Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_ldif.c:84: tainted_data_return: Called function "read(f, buf, size)", and a possible return value may be less than zero.
ldb-2.9.0/common/ldb_ldif.c:84: cast_overflow: An assign that casts to a different type, which might trigger an overflow.
ldb-2.9.0/common/ldb_ldif.c:92: overflow: The expression "size" is considered to have possibly overflowed.
ldb-2.9.0/common/ldb_ldif.c:84: overflow_sink: "size", which might be negative, is passed to "read(f, buf, size)". [Note: The source code implementation of the function has been overridden by a builtin model.]
82| buf = (char *)value->data;
83| while (count < statbuf.st_size) {
84|-> bytes = read(f, buf, size);
85| if (bytes == -1) {
86| talloc_free(value->data);
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
{
struct stat statbuf;
char *buf;
- int count, size, bytes;
+ size_t count, size;
+ ssize_t bytes;
int ret;
int f;
const char *fname = (const char *)value->data;