Skip to content

Commit

Permalink
Simplify bounds checks
Browse files Browse the repository at this point in the history
We can save a lot of work this way.
  • Loading branch information
AZero13 committed Oct 17, 2023
1 parent 2e931c9 commit a82c089
Show file tree
Hide file tree
Showing 14 changed files with 77 additions and 74 deletions.
2 changes: 1 addition & 1 deletion backend/dnssd.c
Original file line number Diff line number Diff line change
Expand Up @@ -1189,7 +1189,7 @@ query_callback(
char *valptr = value + strlen(value);
/* Pointer into value */

if (valptr < (value + sizeof(value) - 1))
if (valptr < (value + (sizeof(value) - 1)))
*valptr++ = ',';

ptr += 6;
Expand Down
6 changes: 3 additions & 3 deletions cgi-bin/ipp-var.c
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ cgiGetAttributes(ipp_t *request, /* I - IPP request */
break;
else if (nameptr > name && ch == '?')
break;
else if (nameptr < (name + sizeof(name) - 1))
else if (nameptr < (name + (sizeof(name) - 1)))
{
if (ch == '_')
*nameptr++ = '-';
Expand Down Expand Up @@ -875,7 +875,7 @@ cgiRewriteURL(const char *uri, /* I - Current URI */
*resptr++ = hexchars[*rawptr & 15];
}
}
else if (resptr < (resource + sizeof(resource) - 1))
else if (resptr < (resource + (sizeof(resource) - 1)))
*resptr++ = *rawptr;

*resptr = '\0';
Expand Down Expand Up @@ -967,7 +967,7 @@ cgiSetIPPObjectVars(
else
nameptr = name;

for (i = 0; attr->name[i] && nameptr < (name + sizeof(name) - 1); i ++)
for (i = 0; attr->name[i] && nameptr < (name + (sizeof(name) - 1)); i++)
if (attr->name[i] == '-')
*nameptr++ = '_';
else
Expand Down
4 changes: 2 additions & 2 deletions cgi-bin/template.c
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ cgi_copy(FILE *out, /* I - Output file */
uriencode = 1;
else if (s > name && ch == '?')
break;
else if (s < (name + sizeof(name) - 1))
else if (s < (name + (sizeof(name) - 1)))
*s++ = (char)ch;

*s = '\0';
Expand Down Expand Up @@ -454,7 +454,7 @@ cgi_copy(FILE *out, /* I - Output file */
for (s = compare; (ch = getc(in)) != EOF;)
if (ch == '?')
break;
else if (s >= (compare + sizeof(compare) - 1))
else if (s >= (compare + (sizeof(compare) - 1)))
continue;
else if (ch == '#')
{
Expand Down
12 changes: 6 additions & 6 deletions cgi-bin/var.c
Original file line number Diff line number Diff line change
Expand Up @@ -651,7 +651,7 @@ cgi_initialize_cookies(void)
*/

for (ptr = name; *cookie && *cookie != '=';)
if (ptr < (name + sizeof(name) - 1))
if (ptr < (name + (sizeof(name) - 1)))
{
*ptr++ = *cookie++;
}
Expand All @@ -674,7 +674,7 @@ cgi_initialize_cookies(void)
if (*cookie == '\"')
{
for (cookie ++, ptr = value; *cookie && *cookie != '\"';)
if (ptr < (value + sizeof(value) - 1))
if (ptr < (value + (sizeof(value) - 1)))
{
*ptr++ = *cookie++;
}
Expand All @@ -692,7 +692,7 @@ cgi_initialize_cookies(void)
else
{
for (ptr = value; *cookie && *cookie != ';';)
if (ptr < (value + sizeof(value) - 1))
if (ptr < (value + (sizeof(value) - 1)))
{
*ptr++ = *cookie++;
}
Expand Down Expand Up @@ -1103,7 +1103,7 @@ cgi_initialize_string(const char *data) /* I - Form data string */
break;

case '+' : /* Escaped space character */
if (s < (value + sizeof(value) - 1))
if (s < (value + (sizeof(value) - 1)))
*s++ = ' ';
break;

Expand All @@ -1115,7 +1115,7 @@ cgi_initialize_string(const char *data) /* I - Form data string */
if (!isxdigit(data[1] & 255) || !isxdigit(data[2] & 255))
return (0);

if (s < (value + sizeof(value) - 1))
if (s < (value + (sizeof(value) - 1)))
{
data ++;
ch = *data - '0';
Expand All @@ -1134,7 +1134,7 @@ cgi_initialize_string(const char *data) /* I - Form data string */
break;

default : /* Other characters come straight through */
if (*data >= ' ' && s < (value + sizeof(value) - 1))
if (*data >= ' ' && s < (value + (sizeof(value) - 1)))
*s++ = *data;
break;
}
Expand Down
10 changes: 5 additions & 5 deletions cups/debug.c
Original file line number Diff line number Diff line change
Expand Up @@ -405,7 +405,7 @@ _cups_safe_vsnprintf(

while (isdigit(*format & 255))
{
if (tptr < (tformat + sizeof(tformat) - 1))
if (tptr < (tformat + (sizeof(tformat) - 1)))
*tptr++ = *format;

width = width * 10 + *format++ - '0';
Expand All @@ -414,7 +414,7 @@ _cups_safe_vsnprintf(

if (*format == '.')
{
if (tptr < (tformat + sizeof(tformat) - 1))
if (tptr < (tformat + (sizeof(tformat) - 1)))
*tptr++ = *format;

format ++;
Expand All @@ -437,7 +437,7 @@ _cups_safe_vsnprintf(

while (isdigit(*format & 255))
{
if (tptr < (tformat + sizeof(tformat) - 1))
if (tptr < (tformat + (sizeof(tformat) - 1)))
*tptr++ = *format;

prec = prec * 10 + *format++ - '0';
Expand All @@ -459,7 +459,7 @@ _cups_safe_vsnprintf(
}
else if (*format == 'h' || *format == 'l' || *format == 'L')
{
if (tptr < (tformat + sizeof(tformat) - 1))
if (tptr < (tformat + (sizeof(tformat) - 1)))
*tptr++ = *format;

size = *format++;
Expand All @@ -470,7 +470,7 @@ _cups_safe_vsnprintf(
if (!*format)
break;

if (tptr < (tformat + sizeof(tformat) - 1))
if (tptr < (tformat + (sizeof(tformat) - 1)))
*tptr++ = *format;

type = *format++;
Expand Down
3 changes: 3 additions & 0 deletions cups/dest.c
Original file line number Diff line number Diff line change
Expand Up @@ -3859,6 +3859,9 @@ cups_queue_name(
const char *ptr; // Pointer into serviceName
char *nameptr; // Pointer into name

if (namesize == 0) {
return;
}

for (nameptr = name, ptr = serviceName; *ptr && nameptr < (name + namesize - 1); ptr ++)
{
Expand Down
5 changes: 2 additions & 3 deletions cups/encode.c
Original file line number Diff line number Diff line change
Expand Up @@ -862,10 +862,9 @@ cupsEncodeOptions2(
const char * /* O - First out-of-order option or NULL */
_ippCheckOptions(void)
{
int i; /* Looping var */
size_t i; /* Looping var */


for (i = 0; i < (int)(sizeof(ipp_options) / sizeof(ipp_options[0]) - 1); i ++)
for (i = 0; i < sizeof(ipp_options) / sizeof(ipp_options[0]) - 1; i++)
if (strcmp(ipp_options[i].name, ipp_options[i + 1].name) >= 0)
return (ipp_options[i + 1].name);

Expand Down
42 changes: 22 additions & 20 deletions cups/http-addrlist.c
Original file line number Diff line number Diff line change
Expand Up @@ -57,13 +57,20 @@ httpAddrConnect2(
{
int val; /* Socket option value */
#ifndef _WIN32
int i, j, /* Looping vars */
flags, /* Socket flags */
result; /* Result from select() or poll() */
unsigned i, j; /* Looping vars */
int flags, /* Socket flags */
result; /* Result from select() or poll() */
#endif /* !_WIN32 */
int remaining; /* Remaining timeout */

# ifdef _WIN32
int nfds, /* Number of file descriptors */
fds[100]; /* Socket file descriptors */
#else
nfds_t nfds; /* Number of file descriptors */
int fds[100]; /* Socket file descriptors */
#endif

http_addrlist_t *addrs[100]; /* Addresses */
int max_fd = -1; /* Highest file descriptor */
#ifdef O_NONBLOCK
Expand Down Expand Up @@ -108,14 +115,13 @@ httpAddrConnect2(
{
while (nfds > 0)
{
nfds --;
httpAddrClose(NULL, fds[nfds]);
httpAddrClose(NULL, fds[--nfds]);
}

return (NULL);
}

if (addrlist && nfds < (int)(sizeof(fds) / sizeof(fds[0])))
if (addrlist && nfds < (sizeof(fds) / sizeof(fds[0])))
{
/*
* Create the socket...
Expand Down Expand Up @@ -196,8 +202,7 @@ httpAddrConnect2(

while (nfds > 0)
{
nfds --;
httpAddrClose(NULL, fds[nfds]);
httpAddrClose(NULL, fds[--nfds]);
}

return (addrlist);
Expand All @@ -222,8 +227,7 @@ httpAddrConnect2(
if (fds[nfds] > max_fd)
max_fd = fds[nfds];

addrs[nfds] = addrlist;
nfds ++;
addrs[nfds++] = addrlist;
addrlist = addrlist->next;
}

Expand Down Expand Up @@ -256,8 +260,7 @@ httpAddrConnect2(

while (nfds > 0)
{
nfds --;
httpAddrClose(NULL, fds[nfds]);
httpAddrClose(NULL, fds[--nfds]);
}

*sock = -1;
Expand All @@ -271,7 +274,7 @@ httpAddrConnect2(
pfds[i].events = POLLIN | POLLOUT;
}

result = poll(pfds, (nfds_t)nfds, addrlist ? 100 : remaining > 250 ? 250 : remaining);
result = poll(pfds, nfds, addrlist ? 100 : remaining > 250 ? 250 : remaining);

DEBUG_printf("1httpAddrConnect2: poll() returned %d (%d)", result, errno);
}
Expand Down Expand Up @@ -364,8 +367,7 @@ httpAddrConnect2(

while (nfds > 0)
{
nfds --;
httpAddrClose(NULL, fds[nfds]);
httpAddrClose(NULL, fds[--nfds]);
}

#ifdef _WIN32
Expand Down Expand Up @@ -471,7 +473,7 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p
*temp; /* New address */
char ipv6[64], /* IPv6 address */
*ipv6zone; /* Pointer to zone separator */
int ipv6len; /* Length of IPv6 address */
size_t ipv6len; /* Length of IPv6 address */
_cups_globals_t *cg = _cupsGlobals();
/* Global data */

Expand Down Expand Up @@ -565,9 +567,9 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p
*/

cupsCopyString(ipv6, hostname + 4, sizeof(ipv6));
if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
if ((ipv6len = strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')

Check warning

Code scanning / CodeQL

Unsigned comparison to zero Warning

Pointless comparison of unsigned value to zero.
{
ipv6[ipv6len] = '\0';
ipv6[ipv6len - 1] = '\0';
hostname = ipv6;

/*
Expand All @@ -585,9 +587,9 @@ httpAddrGetList(const char *hostname, /* I - Hostname, IP address, or NULL for p
*/

cupsCopyString(ipv6, hostname + 1, sizeof(ipv6));
if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
if ((ipv6len = strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')

Check warning

Code scanning / CodeQL

Unsigned comparison to zero Warning

Pointless comparison of unsigned value to zero.
{
ipv6[ipv6len] = '\0';
ipv6[ipv6len - 1] = '\0';
hostname = ipv6;
}
}
Expand Down
9 changes: 5 additions & 4 deletions scheduler/auth.c
Original file line number Diff line number Diff line change
Expand Up @@ -1331,8 +1331,9 @@ cupsdFindBest(const char *path, /* I - Resource path */
if ((uriptr = strchr(uri, '?')) != NULL)
*uriptr = '\0'; /* Drop trailing query string */

if ((uriptr = uri + strlen(uri) - 1) > uri && *uriptr == '/')
*uriptr = '\0'; /* Remove trailing '/' */
bestlen = strlen(uri);
if (bestlen > 1 && uri[bestlen - 1] == '/')
uri[bestlen - 1] = '\0'; /* Remove trailing '/' */

if (!strncmp(uri, "/printers/", 10) ||
!strncmp(uri, "/classes/", 9))
Expand All @@ -1341,7 +1342,7 @@ cupsdFindBest(const char *path, /* I - Resource path */
* Check if the URI has .ppd on the end...
*/

uriptr = uri + strlen(uri) - 4; /* len > 4 if we get here... */
uriptr = uri + bestlen - 4; /* len > 4 if we get here... */

if (!strcmp(uriptr, ".ppd"))
*uriptr = '\0';
Expand All @@ -1362,7 +1363,7 @@ cupsdFindBest(const char *path, /* I - Resource path */
loc;
loc = (cupsd_location_t *)cupsArrayNext(Locations))
{
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: Location %s(%d) Limit %x", loc->location ? loc->location : "(null)", (int)loc->length, loc->limit);
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: Location %s(%u) Limit %x", loc->location ? loc->location : "(null)", (unsigned)loc->length, loc->limit);

if (!strncmp(uri, "/printers/", 10) || !strncmp(uri, "/classes/", 9))
{
Expand Down
13 changes: 6 additions & 7 deletions scheduler/log.c
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,7 @@ cupsdCheckLogFile(cups_file_t **lf, /* IO - Log file */
filename[0] = '\0';

for (logptr = logname, ptr = filename + strlen(filename);
*logptr && ptr < (filename + sizeof(filename) - 1);
logptr ++)
*logptr && ptr < (filename + (sizeof(filename) - 1)); logptr++)
if (*logptr == '%')
{
/*
Expand Down Expand Up @@ -801,7 +800,7 @@ cupsdLogPage(cupsd_job_t *job, /* I - Job being printed */
switch (*format)
{
case '%' : /* Literal % */
if (bufptr < (buffer + sizeof(buffer) - 1))
if (bufptr < (buffer + (sizeof(buffer) - 1)))
*bufptr++ = '%';
break;

Expand Down Expand Up @@ -875,7 +874,7 @@ cupsdLogPage(cupsd_job_t *job, /* I - Job being printed */

for (i = 0;
i < attr->num_values &&
bufptr < (buffer + sizeof(buffer) - 1);
bufptr < (buffer + (sizeof(buffer) - 1));
i ++)
{
if (i)
Expand Down Expand Up @@ -934,21 +933,21 @@ cupsdLogPage(cupsd_job_t *job, /* I - Job being printed */
}
}
}
else if (bufptr < (buffer + sizeof(buffer) - 1))
else if (bufptr < (buffer + (sizeof(buffer) - 1)))
*bufptr++ = '-';
break;
}

default :
if (bufptr < (buffer + sizeof(buffer) - 2))
if (bufptr < (buffer + (sizeof(buffer) - 2)))
{
*bufptr++ = '%';
*bufptr++ = *format;
}
break;
}
}
else if (bufptr < (buffer + sizeof(buffer) - 1))
else if (bufptr < (buffer + (sizeof(buffer) - 1)))
*bufptr++ = *format;
}

Expand Down
Loading

0 comments on commit a82c089

Please sign in to comment.