Checking for *addrlen < 0, where addrlen is a pointer to socklen_t, an unsigned integer value.
<sys/socket.h> makes available a type, socklen_t, which is an unsigned opaque integral type of length of at least 32 bits. To >forestall portability problems, it is recommended that applications should not use values larger than 232 - 1.
kernel/udsdev.c:_udsdev_bind https://github.com/deislabs/mystikos/security/code-scanning/3101 fd was declared in the bind function, but never used. Removed fd references altogether.
kernel/mmanutils.c:myst_release_process_mappings assert(pid > 0) is followed by a check if pid <= 0. Removed the check. https://github.com/deislabs/mystikos/security/code-scanning/3453
tools/myst/enc/syscall.c: _getsockname https://github.com/deislabs/mystikos/security/code-scanning/2983
Checking for *addrlen < 0, where addrlen is a pointer to socklen_t, an unsigned integer value.
From https://pubs.opengroup.org/onlinepubs/7908799/xns/syssocket.h.html
The confusion seems to be stemming from the getsockname man page which mentions returning EINVAL if addrlen is negative.
Removed the check.
mmanutils.c:_add_file_mappings https://github.com/deislabs/mystikos/security/code-scanning/3455 pointer value wasn't initalized.
kernel/syscall.c:_SYS_prctl https://github.com/deislabs/mystikos/security/code-scanning/3451 local variable n was shadowing parameter. Changed local usage to use an integer literal instead.
host/maps.c:myst_maps_load https://github.com/deislabs/mystikos/security/code-scanning/3459 https://github.com/deislabs/mystikos/security/code-scanning/3458 Fixed sscanf return check.