[misc] fix Coverity warnings for Syslinux and libcdio

* Also increase libcdio's ISO9660 read buffer sanity check to 1 GB.
2 months ago · bb8f231c07
9 changed files with 34 additions and 22 deletions
--- a/src/libcdio/driver/_cdio_stdio.c
+++ b/src/libcdio/driver/_cdio_stdio.c
@ -210,8 +210,8 @@ _stdio_read(void *user_data, void *buf, size_t count)
  _UserData *const ud = user_data;
  long read_count;

-  // Define a safe buffer size for _stdio_read
-  const size_t MAX_ALLOWED_COUNT = 0x100000;
+  // Define a max buffer size of 1 GB for _stdio_read
+  const size_t MAX_ALLOWED_COUNT = 0x40000000;
  if (count > MAX_ALLOWED_COUNT) {
      cdio_error("Requested count exceeds maximum allowed value.\n");
      return 0;
--- a/src/libcdio/driver/track.c
+++ b/src/libcdio/driver/track.c
@ -178,6 +178,7 @@ cdio_get_track(const CdIo_t *p_cdio, lsn_t lsn)

  {
    track_t i_low_track   = cdio_get_first_track_num(p_cdio);
+    // coverity[overflow_const]
    track_t i_high_track  = cdio_get_last_track_num(p_cdio)+1;
    track_t i_lead_track  = i_high_track;

--- a/src/libcdio/driver/utf8.c
+++ b/src/libcdio/driver/utf8.c
@ -321,8 +321,19 @@ bool cdio_charset_to_utf8(const char *src, size_t src_len, cdio_utf8_t **dst,
  if (src == NULL || dst == NULL || src_charset == NULL)
    return false;

-  /* Convert big endian to little endian */
  if (strcmp(src_charset, "UCS-2BE") == 0) {
+    codepage = -1;
+  } else if (strcmp(src_charset, "ASCII") == 0 || strcmp(src_charset, "ISO-8859-1") == 0) {
+    codepage = 28591;
+  } else if (strcmp(src_charset, "SHIFT_JIS") == 0) {
+    codepage = 932;
+  } else {
+    cdio_warn("Conversion from %s to UTF-8 is not implemented", src_charset);
+    return false;
+  }
+
+  switch (codepage) {
+  case -1: /* Convert big endian to little endian */
    /* Compute UCS-2 src length */
    if (src_len == (size_t)-1) {
      for (src_len = 0; ((uint16_t*)src)[src_len] !=0; src_len++);
@ -344,16 +355,8 @@ bool cdio_charset_to_utf8(const char *src, size_t src_len, cdio_utf8_t **dst,
      ((char*)wstr)[2*i+1] = src[2*i];
    }
    wstr[src_len] = 0;
-  }
-
-  /* Convert multi-byte to wide string */
-  if (strcmp(src_charset, "ASCII") == 0 || strcmp(src_charset, "ISO-8859-1") == 0) {
-    codepage = 28591;
-  } else if (strcmp(src_charset, "SHIFT_JIS") == 0) {
-    codepage = 932;
-  }
-
-  if (codepage != 0) {
+    break;
+  default:  /* Convert multi-byte to wide string */
    /* Compute src length */
    if (src_len == (size_t)-1) {
      for (src_len = 0; src[src_len] != 0; src_len++);
@ -377,6 +380,7 @@ bool cdio_charset_to_utf8(const char *src, size_t src_len, cdio_utf8_t **dst,
      free(wstr);
      return false;
    }
+    break;
  }

  /* Convert wide string to UTF-8 */
--- a/src/libcdio/iso9660/iso9660.c
+++ b/src/libcdio/iso9660/iso9660.c
@ -258,9 +258,9 @@ iso9660_get_dtime (const iso9660_dtime_t *idr_date, bool b_localtime,
    errno = 0;                                                          \
    tmp = strtol(num,                                                   \
                 (char **)NULL, 10);                                    \
-    if ( tmp < INT_MIN || tmp > INT_MAX ||                              \
-         ((unsigned long)tmp + ADD_CONSTANT) > INT_MAX ||               \
-         (tmp + ADD_CONSTANT) < INT_MIN )                               \
+    if ( tmp == LONG_MIN || tmp == LONG_MAX ||                          \
+         ((unsigned long)tmp + ADD_CONSTANT) == LONG_MAX ||             \
+         (tmp + ADD_CONSTANT) == LONG_MIN )                             \
      return false;                                                     \
    p_tm->TM_FIELD = tmp + ADD_CONSTANT;                                \
  }
--- a/src/libcdio/iso9660/iso9660_fs.c
+++ b/src/libcdio/iso9660/iso9660_fs.c
@ -1614,6 +1614,7 @@ iso9660_fs_readdir (CdIo_t *p_cdio, const char psz_path[])
  retval = _cdio_list_new ();

  /* Check for potential integer overflow when calculating total blocks */
+  // coverity[dead_error_condition]
  if (blocks > (SIZE_MAX / ISO_BLOCKSIZE)) {
    cdio_warn("Total size is too large");
    iso9660_stat_free(p_stat);
--- a/src/rufus.rc
+++ b/src/rufus.rc
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 4.8.2246"
+CAPTION "Rufus 4.8.2247"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
    LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -407,8 +407,8 @@ END
 //

 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 4,8,2246,0
- PRODUCTVERSION 4,8,2246,0
+ FILEVERSION 4,8,2247,0
+ PRODUCTVERSION 4,8,2247,0
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -426,13 +426,13 @@ BEGIN
            VALUE "Comments", "https://rufus.ie"
            VALUE "CompanyName", "Akeo Consulting"
            VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "4.8.2246"
+            VALUE "FileVersion", "4.8.2247"
            VALUE "InternalName", "Rufus"
            VALUE "LegalCopyright", "© 2011-2025 Pete Batard (GPL v3)"
            VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
            VALUE "OriginalFilename", "rufus-4.8.exe"
            VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "4.8.2246"
+            VALUE "ProductVersion", "4.8.2247"
        END
    END
    BLOCK "VarFileInfo"
--- a/src/syslinux/libfat/dumpdir.c
+++ b/src/syslinux/libfat/dumpdir.c
@ -108,7 +108,7 @@ int libfat_dumpdir(struct libfat_filesystem *fs, libfat_dirpos_t *dp,
    di->name[ARRAYSIZE(di->name) - 1] = 0;

    if (di->name[0] == 0) {
-	for (i = 0, j = 0; i < 12; i++) {
+	for (i = 0, j = 0; i < 11; i++) {
 	    if ((i >= 8) && (dep->name[i] == ' '))
 		break;
 	    if (i == 8)
--- a/src/syslinux/libinstaller/fs.c
+++ b/src/syslinux/libinstaller/fs.c
@ -38,14 +38,19 @@ void syslinux_make_bootsect(void *bs, int fs_type)
 	const struct fat_boot_sector *sbs =
 	    (const struct fat_boot_sector *)boot_sector;

+	// The overruns are intended
+	// coverity[overrun-buffer-arg]
 	memcpy(&bootsect->FAT_bsHead, &sbs->FAT_bsHead, FAT_bsHeadLen);
+	// coverity[overrun-buffer-arg]
 	memcpy(&bootsect->FAT_bsCode, &sbs->FAT_bsCode, FAT_bsCodeLen);
    } else if (fs_type == NTFS) {
 	struct ntfs_boot_sector *bootsect = bs;
 	const struct ntfs_boot_sector *sbs =
 	    (const struct ntfs_boot_sector *)boot_sector;

+	// coverity[overrun-buffer-arg]
 	memcpy(&bootsect->NTFS_bsHead, &sbs->NTFS_bsHead, NTFS_bsHeadLen);
+	// coverity[overrun-buffer-arg]
 	memcpy(&bootsect->NTFS_bsCode, &sbs->NTFS_bsCode, NTFS_bsCodeLen);
    }
 }
--- a/src/syslinux/libinstaller/syslxmod.c
+++ b/src/syslinux/libinstaller/syslxmod.c
@ -168,6 +168,7 @@ int syslinux_patch(const sector_t *sectp, int nsectors,
 #endif

    /* -1 for the pointer in the boot sector, -2 for the two ADVs */
+    // coverity[tainted_data]
    generate_extents(ex, nptrs, sectp, nsect-1-2);

    /* ADV pointers */