Silence use of tainted scalar
2607 43. tainted_argument: Calling function journal_read_xhdr taints argument xhdr.size. [show details] 2608 result = journal_read_xhdr(j1, &xhdr); 44. Condition rewrite, taking true branch. 45. Condition result == 29, taking false branch. 2609 if (rewrite && result == ISC_R_NOMORE) { 2610 break; 2611 } 46. Condition result != 0, taking false branch. 2612 CHECK(result); 2613 47. var_assign_var: Assigning: size = xhdr.size. Both are now tainted. 2614 size = xhdr.size;
CID 331088 (#3 of 3): Untrusted allocation size (TAINTED_SCALAR)
48. tainted_data: Passing tainted expression size to isc__mem_get, which uses it as an allocation size. [show details]
Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
2615 buf = isc_mem_get(mctx, size);
(cherry picked from commit 83fd38dd)
Closes #2807 (closed)