From 90160d650797419876aea5fb437625c6c8064718 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Sun, 22 Sep 2013 03:26:33 +0200 Subject: [PATCH] Fix possible overflow Note that this could happen e.g. if a fake PN533 sends malicious frames over USB CID 1090329 (#1 of 1): Overflowed return value (INTEGER_OVERFLOW) overflow_sink: Overflowed or truncated value (or a value computed from an overflowed or truncated value) "res" used as return value. --- libnfc/chips/pn53x.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libnfc/chips/pn53x.c b/libnfc/chips/pn53x.c index 36f174e..bfb7f50 100644 --- a/libnfc/chips/pn53x.c +++ b/libnfc/chips/pn53x.c @@ -1150,6 +1150,9 @@ pn53x_initiator_select_passive_target_ext(struct nfc_device *pnd, if ((res = pn53x_InListPassiveTarget(pnd, pm, 1, pbtInitData, szInitData, abtTargetsData, &szTargetsData, timeout)) <= 0) return res; + if (szTargetsData <= 1) // For Coverity to know szTargetsData is always > 1 if res > 0 + return 0; + // Is a tag info struct available if (pnt) { pnt->nm = nm;