From 17d44e847f39fd49ce275ba930166bde11cb811c Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Wed, 21 Aug 2024 09:28:00 +0200
Subject: [PATCH] [coverity] fix various warnings

---
 channels/rdpgfx/client/rdpgfx_main.c |  3 ++-
 client/X11/xf_client.c               |  5 +++--
 client/X11/xf_window.c               |  7 ++++---
 client/common/cmdline.c              |  4 +++-
 libfreerdp/core/gateway/rdg.c        |  1 -
 libfreerdp/core/rdp.c                | 11 +++++++++--
 libfreerdp/crypto/certificate.c      |  3 +++
 libfreerdp/crypto/per.c              | 16 +++++++---------
 libfreerdp/utils/smartcard_call.c    |  1 +
 winpr/libwinpr/utils/image.c         |  3 ++-
 10 files changed, 34 insertions(+), 20 deletions(-)

diff --git a/channels/rdpgfx/client/rdpgfx_main.c b/channels/rdpgfx/client/rdpgfx_main.c
index d3ff9b763..d44a5a396 100644
--- a/channels/rdpgfx/client/rdpgfx_main.c
+++ b/channels/rdpgfx/client/rdpgfx_main.c
@@ -790,7 +790,7 @@ static UINT rdpgfx_send_cache_import_offer_pdu(RdpgfxClientContext* context,
 
 	header.flags = 0;
 	header.cmdId = RDPGFX_CMDID_CACHEIMPORTOFFER;
-	header.pduLength = RDPGFX_HEADER_SIZE + 2 + pdu->cacheEntriesCount * 12;
+	header.pduLength = RDPGFX_HEADER_SIZE + 2ul + pdu->cacheEntriesCount * 12ul;
 	DEBUG_RDPGFX(gfx->log, "SendCacheImportOfferPdu: cacheEntriesCount: %" PRIu16 "",
 	             pdu->cacheEntriesCount);
 	s = Stream_New(NULL, header.pduLength);
@@ -893,6 +893,7 @@ static UINT rdpgfx_send_cache_offer(RDPGFX_PLUGIN* gfx)
 		goto fail;
 	}
 
+	WINPR_ASSERT(count <= UINT16_MAX);
 	offer->cacheEntriesCount = (UINT16)count;
 
 	WLog_DBG(TAG, "Sending Cache Import Offer: %d", count);
diff --git a/client/X11/xf_client.c b/client/X11/xf_client.c
index 4722b5804..e8fd8f617 100644
--- a/client/X11/xf_client.c
+++ b/client/X11/xf_client.c
@@ -796,16 +796,17 @@ void xf_unlock_x11_(xfContext* xfc, const char* fkt)
 {
 	if (xfc->locked == 0)
 		WLog_WARN(TAG, "X11: trying to unlock although not locked!");
+	else
+		xfc->locked--;
 
 #ifdef WITH_DEBUG_X11
-	WLog_VRB(TAG, "[%" PRIu32 "] from %s", xfc->locked - 1, fkt);
+	WLog_VRB(TAG, "[%" PRIu32 "] from %s", xfc->locked, fkt);
 #endif
 
 	if (!xfc->UseXThreads)
 		ReleaseMutex(xfc->mutex);
 	else
 		XUnlockDisplay(xfc->display);
-	xfc->locked--;
 }
 
 static BOOL xf_get_pixmap_info(xfContext* xfc)
diff --git a/client/X11/xf_window.c b/client/X11/xf_window.c
index ae3b226a5..774f3d5f2 100644
--- a/client/X11/xf_window.c
+++ b/client/X11/xf_window.c
@@ -295,14 +295,15 @@ void xf_SetWindowFullscreen(xfContext* xfc, xfWindow* window, BOOL fullscreen)
 				if (xf_GetWindowProperty(xfc, window->handle, xfc->_NET_WM_STATE, 255, &nitems,
 				                         &bytes, &prop))
 				{
+					const Atom* aprop = (const Atom*)prop;
 					state = 0;
 
-					while (nitems-- > 0)
+					for (size_t x = 0; x < nitems; x++)
 					{
-						if (((Atom*)prop)[nitems] == xfc->_NET_WM_STATE_MAXIMIZED_VERT)
+						if (aprop[x] == xfc->_NET_WM_STATE_MAXIMIZED_VERT)
 							state |= 0x01;
 
-						if (((Atom*)prop)[nitems] == xfc->_NET_WM_STATE_MAXIMIZED_HORZ)
+						if (aprop[x] == xfc->_NET_WM_STATE_MAXIMIZED_HORZ)
 							state |= 0x02;
 					}
 
diff --git a/client/common/cmdline.c b/client/common/cmdline.c
index b34ae0f3f..389d7c686 100644
--- a/client/common/cmdline.c
+++ b/client/common/cmdline.c
@@ -436,7 +436,9 @@ static size_t print_description(const char* text, size_t start_offset, size_t cu
 	} while (cur != NULL);
 
 	free(str);
-	current += (size_t)printf("\n");
+	const int rc = printf("\n");
+	if (rc >= 0)
+		current += (size_t)rc;
 	return current;
 }
 
diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index 22bbd4c35..656eba84d 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -2217,7 +2217,6 @@ rdpRdg* rdg_new(rdpContext* context)
 		rdg->log = WLog_Get(TAG);
 		rdg->state = RDG_CLIENT_STATE_INITIAL;
 		rdg->context = context;
-		rdg->context->settings = rdg->context->settings;
 		rdg->extAuth =
 		    (rdg->context->settings->GatewayHttpExtAuthSspiNtlm ? HTTP_EXTENDED_AUTH_SSPI_NTLM
 		                                                        : HTTP_EXTENDED_AUTH_NONE);
diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c
index 466a9a79d..0172f3035 100644
--- a/libfreerdp/core/rdp.c
+++ b/libfreerdp/core/rdp.c
@@ -1084,12 +1084,19 @@ state_run_t rdp_recv_data_pdu(rdpRdp* rdp, wStream* s)
 
 	if (compressedType & PACKET_COMPRESSED)
 	{
+		if (compressedLength < 18)
+		{
+			WLog_Print(rdp->log, WLOG_ERROR,
+			           "bulk_decompress: not enough bytes for compressedLength %" PRIu16 "",
+			           compressedLength);
+			return STATE_RUN_FAILED;
+		}
+
 		UINT32 DstSize = 0;
 		const BYTE* pDstData = NULL;
 		UINT16 SrcSize = compressedLength - 18;
 
-		if ((compressedLength < 18) ||
-		    (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, SrcSize)))
+		if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, SrcSize))
 		{
 			WLog_Print(rdp->log, WLOG_ERROR,
 			           "bulk_decompress: not enough bytes for compressedLength %" PRIu16 "",
diff --git a/libfreerdp/crypto/certificate.c b/libfreerdp/crypto/certificate.c
index 9d3e44f02..03e52dd01 100644
--- a/libfreerdp/crypto/certificate.c
+++ b/libfreerdp/crypto/certificate.c
@@ -1349,6 +1349,9 @@ char* freerdp_certificate_get_fingerprint_by_hash_ex(const rdpCertificate* cert,
 	if (!fp)
 		return NULL;
 
+	if (fp_len < 1)
+		goto fail;
+
 	size = fp_len * 3 + 1;
 	fp_buffer = calloc(size, sizeof(char));
 	if (!fp_buffer)
diff --git a/libfreerdp/crypto/per.c b/libfreerdp/crypto/per.c
index 8ccfa4d02..ab683f9f8 100644
--- a/libfreerdp/crypto/per.c
+++ b/libfreerdp/crypto/per.c
@@ -575,12 +575,7 @@ BOOL per_read_numeric_string(wStream* s, UINT16 min)
 
 BOOL per_write_numeric_string(wStream* s, const BYTE* num_str, UINT16 length, UINT16 min)
 {
-	UINT16 mlength = 0;
-	BYTE num = 0;
-	BYTE c1 = 0;
-	BYTE c2 = 0;
-
-	mlength = (length >= min) ? length - min : min;
+	const UINT16 mlength = (length >= min) ? length - min : min;
 
 	if (!per_write_length(s, mlength))
 		return FALSE;
@@ -589,12 +584,15 @@ BOOL per_write_numeric_string(wStream* s, const BYTE* num_str, UINT16 length, UI
 		return FALSE;
 	for (UINT16 i = 0; i < length; i += 2)
 	{
-		c1 = num_str[i];
-		c2 = ((i + 1) < length) ? num_str[i + 1] : 0x30;
+		BYTE c1 = num_str[i];
+		BYTE c2 = ((i + 1) < length) ? num_str[i + 1] : 0x30;
+
+		if ((c1 < 0x30) || (c2 < 0x30))
+			return FALSE;
 
 		c1 = (c1 - 0x30) % 10;
 		c2 = (c2 - 0x30) % 10;
-		num = (c1 << 4) | c2;
+		const BYTE num = (c1 << 4) | c2;
 
 		Stream_Write_UINT8(s, num); /* string */
 	}
diff --git a/libfreerdp/utils/smartcard_call.c b/libfreerdp/utils/smartcard_call.c
index a22b3b694..93988b287 100644
--- a/libfreerdp/utils/smartcard_call.c
+++ b/libfreerdp/utils/smartcard_call.c
@@ -220,6 +220,7 @@ static LONG smartcard_ListReaderGroupsW_Call(scard_call_context* smartcard, wStr
 	cchGroups = SCARD_AUTOALLOCATE;
 	status = ret.ReturnCode = wrap(smartcard, SCardListReaderGroupsW, operation->hContext,
 	                               (LPWSTR)&mszGroups, &cchGroups);
+	WINPR_ASSERT(cchGroups != SCARD_AUTOALLOCATE);
 	ret.msz = (BYTE*)mszGroups;
 	ret.cBytes = cchGroups * sizeof(WCHAR);
 
diff --git a/winpr/libwinpr/utils/image.c b/winpr/libwinpr/utils/image.c
index 09fca602e..4aee2278f 100644
--- a/winpr/libwinpr/utils/image.c
+++ b/winpr/libwinpr/utils/image.c
@@ -940,8 +940,9 @@ static void* winpr_read_png_from_buffer(const void* data, size_t SrcSize, size_t
 	                 NULL, NULL) != 1)
 		goto fail;
 
+	WINPR_ASSERT(bit_depth >= 0);
 	const png_byte channelcount = png_get_channels(png_ptr, info_ptr);
-	const size_t bpp = channelcount * bit_depth;
+	const size_t bpp = channelcount * (size_t)bit_depth;
 
 	row_pointers = png_get_rows(png_ptr, info_ptr);
 	if (row_pointers)