/lib/sdp.c:4475:2: overflow: The expression "reqsize" is considered to have possibly overflowed."
27: B1 Line exceeds max length (187>80): "bluez-5.76/lib/sdp.c:4486:3: overflow: The expression "_reqsize + copy_cstate(_pdata, 2048U - _reqsize, cstate)" is deemed overflowed because at least one of its arguments has overflowed."
28: B1 Line exceeds max length (119>80): "bluez-5.76/lib/sdp.c:4486:3: assign: Assigning: "reqsize" = "_reqsize + copy_cstate(_pdata, 2048U - _reqsize, cstate)"."
29: B1 Line exceeds max length (164>80): "bluez-5.76/lib/sdp.c:4492:3: overflow_sink: "reqsize", which might have underflowed, is passed to "sdp_send_req_w4_rsp(session, reqbuf, rspbuf, reqsize, &rspsize)"."
30: B3 Line contains hard tab characters (\t): "4490| reqhdr->plen = htons(reqsize - sizeof(sdp_pdu_hdr_t));"
31: B3 Line contains hard tab characters (\t): "4491| rsphdr = (sdp_pdu_hdr_t *) rspbuf;"
32: B1 Line exceeds max length (83>80): "4492|-> status = sdp_send_req_w4_rsp(session, reqbuf, rspbuf, reqsize, &rspsize);"
32: B3 Line contains hard tab characters (\t): "4492|-> status = sdp_send_req_w4_rsp(session, reqbuf, rspbuf, reqsize, &rspsize);"
33: B3 Line contains hard tab characters (\t): "4493| if (rspsize < sizeof(sdp_pdu_hdr_t)) {"
34: B3 Line contains hard tab characters (\t): "4494| SDPERR("Unexpected end of packet");"
|
The return value from gen_attridseq_pdu() can be -ENOMEM or the always positive return value from sdp_gen_pdu(), but we only guard against a single negative return value "-1" (-EPERM). Check for all negative values to avoid manipulating a negative length as a valid one. Error: INTEGER_OVERFLOW (CWE-190): [#def10] [important] bluez-5.76/lib/sdp.c:4082:2: tainted_data_return: Called function "gen_attridseq_pdu(pdata, attrid_list, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))", and a possible return value is known to be less than zero. bluez-5.76/lib/sdp.c:4082:2: assign: Assigning: "seqlen" = "gen_attridseq_pdu(pdata, attrid_list, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))". bluez-5.76/lib/sdp.c:4091:2: overflow: The expression "t->reqsize" is considered to have possibly overflowed. bluez-5.76/lib/sdp.c:4097:2: overflow: The expression "t->reqsize + cstate_len" is deemed overflowed because at least one of its arguments has overflowed. bluez-5.76/lib/sdp.c:4097:2: overflow_sink: "t->reqsize + cstate_len", which might have underflowed, is passed to "sdp_send_req(session, t->reqbuf, t->reqsize + cstate_len)". 4095| reqhdr->plen = htons((t->reqsize + cstate_len) - sizeof(sdp_pdu_hdr_t)); 4096| 4097|-> if (sdp_send_req(session, t->reqbuf, t->reqsize + cstate_len) < 0) { 4098| SDPERR("Error sending data:%m"); 4099| t->err = errno; Error: INTEGER_OVERFLOW (CWE-190): [#def11] [important] bluez-5.76/lib/sdp.c:4466:2: tainted_data_return: Called function "gen_attridseq_pdu(pdata, attrids, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))", and a possible return value is known to be less than zero. bluez-5.76/lib/sdp.c:4466:2: assign: Assigning: "seqlen" = "gen_attridseq_pdu(pdata, attrids, ((reqtype == SDP_ATTR_REQ_INDIVIDUAL) ? 9 : 10))". bluez-5.76/lib/sdp.c:4475:2: overflow: The expression "reqsize" is considered to have possibly overflowed. bluez-5.76/lib/sdp.c:4480:2: assign: Assigning: "_reqsize" = "reqsize". bluez-5.76/lib/sdp.c:4486:3: overflow: The expression "_reqsize + copy_cstate(_pdata, 2048U - _reqsize, cstate)" is deemed overflowed because at least one of its arguments has overflowed. bluez-5.76/lib/sdp.c:4486:3: assign: Assigning: "reqsize" = "_reqsize + copy_cstate(_pdata, 2048U - _reqsize, cstate)". bluez-5.76/lib/sdp.c:4492:3: overflow_sink: "reqsize", which might have underflowed, is passed to "sdp_send_req_w4_rsp(session, reqbuf, rspbuf, reqsize, &rspsize)". 4490| reqhdr->plen = htons(reqsize - sizeof(sdp_pdu_hdr_t)); 4491| rsphdr = (sdp_pdu_hdr_t *) rspbuf; 4492|-> status = sdp_send_req_w4_rsp(session, reqbuf, rspbuf, reqsize, &rspsize); 4493| if (rspsize < sizeof(sdp_pdu_hdr_t)) { 4494| SDPERR("Unexpected end of packet"); --- lib/sdp.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)