The "correct" type for the length of an IOV is unclear: writev() and
readv() use an int, but sendmsg() and recvmsg() use a size_t. Using the
unsigned size_t has some advantages, though, and it makes more sense for
the case of write_remainder. Using size_t throughout here means we don't
have a signed vs. unsigned comparison, and we don't have to deal with
the case of iov_skip_bytes() returning a value which becomes negative
when assigned to an integer.
I believe this should fix a Coverity reported integer overflow that's
showing up on openscanhub. It's not totally clear from the report what
it thinks the path is, but it's on an (iovcnt - i) a few lines later. With
both having unsigned type, the loop condition ensures this can't underflow.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
util.c | 5 ++---
util.h | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/util.c b/util.c
index f2e26a7a..54a9f580 100644
--- a/util.c
+++ b/util.c
@@ -592,10 +592,9 @@ int do_clone(int (*fn)(void *), char *stack_area, size_t stack_size, int flags,
*
* #syscalls write writev
*/
-int write_remainder(int fd, const struct iovec *iov, int iovcnt, size_t skip)
+int write_remainder(int fd, const struct iovec *iov, size_t iovcnt, size_t skip)
{
- int i;
- size_t offset;
+ size_t offset, i;
while ((i = iov_skip_bytes(iov, iovcnt, skip, &offset)) < iovcnt) {
ssize_t rc;
diff --git a/util.h b/util.h
index b7541ce2..e8bf9572 100644
--- a/util.h
+++ b/util.h
@@ -182,7 +182,7 @@ void pidfile_write(int fd, pid_t pid);
int __daemon(int pidfile_fd, int devnull_fd);
int fls(unsigned long x);
int write_file(const char *path, const char *buf);
-int write_remainder(int fd, const struct iovec *iov, int iovcnt, size_t skip);
+int write_remainder(int fd, const struct iovec *iov, size_t iovcnt, size_t skip);
/**
* af_name() - Return name of an address family
--
2.45.2