From f3f032e63f7843b8bed3bbcccb58714b38b60e49 Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Tue, 18 Apr 2017 16:40:04 +0900 Subject: [PATCH] eina log - try and fix coverity complaint about integer overflow again it seems coverity didn't like our checks like if end - start > 0xffff then dont do anything. this should effectively stop any issues but seemingly not, so try another way to keep coverity happy. CID 1361220 --- src/lib/eina/eina_log.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/src/lib/eina/eina_log.c b/src/lib/eina/eina_log.c index 21553b6..50a69d5 100644 --- a/src/lib/eina/eina_log.c +++ b/src/lib/eina/eina_log.c @@ -1128,40 +1128,38 @@ eina_log_domain_parse_pendings(void) while (1) { Eina_Log_Domain_Level_Pending *p; - char *end = NULL; - char *tmp = NULL; + char *end = NULL, *tmp = NULL; + ptrdiff_t diff; long int level; end = strchr(start, ':'); - if (!end) - break; + if (!end) break; // Parse level, keep going if failed level = strtol((char *)(end + 1), &tmp, 10); - if (tmp == (end + 1)) - goto parse_end; + if (tmp == (end + 1)) goto parse_end; + + if (start > end) break; + diff = end - start; // If the name of the log is more than 64k it's silly so give up // as it's pointless and in theory could overflow pointer - if ((end - start) > 0xffff) - break; + if (diff > (ptrdiff_t)0xffff) break; + // Parse name - p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + (end - start) + 1); - if (!p) - break; + p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + diff + 1); + if (!p) break; - p->namelen = end - start; - memcpy((char *)p->name, start, end - start); - ((char *)p->name)[end - start] = '\0'; + p->namelen = diff; + memcpy((char *)p->name, start, diff); + ((char *)p->name)[diff] = '\0'; p->level = level; _pending_list = eina_inlist_append(_pending_list, EINA_INLIST_GET(p)); parse_end: start = strchr(tmp, ','); - if (start) - start++; - else - break; + if (start) start++; + else break; } } -- 2.7.4