diff --git a/channels/parallel/client/parallel_main.c b/channels/parallel/client/parallel_main.c index 4be078693..ace475f9b 100644 --- a/channels/parallel/client/parallel_main.c +++ b/channels/parallel/client/parallel_main.c @@ -212,7 +212,6 @@ static UINT parallel_process_irp_write(PARALLEL_DEVICE* parallel, IRP* irp) UINT32 len = 0; UINT32 Length = 0; UINT64 Offset = 0; - ssize_t status = 0; WINPR_ASSERT(parallel); WINPR_ASSERT(irp); @@ -233,7 +232,7 @@ static UINT parallel_process_irp_write(PARALLEL_DEVICE* parallel, IRP* irp) while (len > 0) { - status = write(parallel->file, ptr, len); + const ssize_t status = write(parallel->file, ptr, len); if ((status < 0) || (status > len)) { diff --git a/libfreerdp/cache/persistent.c b/libfreerdp/cache/persistent.c index d9f62c84a..b14ee4e97 100644 --- a/libfreerdp/cache/persistent.c +++ b/libfreerdp/cache/persistent.c @@ -148,7 +148,10 @@ static int persistent_cache_read_entry_v3(rdpPersistentCache* persistent, entry->key64 = entry3.key64; entry->width = entry3.width; entry->height = entry3.height; - entry->size = 4ul * entry3.width * entry3.height; + const UINT64 size = 4ull * entry3.width * entry3.height; + if (size > UINT32_MAX) + return -1; + entry->size = size; entry->flags = 0; if (entry->size > persistent->bmpSize) diff --git a/libfreerdp/utils/smartcard_call.c b/libfreerdp/utils/smartcard_call.c index 00153cb10..4bad47e9e 100644 --- a/libfreerdp/utils/smartcard_call.c +++ b/libfreerdp/utils/smartcard_call.c @@ -191,6 +191,9 @@ static LONG smartcard_ListReaderGroupsA_Call(scard_call_context* smartcard, wStr cchGroups = SCARD_AUTOALLOCATE; ret.ReturnCode = wrap(smartcard, SCardListReaderGroupsA, operation->hContext, (LPSTR)&mszGroups, &cchGroups); + if (cchGroups == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; + ret.msz = (BYTE*)mszGroups; ret.cBytes = cchGroups; @@ -220,7 +223,9 @@ static LONG smartcard_ListReaderGroupsW_Call(scard_call_context* smartcard, wStr cchGroups = SCARD_AUTOALLOCATE; status = ret.ReturnCode = wrap(smartcard, SCardListReaderGroupsW, operation->hContext, (LPWSTR)&mszGroups, &cchGroups); - WINPR_ASSERT(cchGroups != SCARD_AUTOALLOCATE); + if (cchGroups == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; + ret.msz = (BYTE*)mszGroups; ret.cBytes = cchGroups * sizeof(WCHAR); @@ -341,6 +346,8 @@ static LONG smartcard_ListReadersA_Call(scard_call_context* smartcard, wStream* cchReaders = SCARD_AUTOALLOCATE; status = ret.ReturnCode = wrap(smartcard, SCardListReadersA, operation->hContext, (LPCSTR)call->mszGroups, (LPSTR)&mszReaders, &cchReaders); + if (cchReaders == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; if (status != SCARD_S_SUCCESS) { @@ -396,6 +403,8 @@ static LONG smartcard_ListReadersW_Call(scard_call_context* smartcard, wStream* cchReaders = SCARD_AUTOALLOCATE; status = ret.ReturnCode = wrap(smartcard, SCardListReadersW, operation->hContext, string.wz, (LPWSTR)&mszReaders.pw, &cchReaders); + if (cchReaders == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; if (status != SCARD_S_SUCCESS) return scard_log_status_error(TAG, "SCardListReadersW", status); @@ -851,6 +860,8 @@ static LONG smartcard_GetReaderIcon_Call(scard_call_context* smartcard, wStream* ret.ReturnCode = wrap(smartcard, SCardGetReaderIconW, operation->hContext, call->szReaderName, (LPBYTE)&ret.pbData, &ret.cbDataLen); scard_log_status_error(TAG, "SCardGetReaderIconW", ret.ReturnCode); + if (ret.cbDataLen == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; status = smartcard_pack_get_reader_icon_return(out, &ret); wrap(smartcard, SCardFreeMemory, operation->hContext, ret.pbData); @@ -1224,6 +1235,9 @@ static LONG smartcard_StatusA_Call(scard_call_context* smartcard, wStream* out, &ret.dwState, &ret.dwProtocol, cbAtrLen ? (BYTE*)&ret.pbAtr : NULL, &cbAtrLen); scard_log_status_error(TAG, "SCardStatusA", status); + if (cchReaderLen == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; + if (status == SCARD_S_SUCCESS) { if (!call->fmszReaderNamesIsNULL) @@ -1276,6 +1290,9 @@ static LONG smartcard_StatusW_Call(scard_call_context* smartcard, wStream* out, call->fmszReaderNamesIsNULL ? NULL : (LPWSTR)&mszReaderNames, &ret.cBytes, &ret.dwState, &ret.dwProtocol, (BYTE*)&ret.pbAtr, &cbAtrLen); scard_log_status_error(TAG, "SCardStatusW", status); + if (ret.cBytes == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; + if (status == SCARD_S_SUCCESS) { if (!call->fmszReaderNamesIsNULL) @@ -1403,6 +1420,9 @@ static LONG smartcard_GetAttrib_Call(scard_call_context* smartcard, wStream* out ret.ReturnCode = wrap(smartcard, SCardGetAttrib, operation->hCard, call->dwAttrId, pbAttr, &cbAttrLen); scard_log_status_error(TAG, "SCardGetAttrib", ret.ReturnCode); + if (cbAttrLen == SCARD_AUTOALLOCATE) + return SCARD_F_UNKNOWN_ERROR; + ret.cbAttrLen = cbAttrLen; status = smartcard_pack_get_attrib_return(out, &ret, call->dwAttrId, call->cbAttrLen); diff --git a/uwac/libuwac/uwac-clipboard.c b/uwac/libuwac/uwac-clipboard.c index 727761dca..2ff96042f 100644 --- a/uwac/libuwac/uwac-clipboard.c +++ b/uwac/libuwac/uwac-clipboard.c @@ -246,9 +246,11 @@ void* UwacClipboardDataGet(UwacSeat* seat, const char* mime, size_t* size) do { - void* tmp = NULL; + if (alloc >= SIZE_MAX - 1024) + goto fail; + alloc += 1024; - tmp = xrealloc(data, alloc); + void* tmp = xrealloc(data, alloc); if (!tmp) goto fail; diff --git a/uwac/libuwac/uwac-window.c b/uwac/libuwac/uwac-window.c index aecf9170e..fa30dbda5 100644 --- a/uwac/libuwac/uwac-window.c +++ b/uwac/libuwac/uwac-window.c @@ -78,6 +78,7 @@ static void UwacWindowDestroyBuffers(UwacWindow* w) w->buffers = NULL; } +WINPR_ATTR_MALLOC(UwacWindowDestroyBuffers, 1) static int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize, uint32_t width, uint32_t height, enum wl_shm_format format); @@ -331,7 +332,7 @@ int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize return UWAC_ERROR_NOMEMORY; /* round up to a multiple of PAGESIZE to page align data for each buffer */ - uint64_t test = (0ull + allocSize + pagesize - 1ull) & ~(pagesize - 1); + const uint64_t test = (1ull * allocSize + pagesize - 1ull) & ~(pagesize - 1); if (test > INT64_MAX) return UWAC_ERROR_NOMEMORY;