coverity 472860: ops-h2: let coverity see all err enums covered

x
2025-03-16 00:00:07 +01:00 · 2025-01-16 10:59:48 +00:00 · 2025-01-16 10:59:48 +00:00 · ff0e0f3c35
commit ff0e0f3c35
parent b81b24d10e
1 changed files with 19 additions and 3 deletions
--- a/lib/roles/h2/ops-h2.c
+++ b/lib/roles/h2/ops-h2.c
@ -227,11 +227,13 @@ read:
 	       // lwsi_state(wsi) != LRS_H1C_ISSUE_HANDSHAKE2 &&
 	       lwsi_state(wsi) != LRS_H2_WAITING_TO_SEND_HEADERS))) {

+		int scr_ret;
+
 		ebuf.token = pt->serv_buf;
-		ebuf.len = lws_ssl_capable_read(wsi,
+		scr_ret = lws_ssl_capable_read(wsi,
 					ebuf.token,
 					wsi->a.context->pt_serv_buf_size);
-		switch (ebuf.len) {
+		switch (scr_ret) {
 		case 0:
 			lwsl_info("%s: zero length read\n", __func__);
 			return LWS_HPI_RET_PLEASE_CLOSE_ME;
@ -243,6 +245,19 @@ read:
 			return LWS_HPI_RET_PLEASE_CLOSE_ME;
 		}

+		/*
+		 * coverity is confused: it knows lws_ssl_capable_read may
+		 * return < 0 and assigning that to ebuf.len is bad, but it
+		 * doesn't understand this check below on scr_ret < 0
+		 * removes that possibility
+		 */
+
+		ebuf.len = scr_ret;
+		if (ebuf.len < 0) /* ie, not usable data */ {
+			lwsl_info("%s: other error\n", __func__);
+			return LWS_HPI_RET_PLEASE_CLOSE_ME;
+		}
+
 		// lwsl_notice("%s: Actual RX %d\n", __func__, ebuf.len);
 		// if (ebuf.len > 0)
 		//	lwsl_hexdump_notice(ebuf.token, ebuf.len);
@ -313,7 +328,8 @@ drain:
 				lws_dll2_remove(&wsi->dll_buflist);
 			}
 		} else
-			if (n && n < ebuf.len && ebuf.len > 0) {
+			/* cov: both n and ebuf.len are int */
+			if (n > 0 && n < ebuf.len && ebuf.len > 0) {
 				// lwsl_notice("%s: h2 append seg %d\n", __func__, ebuf.len - n);
 				m = lws_buflist_append_segment(&wsi->buflist,
 						ebuf.token + n,