Merge pull request #68 from douzzer/20241007-C23-fortify-source-llvm-20-etc

20241007-C23-fortify-source-llvm-20-etc

Author: philljj

Makefile.analyzers

@@ -52,7 +52,7 @@ static wolfsentry_errcode_t wolfsentry_action_init_1(const char *label, int labe
     if (label_len <= 0)
         WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
 
-    if (action_size < sizeof *action + (size_t)label_len + 1)
+    if (action_size < offsetof(struct wolfsentry_action, label) + (size_t)label_len + 1)
         WOLFSENTRY_ERROR_RETURN(BUFFER_TOO_SMALL);
 
     memset(&action->header, 0, sizeof action->header);
@@ -107,7 +107,7 @@ WOLFSENTRY_LOCAL wolfsentry_errcode_t wolfsentry_action_clone(
     struct wolfsentry_table_ent_header **new_ent,
     wolfsentry_clone_flags_t flags)
 {
-    struct wolfsentry_action * const src_action = (struct wolfsentry_action * const)src_ent;
+    const struct wolfsentry_action * const src_action = (const struct wolfsentry_action * const)src_ent;
     struct wolfsentry_action ** const new_action = (struct wolfsentry_action ** const)new_ent;
     size_t new_size = sizeof *src_action + (size_t)(src_action->label_len) + 1;
 
@@ -178,11 +178,12 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_action_insert(
 
 WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_action_delete(WOLFSENTRY_CONTEXT_ARGS_IN, const char *label, int label_len, wolfsentry_action_res_t *action_results) {
     wolfsentry_errcode_t ret;
-    struct {
-        struct wolfsentry_action action;
-        byte buf[WOLFSENTRY_MAX_LABEL_BYTES+1];
-    } target;
-    struct wolfsentry_action *target_p = &target.action;
+    WOLFSENTRY_STACKBUF(
+        struct wolfsentry_action,
+        label,
+        WOLFSENTRY_MAX_LABEL_BYTES+1,
+        target);
+    struct wolfsentry_action *target_p = &target.target;
 
     if ((label_len == 0) || (label == NULL))
         WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
@@ -195,12 +196,12 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_action_delete(WOLFSENTRY_CONTEXT_
             WOLFSENTRY_ERROR_RETURN(STRING_ARG_TOO_LONG);
     }
 
-    ret = wolfsentry_action_init_1(label, label_len, WOLFSENTRY_ACTION_FLAG_NONE, NULL, NULL, &target.action, sizeof target);
+    ret = wolfsentry_action_init_1(label, label_len, WOLFSENTRY_ACTION_FLAG_NONE, NULL, NULL, &target.target, sizeof target);
     WOLFSENTRY_RERETURN_IF_ERROR(ret);
 
     WOLFSENTRY_MUTEX_OR_RETURN();
 
-    target.action.header.parent_table = &wolfsentry->actions->header;
+    target.target.header.parent_table = &wolfsentry->actions->header;
 
     if ((ret = wolfsentry_table_ent_delete(WOLFSENTRY_CONTEXT_ARGS_OUT, (struct wolfsentry_table_ent_header **)&target_p)) < 0)
         goto out;

src/actions.c

@@ -264,10 +264,11 @@ static wolfsentry_errcode_t wolfsentry_addr_family_get_byname_1(
     struct wolfsentry_addr_family_bynumber **addr_family)
 {
     wolfsentry_errcode_t ret;
-    struct {
-        struct wolfsentry_addr_family_byname target;
-        byte buf[WOLFSENTRY_MAX_LABEL_BYTES];
-    } target;
+    WOLFSENTRY_STACKBUF(
+        struct wolfsentry_addr_family_byname,
+        name,
+        WOLFSENTRY_MAX_LABEL_BYTES,
+        target);
 
     struct wolfsentry_addr_family_byname *addr_family_1 = &target.target;
 

src/addr_families.c

@@ -56,7 +56,7 @@ static wolfsentry_errcode_t wolfsentry_event_init_1(const char *label, int label
     if (label_len <= 0)
         WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
 
-    if (event_size < sizeof *event + (size_t)label_len + 1)
+    if (event_size < offsetof(struct wolfsentry_event, label) + (size_t)label_len + 1)
         WOLFSENTRY_ERROR_RETURN(BUFFER_TOO_SMALL);
 
     memset(&event->header, 0, sizeof event->header);
@@ -134,7 +134,7 @@ WOLFSENTRY_LOCAL wolfsentry_errcode_t wolfsentry_event_clone_bare(
     struct wolfsentry_table_ent_header ** const new_ent,
     wolfsentry_clone_flags_t flags)
 {
-    struct wolfsentry_event * const src_event = (struct wolfsentry_event * const)src_ent;
+    const struct wolfsentry_event * const src_event = (const struct wolfsentry_event * const)src_ent;
     struct wolfsentry_event ** const new_event = (struct wolfsentry_event ** const)new_ent;
     size_t new_size = sizeof *src_event + (size_t)(src_event->label_len) + 1;
 
@@ -316,11 +316,12 @@ WOLFSENTRY_API const struct wolfsentry_event *wolfsentry_event_get_aux_event(con
 
 static wolfsentry_errcode_t wolfsentry_event_get_1(WOLFSENTRY_CONTEXT_ARGS_IN, const char *label, int label_len, struct wolfsentry_event **event) {
     wolfsentry_errcode_t ret;
-    struct {
-        struct wolfsentry_event event;
-        byte buf[WOLFSENTRY_MAX_LABEL_BYTES];
-    } target;
-    struct wolfsentry_event *event_1 = &target.event;
+    WOLFSENTRY_STACKBUF(
+        struct wolfsentry_event,
+        label,
+        WOLFSENTRY_MAX_LABEL_BYTES,
+        target);
+    struct wolfsentry_event *event_1 = &target.target;
 
     if (label_len == 0)
         WOLFSENTRY_ERROR_RETURN(INVALID_ARG);
@@ -329,7 +330,7 @@ static wolfsentry_errcode_t wolfsentry_event_get_1(WOLFSENTRY_CONTEXT_ARGS_IN, c
     if (label_len > WOLFSENTRY_MAX_LABEL_BYTES)
         WOLFSENTRY_ERROR_RETURN(STRING_ARG_TOO_LONG);
 
-    ret = wolfsentry_event_init_1(label, label_len, 0, NULL, &target.event, sizeof target);
+    ret = wolfsentry_event_init_1(label, label_len, 0, NULL, &target.target, sizeof target);
     WOLFSENTRY_RERETURN_IF_ERROR(ret);
 
     ret = wolfsentry_table_ent_get(WOLFSENTRY_CONTEXT_ARGS_OUT, &wolfsentry->events->header, (struct wolfsentry_table_ent_header **)&event_1);

src/events.c

@@ -839,7 +839,7 @@ json_value_string(const JSON_VALUE* v)
 WOLFSENTRY_API size_t
 json_value_string_length(const JSON_VALUE* v)
 {
-    uint8_t* payload;
+    const uint8_t* payload;
     size_t off = 0;
     size_t len = 0;
     unsigned shift = 0;

src/json/centijson_value.c

@@ -1902,9 +1902,11 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_feed(
         WOLFSENTRY_SET_BITS(jps->load_flags, WOLFSENTRY_CONFIG_LOAD_FLAG_FINI);
         if (err_buf) {
             if (WOLFSENTRY_ERROR_DECODE_SOURCE_ID(jps->fini_ret) == WOLFSENTRY_SOURCE_ID_UNSET)
-                snprintf(err_buf, err_buf_size, "json_feed failed at offset %d, line %u, col %u, with centijson code " WOLFSENTRY_ERRCODE_FMT ": %s", (int)json_pos.offset, json_pos.line_number, json_pos.column_number, (int)jps->fini_ret, json_error_str(jps->fini_ret));
+                ret = snprintf(err_buf, err_buf_size, "json_feed failed at offset %d, line %u, col %u, with centijson code " WOLFSENTRY_ERRCODE_FMT ": %s", (int)json_pos.offset, json_pos.line_number, json_pos.column_number, (int)jps->fini_ret, json_error_str(jps->fini_ret));
             else
-                snprintf(err_buf, err_buf_size, "json_feed failed at offset %d, line %u, col %u, with " WOLFSENTRY_ERROR_FMT, (int)json_pos.offset, json_pos.line_number, json_pos.column_number, WOLFSENTRY_ERROR_FMT_ARGS(jps->fini_ret));
+                ret = snprintf(err_buf, err_buf_size, "json_feed failed at offset %d, line %u, col %u, with " WOLFSENTRY_ERROR_FMT, (int)json_pos.offset, json_pos.line_number, json_pos.column_number, WOLFSENTRY_ERROR_FMT_ARGS(jps->fini_ret));
+            if (ret >= (int)err_buf_size)
+                err_buf[err_buf_size - 1] = 0;
         }
         WOLFSENTRY_ERROR_RERETURN(wolfsentry_centijson_errcode_translate(jps->fini_ret));
     }
@@ -1941,9 +1943,14 @@ WOLFSENTRY_API wolfsentry_errcode_t wolfsentry_config_json_fini(
     } else {
         (*jps)->fini_ret = json_fini(&(*jps)->parser, &json_pos);
         if ((*jps)->fini_ret < 0) {
-            if (err_buf != NULL)
-                snprintf(err_buf, err_buf_size, "json_fini failed at offset %d, line %u, col %u, with code " WOLFSENTRY_ERRCODE_FMT ": %s.",
-                         (int)json_pos.offset,json_pos.line_number, json_pos.column_number, (int)(*jps)->fini_ret, json_error_str((*jps)->fini_ret));
+            if (err_buf != NULL) {
+                if (snprintf(err_buf, err_buf_size, "json_fini failed at offset %d, line %u, col %u, with code " WOLFSENTRY_ERRCODE_FMT ": %s.",
+                             (int)json_pos.offset,json_pos.line_number, json_pos.column_number, (int)(*jps)->fini_ret, json_error_str((*jps)->fini_ret))
+                    >= (int)err_buf_size)
+                {
+                    err_buf[err_buf_size - 1] = 0;
+                }
+            }
             ret = wolfsentry_centijson_errcode_translate((*jps)->fini_ret);
             goto out;
         }