On Thu, 27 Jun 2024 22:46:36 +0200 Stefano Brivio <sbrivio(a)redhat.com> wrote:All harmless issues as far as I can tell, but nice to fix. v2: - in 3/5: - keep 'skip' in write_remainder() unsigned, and check for unsigned overflow instead - refactor sadd_overflow() and ssub_overflow() to use built-ins with automatic types, take ssize_t arguments, and deal with different ssize_t type widths - in 4/5: - switch l2len in tap_handler_passt() to uint32_t, as it really is unsigned and 32-bit wide - return if the length descriptor mismatches, instead of trying to proceed to the next frame - add 5/5 Stefano Brivio (5): conf: Copy up to MAXDNSRCH - 1 bytes, not MAXDNSRCH tcp_splice: Check return value of setsockopt() for SO_RCVLOWAT util, lineread, tap: Overflow checks on long signed sums and subtractions tap: Discard guest data on length descriptor mismatch conf: Use the right maximum buffer size for c->sock_pathI applied 1/5, 2/5, and 5/5. I'll post a new version of 4/5 without the "fix" for the integer overflow false positive soon, and I'll leave 3/5 alone for the moment. -- Stefano