Commit 9f34ac4
committed
Fix trust database fd analyzer contract
check_trust_database() was annotated with __attr_fd_arg_read(3), but the fd parameter is optional for path-only trust lookups. When info is NULL, the implementation does not perform integrity checks and does not read from the descriptor, so valid callers may pass sentinel values such as -1.
Remove the fd_arg_read annotation from the public prototype and document that fd is only consumed when info enables integrity checks. The remaining fd annotations still describe helpers that directly consume their descriptor arguments.1 parent 5a95ca2 commit 9f34ac4
1 file changed
Lines changed: 5 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
60 | 60 | | |
61 | 61 | | |
62 | 62 | | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
63 | 67 | | |
64 | | - | |
| 68 | + | |
65 | 69 | | |
66 | 70 | | |
67 | 71 | | |
| |||
0 commit comments