Merge pull request #10774 from akallabeth/cov-fix

[sysconf] _SC_GETPW_R_SIZE_MAX return checks

client/common/client_cliprdr_file.c

@@ -1975,6 +1975,7 @@ BOOL cliprdr_file_context_update_server_data(CliprdrFileContext* file_context, w
 	CliprdrFuseClipDataEntry* clip_data_entry = NULL;
 	FILEDESCRIPTORW* files = NULL;
 	UINT32 n_files = 0;
+	BOOL rc = FALSE;
 
 	WINPR_ASSERT(file_context);
 	WINPR_ASSERT(clip);
@@ -1986,6 +1987,7 @@ BOOL cliprdr_file_context_update_server_data(CliprdrFileContext* file_context, w
 	}
 
 	HashTable_Lock(file_context->inode_table);
+	HashTable_Lock(file_context->clip_data_table);
 	if (does_server_support_clipdata_locking(file_context))
 		clip_data_entry = HashTable_GetItemValue(
 		    file_context->clip_data_table, (void*)(uintptr_t)file_context->current_clip_data_id);
@@ -2001,29 +2003,19 @@ BOOL cliprdr_file_context_update_server_data(CliprdrFileContext* file_context, w
 	    clip_data_dir_new(file_context, does_server_support_clipdata_locking(file_context),
 	                      file_context->current_clip_data_id);
 	if (!clip_data_entry->clip_data_dir)
-	{
+		goto fail;
-		HashTable_Unlock(file_context->inode_table);
-		free(files);
-		return FALSE;
-	}
-
 	if (!update_exposed_path(file_context, clip, clip_data_entry))
-	{
+		goto fail;
-		HashTable_Unlock(file_context->inode_table);
-		free(files);
-		return FALSE;
-	}
-
 	if (!set_selection_for_clip_data_entry(file_context, clip_data_entry, files, n_files))
-	{
+		goto fail;
-		HashTable_Unlock(file_context->inode_table);
-		free(files);
-		return FALSE;
-	}
-	HashTable_Unlock(file_context->inode_table);
 
+	rc = TRUE;
+
+fail:
+	HashTable_Unlock(file_context->clip_data_table);
+	HashTable_Unlock(file_context->inode_table);
 	free(files);
-	return TRUE;
+	return rc;
 #else
 	return FALSE;
 #endif

libfreerdp/core/gateway/http.c

@@ -1030,10 +1030,10 @@ static BOOL http_response_parse_header(HttpResponse* response)
 				break;
 		}
 
-		if (!http_response_parse_header_field(response, name, value))
+		const int rc = http_response_parse_header_field(response, name, value);
-			goto fail;
-
 		*end_of_header = end_of_header_char;
+		if (!rc)
+			goto fail;
 	}
 
 	rc = TRUE;

libfreerdp/crypto/certificate.c

@@ -1404,6 +1404,11 @@ static BOOL bio_read_pem(BIO* bio, char** ppem, size_t* plength)
 	size_t offset = 0;
 	size_t length = blocksize;
 	char* pem = NULL;
+
+	*ppem = NULL;
+	if (plength)
+		*plength = 0;
+
 	while (offset < length)
 	{
 		char* tmp = realloc(pem, length + 1);
@@ -1434,6 +1439,9 @@ static BOOL bio_read_pem(BIO* bio, char** ppem, size_t* plength)
 		*plength = offset;
 	rc = TRUE;
 fail:
+	if (!rc)
+		free(pem);
+
 	return rc;
 }
 
@@ -1445,20 +1453,16 @@ char* freerdp_certificate_get_pem(const rdpCertificate* cert, size_t* pLength)
 char* freerdp_certificate_get_pem_ex(const rdpCertificate* cert, size_t* pLength,
                                      BOOL withCertChain)
 {
-	char* pem = NULL;
 	WINPR_ASSERT(cert);
 
 	if (!cert->x509)
 		return NULL;
 
-	BIO* bio = NULL;
-	int status = 0;
-
 	/**
 	 * Don't manage certificates internally, leave it up entirely to the external client
 	 * implementation
 	 */
-	bio = BIO_new(BIO_s_mem());
+	BIO* bio = BIO_new(BIO_s_mem());
 
 	if (!bio)
 	{
@@ -1466,8 +1470,9 @@ char* freerdp_certificate_get_pem_ex(const rdpCertificate* cert, size_t* pLength
 		return NULL;
 	}
 
-	status = PEM_write_bio_X509(bio, cert->x509);
+	char* pem = NULL;
 
+	const int status = PEM_write_bio_X509(bio, cert->x509);
 	if (status < 0)
 	{
 		WLog_ERR(TAG, "PEM_write_bio_X509 failure: %d", status);
@@ -1476,21 +1481,21 @@ char* freerdp_certificate_get_pem_ex(const rdpCertificate* cert, size_t* pLength
 
 	if (cert->chain && withCertChain)
 	{
-		int count = sk_X509_num(cert->chain);
+		const int count = sk_X509_num(cert->chain);
 		for (int x = 0; x < count; x++)
 		{
 			X509* c = sk_X509_value(cert->chain, x);
-			status = PEM_write_bio_X509(bio, c);
+			const int rc = PEM_write_bio_X509(bio, c);
-			if (status < 0)
+			if (rc < 0)
 			{
-				WLog_ERR(TAG, "PEM_write_bio_X509 failure: %d", status);
+				WLog_ERR(TAG, "PEM_write_bio_X509 failure: %d", rc);
 				goto fail;
 			}
 		}
 	}
 
-	if (!bio_read_pem(bio, &pem, pLength))
+	(void)bio_read_pem(bio, &pem, pLength);
-		goto fail;
+
 fail:
 	BIO_free_all(bio);
 	return pem;

libfreerdp/crypto/tls.c

@@ -448,7 +448,8 @@ static long bio_rdp_tls_ctrl(BIO* bio, int cmd, long num, void* ptr)
 
 			if (status <= 0)
 			{
-				switch (SSL_get_error(tls->ssl, status))
+				const int err = (status < INT32_MIN) ? INT32_MIN : (int)status;
+				switch (SSL_get_error(tls->ssl, err))
 				{
 					case SSL_ERROR_WANT_READ:
 						BIO_set_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);

uwac/libuwac/uwac-priv.h

@@ -270,7 +270,7 @@ struct uwac_window
 struct uwac_buffer_release_data
 {
 	UwacWindow* window;
-	int bufferIdx;
+	size_t bufferIdx;
 };
 typedef struct uwac_buffer_release_data UwacBufferReleaseData;
 

uwac/libuwac/uwac-window.c

@@ -34,7 +34,7 @@
 
 #include <uwac/config.h>
 
-#define UWAC_INITIAL_BUFFERS 3
+#define UWAC_INITIAL_BUFFERS 3ull
 
 static int bppFromShmFormat(enum wl_shm_format format)
 {
@@ -78,7 +78,7 @@ static void UwacWindowDestroyBuffers(UwacWindow* w)
 	w->buffers = NULL;
 }
 
-static int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize,
+static int UwacWindowShmAllocBuffers(UwacWindow* w, uint64_t nbuffers, uint64_t allocSize,
                                      uint32_t width, uint32_t height, enum wl_shm_format format);
 
 static void xdg_handle_toplevel_configure(void* data, struct xdg_toplevel* xdg_toplevel,
@@ -319,23 +319,27 @@ static void shell_popup_done(void* data, struct wl_shell_surface* surface)
 static const struct wl_shell_surface_listener shell_listener = { shell_ping, shell_configure,
 	                                                             shell_popup_done };
 
-int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize, uint32_t width,
+int UwacWindowShmAllocBuffers(UwacWindow* w, uint64_t nbuffers, uint64_t allocSize, uint32_t width,
                               uint32_t height, enum wl_shm_format format)
 {
 	int ret = UWAC_SUCCESS;
 	int fd = 0;
 	void* data = NULL;
 	struct wl_shm_pool* pool = NULL;
-	int64_t pagesize = sysconf(_SC_PAGESIZE);
+
+	if ((width > INT32_MAX) || (height > INT32_MAX))
+		return UWAC_ERROR_NOMEMORY;
+
+	const int64_t pagesize = sysconf(_SC_PAGESIZE);
 	if (pagesize <= 0)
 		return UWAC_ERROR_NOMEMORY;
 
 	/* round up to a multiple of PAGESIZE to page align data for each buffer */
-	const uint64_t test = (1ull * allocSize + pagesize - 1ull) & ~(pagesize - 1);
+	const uint64_t test = (1ull * allocSize + (size_t)pagesize - 1ull) & ~((size_t)pagesize - 1);
 	if (test > INT64_MAX)
 		return UWAC_ERROR_NOMEMORY;
 
-	allocSize = (int64_t)test;
+	allocSize = test;
 
 	UwacBuffer* newBuffers =
 	    xrealloc(w->buffers, (0ull + w->nbuffers + nbuffers) * sizeof(UwacBuffer));
@@ -345,14 +349,18 @@ int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize
 
 	w->buffers = newBuffers;
 	memset(w->buffers + w->nbuffers, 0, sizeof(UwacBuffer) * nbuffers);
-	fd = uwac_create_anonymous_file(1ull * allocSize * nbuffers);
+
+	const size_t allocbuffersize = 1ull * allocSize * nbuffers;
+	if (allocbuffersize > INT32_MAX)
+		return UWAC_ERROR_NOMEMORY;
+
+	fd = uwac_create_anonymous_file((off_t)allocbuffersize);
 
 	if (fd < 0)
 	{
 		return UWAC_ERROR_INTERNAL;
 	}
 
-	const size_t allocbuffersize = 1ull * allocSize * nbuffers;
 	data = mmap(NULL, allocbuffersize, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
 
 	if (data == MAP_FAILED)
@@ -361,7 +369,7 @@ int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize
 		goto error_mmap;
 	}
 
-	pool = wl_shm_create_pool(w->display->shm, fd, allocbuffersize);
+	pool = wl_shm_create_pool(w->display->shm, fd, (int32_t)allocbuffersize);
 
 	if (!pool)
 	{
@@ -370,20 +378,25 @@ int UwacWindowShmAllocBuffers(UwacWindow* w, int64_t nbuffers, int64_t allocSize
 		goto error_mmap;
 	}
 
-	for (int64_t i = 0; i < nbuffers; i++)
+	for (uint64_t i = 0; i < nbuffers; i++)
 	{
 		const size_t idx = (size_t)i;
-		size_t bufferIdx = w->nbuffers + idx;
+		const size_t bufferIdx = w->nbuffers + idx;
 		UwacBuffer* buffer = &w->buffers[bufferIdx];
+
 #ifdef UWAC_HAVE_PIXMAN_REGION
 		pixman_region32_init(&buffer->damage);
 #else
 		region16_init(&buffer->damage);
 #endif
+		const size_t offset = allocSize * idx;
+		if (offset > INT32_MAX)
+			goto error_mmap;
+
 		buffer->data = &((char*)data)[allocSize * idx];
 		buffer->size = allocSize;
-		buffer->wayland_buffer =
+		buffer->wayland_buffer = wl_shm_pool_create_buffer(pool, (int32_t)offset, (int32_t)width,
-		    wl_shm_pool_create_buffer(pool, allocSize * idx, width, height, w->stride, format);
+		                                                   (int32_t)height, w->stride, format);
 		UwacBufferReleaseData* listener_data = xmalloc(sizeof(UwacBufferReleaseData));
 		listener_data->window = w;
 		listener_data->bufferIdx = bufferIdx;

winpr/libwinpr/shell/shell.c

@@ -59,11 +59,11 @@ BOOL GetUserProfileDirectoryA(HANDLE hToken, LPSTR lpProfileDir, LPDWORD lpcchSi
 	}
 
 	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-
+	if (buflen < 0)
-	if (buflen == -1)
 		buflen = 8196;
 
-	char* buf = (char*)malloc(buflen);
+	const size_t s = 1ULL + (size_t)buflen;
+	char* buf = calloc(s, sizeof(char));
 
 	if (!buf)
 		return FALSE;

winpr/libwinpr/sspicli/sspicli.c

@@ -153,10 +153,11 @@ BOOL LogonUserA(LPCSTR lpszUsername, LPCSTR lpszDomain, LPCSTR lpszPassword, DWO
 	}
 
 	long buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-	if (buflen == -1)
+	if (buflen < 0)
 		buflen = 8196;
 
-	char* buf = (char*)calloc(buflen + 1, sizeof(char));
+	const size_t s = 1ULL + (size_t)buflen;
+	char* buf = (char*)calloc(s, sizeof(char));
 	if (!buf)
 		goto fail;