Skip to content

Fix NO_CAST.INTEGER_OVERFLOW in libev ev.c array_nextsize#515

Closed
mikhailnov wants to merge 1 commit into
linux-audit:masterfrom
mikhailnov:svace11
Closed

Fix NO_CAST.INTEGER_OVERFLOW in libev ev.c array_nextsize#515
mikhailnov wants to merge 1 commit into
linux-audit:masterfrom
mikhailnov:svace11

Conversation

@mikhailnov

Copy link
Copy Markdown
Contributor

Add explicit casts to size_t in arithmetic expressions to prevent potential integer overflow when calculating array sizes.

Overflows are not very realistic, but improve code robustness and make analyzers happy.

Svace reports:

  1. The value of 'elem * ncur' may overflow (ev.c:2259)
  2. The value of 'ncur + elem + (MALLOC_ROUND - 1)' may overflow (ev.c:2262)
  3. The value of 'elem * *cur' may overflow (ev.c:2275)
    (CWE190, CWE197)

Add explicit casts to size_t in arithmetic expressions to prevent
potential integer overflow when calculating array sizes.

Overflows are not very realistic, but improve code robustness and make analyzers happy.

Svace reports:
  1) The value of 'elem * ncur' may overflow (ev.c:2259)
  2) The value of 'ncur + elem + (MALLOC_ROUND - 1)' may overflow (ev.c:2262)
  3) The value of 'elem * *cur' may overflow (ev.c:2275)
  (CWE190, CWE197)

Co-authored-by: Z.AI GLM-5
@stevegrubb

Copy link
Copy Markdown
Contributor

Thanks for looking at this. But I really don't like changing libev much. The reason why is it has it's own upstream. Every libev release requires remembering everything that needs patching. Maybe libev upstream would like the patch? They don't use git. You'd have to submit it to their mail list.

@mikhailnov

mikhailnov commented Mar 1, 2026

Copy link
Copy Markdown
Contributor Author

Ok, I will try. I also thought where to send this patch - here or to libev, but saw that other similar fixes were commited here. It is not clear how libev copy is maintained here: is it a fork with its own direction of development or a frequently synced fork with minimal changes. Maybe document this somewhere?

@stevegrubb

Copy link
Copy Markdown
Contributor

Libev here is mostly an unpacking of the distribution tar file. I have removed the io_uring backend because it was so full of bugs it kept drawing patches to fix it. Otherwise, I have applied a few essential patches that upstream says is my compiler's fault. (06d6355) But I don't want to diverge too much from upstream. I suppose I could add a note and link to the commit for full transparency. It's been almost 6 years since there was a release. I may wind up maintaining at some point.

@stevegrubb

Copy link
Copy Markdown
Contributor

Commit 676e6c7 adds a note about how libev is modified for audit use. It appears that a 4.34 release is being worked on by upstream. There's still time to get this in so that when it is pulled in to audit, these issues are fixed. Closing this out.

@stevegrubb stevegrubb closed this Jun 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants