From ca3e2ad983771b90da259994b7a6d7de1fd1abdc Mon Sep 17 00:00:00 2001 From: Allen Winter Date: Sat, 1 Oct 2022 09:58:07 -0400 Subject: src/libical/icalparser.c - fix a fuzz issue for integer overflow --- src/libical/icalparser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/libical/icalparser.c b/src/libical/icalparser.c index ebb10970..5ddab29b 100644 --- a/src/libical/icalparser.c +++ b/src/libical/icalparser.c @@ -630,6 +630,7 @@ icalcomponent *icalparser_parse(icalparser *parser, icalparser_line_gen_func line_gen_func) { char *line; + unsigned int cnt = 0; icalcomponent *c = 0; icalcomponent *root = 0; icalerrorstate es = icalerror_get_error_state(ICAL_MALFORMEDDATA_ERROR); @@ -640,6 +641,7 @@ icalcomponent *icalparser_parse(icalparser *parser, icalerror_set_error_state(ICAL_MALFORMEDDATA_ERROR, ICAL_ERROR_NONFATAL); do { + cnt++; line = icalparser_get_line(parser, line_gen_func); if ((c = icalparser_add_line(parser, line)) != 0) { @@ -679,7 +681,7 @@ icalcomponent *icalparser_parse(icalparser *parser, icalmemory_free_buffer(line); cont = 1; } - } while (cont); + } while (cont && cnt < TMP_BUF_SIZE); icalerror_set_error_state(ICAL_MALFORMEDDATA_ERROR, es); -- cgit v1.2.1 From 7830c1a2b35799929c5544a93d8cbf201d91055a Mon Sep 17 00:00:00 2001 From: Allen Winter Date: Sat, 1 Oct 2022 21:07:44 -0400 Subject: fix coverity warnings - mostly related to YEAR2038 issues fixed by casting. --- src/libical/icalcomponent.c | 2 +- src/libical/icaltz-util.c | 4 ++-- src/test/regression-component.c | 12 ++++++------ src/test/stow.c | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/libical/icalcomponent.c b/src/libical/icalcomponent.c index cef5df5d..bc160a04 100644 --- a/src/libical/icalcomponent.c +++ b/src/libical/icalcomponent.c @@ -865,7 +865,7 @@ void icalcomponent_foreach_recurrence(icalcomponent *comp, icaltimetype mystart = start; /* make sure we include any recurrence that ends in timespan */ - icaltime_adjust(&mystart, 0, 0, 0, -(int)dtduration); + icaltime_adjust(&mystart, 0, 0, 0, -(int)(long)dtduration); icalrecur_iterator_set_start(rrule_itr, mystart); } diff --git a/src/libical/icaltz-util.c b/src/libical/icaltz-util.c index 20642874..ab5b6f85 100644 --- a/src/libical/icaltz-util.c +++ b/src/libical/icaltz-util.c @@ -631,8 +631,8 @@ icalcomponent *icaltzutil_fetch_timezone(const char *location) /* Read the footer */ if (trans_size == 8 && - (footer[0] = fgetc(f)) == '\n' && - fgets(footer+1, (int) sizeof(footer)-1, f) && + (footer[0] = (char)fgetc(f)) == '\n' && + fgets(footer+1, (int)sizeof(footer)-1, f) && footer[strlen(footer)-1] == '\n') { tzstr = footer+1; } diff --git a/src/test/regression-component.c b/src/test/regression-component.c index caed9af4..7efe3429 100644 --- a/src/test/regression-component.c +++ b/src/test/regression-component.c @@ -291,7 +291,7 @@ void create_new_component_with_va_args() static void print_span(int c, struct icaltime_span span) { - printf("span-->%d, %d\n", (int)span.start, (int)span.end); + printf("span-->%ld, %ld\n", (long)span.start, (long)span.end); if (span.start == 0) { printf("#%02d start: (empty)\n", c); } else { @@ -364,7 +364,7 @@ void test_icalcomponent_get_span() if (VERBOSE) print_span(tnum++, span); - int_is("floating time", (int)span.start, (int)tm1); + int_is("floating time", (int)(long)span.start, (int)(long)tm1); icalcomponent_free(c); @@ -448,7 +448,7 @@ void test_icalcomponent_get_span() if (VERBOSE) print_span(tnum++, span); - int_is("start == end", (int)span.start, (int)span.end); + int_is("start == end", (int)(long)span.start, (int)(long)span.end); icalcomponent_free(c); /** test 7 @@ -464,7 +464,7 @@ void test_icalcomponent_get_span() if (VERBOSE) print_span(tnum++, span); - int_is("UTC", (int)span.start, 973296000); + int_is("UTC", (int)(long)span.start, 973296000); icalcomponent_free(c); /** test 8 @@ -476,7 +476,7 @@ void test_icalcomponent_get_span() (void *)0); span = icalcomponent_get_span(c); - int_is("UTC #2", (int)span.start, 973296000); + int_is("UTC #2", (int)(long)span.start, 973296000); if (VERBOSE) print_span(tnum++, span); @@ -493,7 +493,7 @@ void test_icalcomponent_get_span() if (VERBOSE) print_span(tnum++, span); - int_is("start date only", (int)span.end, 973382399); + int_is("start date only", (int)(long)span.end, 973382399); icalcomponent_free(c); diff --git a/src/test/stow.c b/src/test/stow.c index a02186ac..2d3e4473 100644 --- a/src/test/stow.c +++ b/src/test/stow.c @@ -183,8 +183,8 @@ char *make_mime(const char *to, const char *from, const char *subject, uname(&uts); srand((unsigned int)(time(0) << getpid())); - snprintf(content_id, TMPSIZE_SMALL, "%d-%d@%s", (int)time(0), rand(), uts.nodename); - snprintf(boundary, TMPSIZE_SMALL, "%d-%d-%s", (int)time(0), rand(), uts.nodename); + snprintf(content_id, TMPSIZE_SMALL, "%ld-%d@%s", (long)time(0), rand(), uts.nodename); + snprintf(boundary, TMPSIZE_SMALL, "%ld-%d-%s", (long)time(0), rand(), uts.nodename); //krazy:cond=style snprintf(mime_part_1, TMPSIZE, "Content-ID: %s\n\ Content-type: text/plain\n\ -- cgit v1.2.1 From 8b681837b7345b720dd57e81bb3dbf726577422a Mon Sep 17 00:00:00 2001 From: Allen Winter Date: Mon, 3 Oct 2022 10:44:35 -0400 Subject: suppress some coverity issues supress coverity issues that we can't fix --- src/libical/icalrestriction.c.in | 25 +++++++++++++++++-------- src/libicalss/icalssyacc.c | 3 ++- 2 files changed, 19 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/libical/icalrestriction.c.in b/src/libical/icalrestriction.c.in index e36773f1..3931fcb0 100644 --- a/src/libical/icalrestriction.c.in +++ b/src/libical/icalrestriction.c.in @@ -331,19 +331,24 @@ static int icalrestriction_check_component(icalproperty_method method, icalcompo assert(compare != -1); if (compare == 0) { -#define TMP_BUF_SIZE 1024 +#if !defined(__COVERITY__) + /* Coverity doesn't think the memory allocated by icalparameter_new_xlicerrortype() + * is freed, even though it should be freed in icalproperty_free() + */ + #define TMP_BUF_SIZE 1024 char temp[TMP_BUF_SIZE]; icalproperty *errProp; - icalparameter *errParam; snprintf(temp, TMP_BUF_SIZE, "Failed iTIP restrictions for %s property. " "Expected %s instances of the property and got %d", icalenum_property_kind_to_string(kind), restr_string_map[restr], count); - errParam = icalparameter_new_xlicerrortype(ICAL_XLICERRORTYPE_INVALIDITIP); - errProp = icalproperty_vanew_xlicerror(temp, errParam, 0); + errProp = + icalproperty_vanew_xlicerror( + temp, icalparameter_new_xlicerrortype(ICAL_XLICERRORTYPE_INVALIDITIP), 0); icalcomponent_add_property(comp, errProp); icalproperty_free(errProp); +#endif } prop = icalcomponent_get_first_property(comp, kind); @@ -353,15 +358,19 @@ static int icalrestriction_check_component(icalproperty_method method, icalcompo } if (funcr != 0) { +#if !defined(__COVERITY__) + /* Coverity doesn't think the memory allocated by icalparameter_new_xlicerrortype() + * is freed, even though it should be freed in icalproperty_free() + */ icalproperty *errProp; - icalparameter *errParam; - errParam = icalparameter_new_xlicerrortype(ICAL_XLICERRORTYPE_INVALIDITIP); - errProp = icalproperty_vanew_xlicerror(funcr, errParam, 0); + errProp = + icalproperty_vanew_xlicerror( + funcr, icalparameter_new_xlicerrortype(ICAL_XLICERRORTYPE_INVALIDITIP), 0); icalcomponent_add_property(comp, errProp); icalproperty_free(errProp); - compare = 0; +#endif } valid = valid && compare; diff --git a/src/libicalss/icalssyacc.c b/src/libicalss/icalssyacc.c index 61b1f502..2416e528 100644 --- a/src/libicalss/icalssyacc.c +++ b/src/libicalss/icalssyacc.c @@ -1317,6 +1317,7 @@ yyparse () YYDPRINTF ((stderr, "Stack size increased to %lu\n", (unsigned long int) yystacksize)); + /* coverity[OVERRUN] */ if (yyss + yystacksize - 1 <= yyssp) YYABORT; } @@ -1418,9 +1419,9 @@ yyreduce: users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ + /* coverity[uninit_use] */ yyval = yyvsp[1-yylen]; - YY_REDUCE_PRINT (yyn); switch (yyn) { -- cgit v1.2.1 From 0fe0d9d4ef152243f47f9c8e17520d10a67ba2c6 Mon Sep 17 00:00:00 2001 From: Allen Winter Date: Mon, 3 Oct 2022 11:43:20 -0400 Subject: add clang diagnostic pragmas to quiet unreachable-code warnings fixes: #486 --- src/libicalss/icalssyacc.c | 6 ++++-- src/test/regression-storage.c | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/libicalss/icalssyacc.c b/src/libicalss/icalssyacc.c index 2416e528..e386ad80 100644 --- a/src/libicalss/icalssyacc.c +++ b/src/libicalss/icalssyacc.c @@ -1599,9 +1599,11 @@ yyerrorlab: /* Pacify compilers like GCC when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ - if (/*CONSTCOND*/ 0) +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunreachable-code" + if (/*CONSTCOND*/ 0) goto yyerrorlab; - +#pragma clang diagnostic pop /* Do not reclaim the symbols of the rule which action triggered this YYERROR. */ YYPOPSTACK (yylen); diff --git a/src/test/regression-storage.c b/src/test/regression-storage.c index 7ce594d2..eb11f6d5 100644 --- a/src/test/regression-storage.c +++ b/src/test/regression-storage.c @@ -305,6 +305,8 @@ void test_bdbset() return; // for now... TODO fix these broken tests.. +#pragma clang diagnostic push /* remove when/if we remove the proceeding return statement */ +#pragma clang diagnostic ignored "-Wunreachable-code" start = icaltime_from_timet_with_zone(time(0), 0, NULL); end = start; end.hour++; @@ -452,6 +454,7 @@ void test_bdbset() } icalset_free(cout); } +#pragma clang diagnostic pop } #endif -- cgit v1.2.1