Skip to content

Commit 5a73239

Browse files
elizashurovelizashurov
committed
viosock: Fix missing return type and integer overflow
Fix Coverity CID 475471 by adding VOID return type to VIOSockReadProcessDequeueCb. Fix Coverity CID 475412 by preventing DWORD-to-int overflow in Send() function and fixing infinite loop caused by checking pointer instead of value. Signed-off-by: Elizabeth Ashurov <[email protected]>
1 parent 5b565d5 commit 5a73239

File tree

2 files changed

+6
-5
lines changed

2 files changed

+6
-5
lines changed

viosock/sys/viosock.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -561,7 +561,7 @@ VIOSockReadSocketQueueInit(IN PSOCKET_CONTEXT pSocket);
561561

562562
_Requires_lock_not_held_(pSocket->RxLock) BOOLEAN VIOSockReadDequeueCb(IN PSOCKET_CONTEXT pSocket);
563563

564-
_Requires_lock_not_held_(pSocket->RxLock) __inline VIOSockReadProcessDequeueCb(IN PSOCKET_CONTEXT pSocket)
564+
_Requires_lock_not_held_(pSocket->RxLock) __inline VOID VIOSockReadProcessDequeueCb(IN PSOCKET_CONTEXT pSocket)
565565
{
566566
while (VIOSockReadDequeueCb(pSocket))
567567
;

viosock/viosocklib-test/viosocklib-test.c

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -255,15 +255,16 @@ BOOL AddBufferToFile(PTCHAR sFileName, PVOID Buffer, ULONG BufferLen)
255255

256256
BOOL Send(SOCKET sock, PCHAR Buffer, DWORD *BufferLen)
257257
{
258-
while (BufferLen)
258+
while (*BufferLen > 0)
259259
{
260-
int len = send(sock, (char *)Buffer, *BufferLen, 0);
260+
DWORD sendLen = (*BufferLen > (DWORD)INT_MAX) ? (DWORD)INT_MAX : *BufferLen;
261+
int len = send(sock, (char *)Buffer, (int)sendLen, 0);
261262
if (len == SOCKET_ERROR)
262263
{
263264
_tprintf(_T("send failed: %d\n"), WSAGetLastError());
264265
return FALSE;
265266
}
266-
else if (!len)
267+
else if (len <= 0)
267268
{
268269
_tprintf(_T("connection closed\n"));
269270
return TRUE;
@@ -272,7 +273,7 @@ BOOL Send(SOCKET sock, PCHAR Buffer, DWORD *BufferLen)
272273
{
273274
_tprintf(_T("%d bytes sent\n"), len);
274275
}
275-
*BufferLen -= len;
276+
*BufferLen -= (DWORD)len;
276277
Buffer += len;
277278
}
278279
return TRUE;

0 commit comments

Comments
 (0)