From a2dcf74fce24aeba2a7e191a4b294b8f9622a3a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Tue, 8 Nov 2022 07:41:00 +0100
Subject: [PATCH] test/getrandom-fallback.c: Fix 'OVERRUN' found by Covscan.

CWE-119: Out-of-bounds access to a buffer (OVERRUN)

overrun-buffer-arg: Calling memset with buf and buflen is suspicious
because of the very large index, 9223372036854775807.  The index may
be due to a negative parameter being interpreted as unsigned.

Limiting buflen to INT16_MAX is big enough for our purposes.
---
 test/getrandom-fallbacks.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/getrandom-fallbacks.c b/test/getrandom-fallbacks.c
index bd976672..b124c181 100644
--- a/test/getrandom-fallbacks.c
+++ b/test/getrandom-fallbacks.c
@@ -77,7 +77,7 @@ __wrap_getrandom (void *buf, size_t buflen, unsigned int ARG_UNUSED(flags))
     }
   else
     {
-      buflen = MIN (buflen, SSIZE_MAX);
+      buflen = MIN (buflen, INT16_MAX);
       memset (buf, MOCK_getrandom, buflen);
       return (ssize_t)buflen;
     }
@@ -130,7 +130,7 @@ __wrap_syscall(long number, ...)
           va_start (ap, number);
           void *buf = va_arg (ap, void *);
           size_t buflen = va_arg (ap, size_t);
-          buflen = MIN (buflen, SSIZE_MAX);
+          buflen = MIN (buflen, INT16_MAX);
           va_end (ap);
           memset (buf, MOCK_sys_getrandom, buflen);
           return (ssize_t)buflen;
@@ -205,7 +205,7 @@ __wrap_read (int fd, void *buf, size_t count)
         }
       else
         {
-          count = MIN (count, SSIZE_MAX);
+          count = MIN (count, INT16_MAX);
           memset (buf, MOCK_urandom, count);
           return (ssize_t)count;
         }