Found by Coverity:
>>> CID
1476250: (TAINTED_SCALAR)
>>> Using tainted variable "local_counter_aggregate.index.number_dimensions" as a loop boundary.
>>> CID
1476250: (TAINTED_SCALAR)
>>> Using tainted variable "local_counter_clear.index.number_dimensions" as a loop boundary.
>>> CID
1476250: (TAINTED_SCALAR)
>>> Using tainted variable "local_counter_read.index.number_dimensions" as a loop boundary.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I7d35cf96781bb18837fe4564e4e8a34aa2ddc310
if (validate_zeroed_padding(local_counter_read.padding,
sizeof(local_counter_read.padding)))
return -EINVAL;
if (validate_zeroed_padding(local_counter_read.padding,
sizeof(local_counter_read.padding)))
return -EINVAL;
+ if (local_counter_read.index.number_dimensions > LTTNG_KERNEL_ABI_COUNTER_DIMENSION_MAX)
+ return -EINVAL;
/* Cast all indexes into size_t. */
for (i = 0; i < local_counter_read.index.number_dimensions; i++)
/* Cast all indexes into size_t. */
for (i = 0; i < local_counter_read.index.number_dimensions; i++)
if (validate_zeroed_padding(local_counter_aggregate.padding,
sizeof(local_counter_aggregate.padding)))
return -EINVAL;
if (validate_zeroed_padding(local_counter_aggregate.padding,
sizeof(local_counter_aggregate.padding)))
return -EINVAL;
+ if (local_counter_aggregate.index.number_dimensions > LTTNG_KERNEL_ABI_COUNTER_DIMENSION_MAX)
+ return -EINVAL;
/* Cast all indexes into size_t. */
for (i = 0; i < local_counter_aggregate.index.number_dimensions; i++)
/* Cast all indexes into size_t. */
for (i = 0; i < local_counter_aggregate.index.number_dimensions; i++)
if (validate_zeroed_padding(local_counter_clear.padding,
sizeof(local_counter_clear.padding)))
return -EINVAL;
if (validate_zeroed_padding(local_counter_clear.padding,
sizeof(local_counter_clear.padding)))
return -EINVAL;
+ if (local_counter_clear.index.number_dimensions > LTTNG_KERNEL_ABI_COUNTER_DIMENSION_MAX)
+ return -EINVAL;
/* Cast all indexes into size_t. */
for (i = 0; i < local_counter_clear.index.number_dimensions; i++)
/* Cast all indexes into size_t. */
for (i = 0; i < local_counter_clear.index.number_dimensions; i++)