Commit d0c82543 authored by Timothy B. Terriberry's avatar Timothy B. Terriberry

Fix MSVC warnings.

Some of these pointed to real potential overflows (given arbitrary
 inputs by the calling application).
I was sad about stripping const qualifiers from the struct addrinfo
 pointers, but MSVC seems to erroneously think that an array of
 pointers to constant data is itself a pointer to constant data (or
 maybe that it is not compatible with a const void *?), and
 converting the memmove()s to for loops triggered an erroneous
 warning about out-of-bounds array accesses in gcc (but on only one
 of the two identical loops).
parent cc69f7ef
This diff is collapsed.
...@@ -279,24 +279,26 @@ int opus_tags_copy(OpusTags *_dst,const OpusTags *_src){ ...@@ -279,24 +279,26 @@ int opus_tags_copy(OpusTags *_dst,const OpusTags *_src){
} }
int opus_tags_add(OpusTags *_tags,const char *_tag,const char *_value){ int opus_tags_add(OpusTags *_tags,const char *_tag,const char *_value){
char *comment; char *comment;
int tag_len; size_t tag_len;
int value_len; size_t value_len;
int ncomments; int ncomments;
int ret; int ret;
ncomments=_tags->comments; ncomments=_tags->comments;
ret=op_tags_ensure_capacity(_tags,ncomments+1); ret=op_tags_ensure_capacity(_tags,ncomments+1);
if(OP_UNLIKELY(ret<0))return ret; if(OP_UNLIKELY(ret<0))return ret;
tag_len=strlen(_tag); tag_len=strlen(_tag);
value_len=strlen(_value); value_len=strlen(_value);
/*+2 for '=' and '\0'.*/ /*+2 for '=' and '\0'.*/
if(tag_len+value_len<tag_len)return OP_EFAULT;
if(tag_len+value_len>(size_t)INT_MAX-2)return OP_EFAULT;
comment=(char *)_ogg_malloc(sizeof(*comment)*(tag_len+value_len+2)); comment=(char *)_ogg_malloc(sizeof(*comment)*(tag_len+value_len+2));
if(OP_UNLIKELY(comment==NULL))return OP_EFAULT; if(OP_UNLIKELY(comment==NULL))return OP_EFAULT;
memcpy(comment,_tag,sizeof(*comment)*tag_len); memcpy(comment,_tag,sizeof(*comment)*tag_len);
comment[tag_len]='='; comment[tag_len]='=';
memcpy(comment+tag_len+1,_value,sizeof(*comment)*(value_len+1)); memcpy(comment+tag_len+1,_value,sizeof(*comment)*(value_len+1));
_tags->user_comments[ncomments]=comment; _tags->user_comments[ncomments]=comment;
_tags->comment_lengths[ncomments]=tag_len+value_len+1; _tags->comment_lengths[ncomments]=(int)(tag_len+value_len+1);
_tags->comments=ncomments+1; _tags->comments=ncomments+1;
return 0; return 0;
} }
...@@ -337,7 +339,10 @@ int opus_tags_set_binary_suffix(OpusTags *_tags, ...@@ -337,7 +339,10 @@ int opus_tags_set_binary_suffix(OpusTags *_tags,
} }
int opus_tagcompare(const char *_tag_name,const char *_comment){ int opus_tagcompare(const char *_tag_name,const char *_comment){
return opus_tagncompare(_tag_name,strlen(_tag_name),_comment); size_t tag_len;
tag_len=strlen(_tag_name);
if(OP_UNLIKELY(tag_len>(size_t)INT_MAX))return -1;
return opus_tagncompare(_tag_name,(int)tag_len,_comment);
} }
int opus_tagncompare(const char *_tag_name,int _tag_len,const char *_comment){ int opus_tagncompare(const char *_tag_name,int _tag_len,const char *_comment){
...@@ -348,17 +353,18 @@ int opus_tagncompare(const char *_tag_name,int _tag_len,const char *_comment){ ...@@ -348,17 +353,18 @@ int opus_tagncompare(const char *_tag_name,int _tag_len,const char *_comment){
} }
const char *opus_tags_query(const OpusTags *_tags,const char *_tag,int _count){ const char *opus_tags_query(const OpusTags *_tags,const char *_tag,int _count){
char **user_comments; char **user_comments;
int tag_len; size_t tag_len;
int found; int found;
int ncomments; int ncomments;
int ci; int ci;
tag_len=strlen(_tag); tag_len=strlen(_tag);
if(OP_UNLIKELY(tag_len>(size_t)INT_MAX))return NULL;
ncomments=_tags->comments; ncomments=_tags->comments;
user_comments=_tags->user_comments; user_comments=_tags->user_comments;
found=0; found=0;
for(ci=0;ci<ncomments;ci++){ for(ci=0;ci<ncomments;ci++){
if(!opus_tagncompare(_tag,tag_len,user_comments[ci])){ if(!opus_tagncompare(_tag,(int)tag_len,user_comments[ci])){
/*We return a pointer to the data, not a copy.*/ /*We return a pointer to the data, not a copy.*/
if(_count==found++)return user_comments[ci]+tag_len+1; if(_count==found++)return user_comments[ci]+tag_len+1;
} }
...@@ -368,17 +374,18 @@ const char *opus_tags_query(const OpusTags *_tags,const char *_tag,int _count){ ...@@ -368,17 +374,18 @@ const char *opus_tags_query(const OpusTags *_tags,const char *_tag,int _count){
} }
int opus_tags_query_count(const OpusTags *_tags,const char *_tag){ int opus_tags_query_count(const OpusTags *_tags,const char *_tag){
char **user_comments; char **user_comments;
int tag_len; size_t tag_len;
int found; int found;
int ncomments; int ncomments;
int ci; int ci;
tag_len=strlen(_tag); tag_len=strlen(_tag);
if(OP_UNLIKELY(tag_len>(size_t)INT_MAX))return 0;
ncomments=_tags->comments; ncomments=_tags->comments;
user_comments=_tags->user_comments; user_comments=_tags->user_comments;
found=0; found=0;
for(ci=0;ci<ncomments;ci++){ for(ci=0;ci<ncomments;ci++){
if(!opus_tagncompare(_tag,tag_len,user_comments[ci]))found++; if(!opus_tagncompare(_tag,(int)tag_len,user_comments[ci]))found++;
} }
return found; return found;
} }
...@@ -403,7 +410,8 @@ static int opus_tags_get_gain(const OpusTags *_tags,int *_gain_q8, ...@@ -403,7 +410,8 @@ static int opus_tags_get_gain(const OpusTags *_tags,int *_gain_q8,
ncomments=_tags->comments; ncomments=_tags->comments;
/*Look for the first valid tag with the name _tag_name and use that.*/ /*Look for the first valid tag with the name _tag_name and use that.*/
for(ci=0;ci<ncomments;ci++){ for(ci=0;ci<ncomments;ci++){
if(opus_tagncompare(_tag_name,_tag_len,comments[ci])==0){ OP_ASSERT(tag_len<=(size_t)INT_MAX);
if(opus_tagncompare(_tag_name,(int)_tag_len,comments[ci])==0){
char *p; char *p;
opus_int32 gain_q8; opus_int32 gain_q8;
int negative; int negative;
......
...@@ -86,14 +86,15 @@ int op_test(OpusHead *_head, ...@@ -86,14 +86,15 @@ int op_test(OpusHead *_head,
This is to prevent us spending a lot of time allocating memory and looking This is to prevent us spending a lot of time allocating memory and looking
for Ogg pages in non-Ogg files.*/ for Ogg pages in non-Ogg files.*/
if(memcmp(_initial_data,"OggS",4)!=0)return OP_ENOTFORMAT; if(memcmp(_initial_data,"OggS",4)!=0)return OP_ENOTFORMAT;
if(OP_UNLIKELY(_initial_bytes>(size_t)LONG_MAX))return OP_EFAULT;
ogg_sync_init(&oy); ogg_sync_init(&oy);
data=ogg_sync_buffer(&oy,_initial_bytes); data=ogg_sync_buffer(&oy,(long)_initial_bytes);
if(data!=NULL){ if(data!=NULL){
ogg_stream_state os; ogg_stream_state os;
ogg_page og; ogg_page og;
int ret; int ret;
memcpy(data,_initial_data,_initial_bytes); memcpy(data,_initial_data,_initial_bytes);
ogg_sync_wrote(&oy,_initial_bytes); ogg_sync_wrote(&oy,(long)_initial_bytes);
ogg_stream_init(&os,-1); ogg_stream_init(&os,-1);
err=OP_FALSE; err=OP_FALSE;
do{ do{
...@@ -1504,6 +1505,7 @@ static int op_open1(OggOpusFile *_of, ...@@ -1504,6 +1505,7 @@ static int op_open1(OggOpusFile *_of,
int seekable; int seekable;
int ret; int ret;
memset(_of,0,sizeof(*_of)); memset(_of,0,sizeof(*_of));
if(OP_UNLIKELY(_initial_bytes>(size_t)LONG_MAX))return OP_EFAULT;
_of->end=-1; _of->end=-1;
_of->source=_source; _of->source=_source;
*&_of->callbacks=*_cb; *&_of->callbacks=*_cb;
...@@ -1520,9 +1522,9 @@ static int op_open1(OggOpusFile *_of, ...@@ -1520,9 +1522,9 @@ static int op_open1(OggOpusFile *_of,
decoding entire files from RAM.*/ decoding entire files from RAM.*/
if(_initial_bytes>0){ if(_initial_bytes>0){
char *buffer; char *buffer;
buffer=ogg_sync_buffer(&_of->oy,_initial_bytes); buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
ogg_sync_wrote(&_of->oy,_initial_bytes); ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
} }
/*Can we seek? /*Can we seek?
Stevens suggests the seek test is portable.*/ Stevens suggests the seek test is portable.*/
......
...@@ -100,7 +100,8 @@ static int op_capi_get_by_subject(X509_LOOKUP *_lu,int _type,X509_NAME *_name, ...@@ -100,7 +100,8 @@ static int op_capi_get_by_subject(X509_LOOKUP *_lu,int _type,X509_NAME *_name,
representation for something, it's the answer that 9 of them would representation for something, it's the answer that 9 of them would
give you back. give you back.
I don't think OpenSSL's encoding qualifies.*/ I don't think OpenSSL's encoding qualifies.*/
find_para.cbData=_name->bytes->length; if(OP_UNLIKELY(_name->bytes->length>MAXDWORD))return 0;
find_para.cbData=(DWORD)_name->bytes->length;
find_para.pbData=(unsigned char *)_name->bytes->data; find_para.pbData=(unsigned char *)_name->bytes->data;
cert=CertFindCertificateInStore(h_store,X509_ASN_ENCODING,0, cert=CertFindCertificateInStore(h_store,X509_ASN_ENCODING,0,
CERT_FIND_SUBJECT_NAME,&find_para,NULL); CERT_FIND_SUBJECT_NAME,&find_para,NULL);
...@@ -122,7 +123,8 @@ static int op_capi_get_by_subject(X509_LOOKUP *_lu,int _type,X509_NAME *_name, ...@@ -122,7 +123,8 @@ static int op_capi_get_by_subject(X509_LOOKUP *_lu,int _type,X509_NAME *_name,
ret=op_capi_retrieve_by_subject(_lu,_type,_name,_ret); ret=op_capi_retrieve_by_subject(_lu,_type,_name,_ret);
if(ret>0)return ret; if(ret>0)return ret;
memset(&cert_info,0,sizeof(cert_info)); memset(&cert_info,0,sizeof(cert_info));
cert_info.Issuer.cbData=_name->bytes->length; if(OP_UNLIKELY(_name->bytes->length>MAXDWORD))return 0;
cert_info.Issuer.cbData=(DWORD)_name->bytes->length;
cert_info.Issuer.pbData=(unsigned char *)_name->bytes->data; cert_info.Issuer.pbData=(unsigned char *)_name->bytes->data;
memset(&find_para,0,sizeof(find_para)); memset(&find_para,0,sizeof(find_para));
find_para.pCertInfo=&cert_info; find_para.pCertInfo=&cert_info;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment