Merge pull request #4119 from sysown/CodeQL

CodeQL scan and fixes
sysown · Mar 8, 2023 · 8efe681 · 8efe681
2 parents a29bb98 + be7d6c0
commit 8efe681
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 26 deletions.
diff --git a/deps/Makefile b/deps/Makefile
@@ -124,7 +124,7 @@ libhttpserver: libhttpserver/libhttpserver/build/src/.libs/libhttpserver.a
 libev/libev/.libs/libev.a:
 	cd libev && rm -rf libev-*/ || true
 	cd libev && tar -zxf libev-*.tar.gz
-#	cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch
+	cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch
 	cd libev/libev && ./configure
 	cd libev/libev && CC=${CC} CXX=${CXX} ${MAKE}
 
@@ -265,7 +265,7 @@ endif
 	cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_lib.c < ../mariadb_lib.c.x509cache.patch
 	cd mariadb-client-library/mariadb_client && patch libmariadb/secure/openssl.c < ../openssl.c.x509cache.patch
 	cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient
-# cd mariadb-client-library/mariadb_client/include && make my_config.h
+#	cd mariadb-client-library/mariadb_client/include && make my_config.h
 
 mariadb_client: mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a
 
@@ -274,7 +274,7 @@ sqlite3/sqlite3/sqlite3.o:
 	cd sqlite3 && rm -rf sqlite-amalgamation-*/ || true
 	cd sqlite3 && tar -zxf sqlite-amalgamation-*.tar.gz
 	cd sqlite3/sqlite3 && patch -p1 < ../from_unixtime.patch
-#	cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch
+	cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch
 	cd sqlite3/sqlite3 && ${CC} ${MYCFLAGS} -fPIC -c -o sqlite3.o sqlite3.c -DSQLITE_ENABLE_MEMORY_MANAGEMENT -DSQLITE_ENABLE_JSON1 -DSQLITE_DLL=1
 	cd sqlite3/sqlite3 && ${CC} -shared -o libsqlite3.so sqlite3.o
 
@@ -308,7 +308,7 @@ re2/re2/obj/libre2.a:
 	cd re2 && tar -zxf re2-*.tar.gz
 #	cd re2/re2 && sed -i -e 's/-O3 -g /-O3 -fPIC /' Makefile
 #	cd re2/re2 && patch util/mutex.h < ../mutex.h.patch
-#	cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch
+	cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch
 ifeq ($(UNAME_S),Darwin)
 	cd re2/re2 && sed -i '' -e 's/-O3 -g/-O3 -g -std=c++11 -fPIC -DMEMORY_SANITIZER -DRE2_ON_VALGRIND /' Makefile
 #	cd re2/re2 && sed -i '' -e 's/RE2_CXXFLAGS?=-std=c++11 /RE2_CXXFLAGS?=-std=c++11 -fPIC /' Makefile
@@ -324,7 +324,7 @@ re2: re2/re2/obj/libre2.a
 pcre/pcre/.libs/libpcre.a:
 	cd pcre && rm -rf pcre-*/ || true
 	cd pcre && tar -zxf pcre-*.tar.gz
-#	cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch
+	cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch
 	cd pcre/pcre && ./configure
 	cd pcre/pcre && CC=${CC} CXX=${CXX} ${MAKE}
 

diff --git a/deps/libev/ev.c-multiplication-overflow.patch b/deps/libev/ev.c-multiplication-overflow.patch
@@ -1,4 +1,4 @@
-@@ -1937,7 +1937,7 @@
+@@ -2253,7 +2253,7 @@
    while (cnt > ncur);
 
    /* if size is large, round to MALLOC_ROUND - 4 * longs to accommodate malloc overhead */
@@ -7,12 +7,12 @@
      {
        ncur *= elem;
        ncur = (ncur + elem + (MALLOC_ROUND - 1) + sizeof (void *) * 4) & ~(MALLOC_ROUND - 1);
-@@ -1953,7 +1953,7 @@
+@@ -2269,7 +2269,7 @@
  array_realloc (int elem, void *base, int *cur, int cnt)
  {
    *cur = array_nextsize (elem, *cur, cnt);
 -  return ev_realloc (base, elem * *cur);
 +  return ev_realloc (base, (long) elem * *cur);
  }
 
- #define array_init_zero(base,count)	\
+ #define array_needsize_noinit(base,offset,count)
diff --git a/deps/sqlite3/sqlite3.c-multiplication-overflow.patch b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch
@@ -1,18 +1,13 @@
-@@ -103301,7 +103301,7 @@
-   int n = *pnEntry;
-   if( (n & (n-1))==0 ){
-     int sz = (n==0) ? 1 : 2*n;
--    void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry);
-+    void *pNew = sqlite3DbRealloc(db, pArray, (long) sz*szEntry);
-     if( pNew==0 ){
-       *pIdx = -1;
-       return pArray;
-@@ -141183,7 +141183,7 @@
-     pStart = 0;
-   }else if( pBuf==0 ){
-     sqlite3BeginBenignMalloc();
--    pStart = sqlite3Malloc( sz*cnt );  /* IMP: R-61949-35727 */
-+    pStart = sqlite3Malloc( (long) sz*cnt );  /* IMP: R-61949-35727 */
-     sqlite3EndBenignMalloc();
-     if( pStart ) cnt = sqlite3MallocSize(pStart)/sz;
-   }else{
+@@ -173310,10 +173310,10 @@
+ #ifndef SQLITE_OMIT_TWOSIZE_LOOKASIDE
+   if( sz>=LOOKASIDE_SMALL*3 ){
+     nBig = szAlloc/(3*LOOKASIDE_SMALL+sz);
+-    nSm = (szAlloc - sz*nBig)/LOOKASIDE_SMALL;
++    nSm = (szAlloc - (long) sz*nBig)/LOOKASIDE_SMALL;
+   }else if( sz>=LOOKASIDE_SMALL*2 ){
+     nBig = szAlloc/(LOOKASIDE_SMALL+sz);
+-    nSm = (szAlloc - sz*nBig)/LOOKASIDE_SMALL;
++    nSm = (szAlloc - (long) sz*nBig)/LOOKASIDE_SMALL;
+   }else
+ #endif /* SQLITE_OMIT_TWOSIZE_LOOKASIDE */
+   if( sz>0 ){