Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hello release team,
for an upcoming stretch point release, I'd like to contribute a new
version of the file package. This got a bit bigger so I'm using the old
style of seeking approval before uploading.
Initially, there were two bugs I wanted to fix:
* #902796: /usr/lib/python2.7/dist-packages/magic.py: Aborts; too many
arguments to str()
Some Python 2.7 code croaks over a bug in the Python bindings.
* #922968: CVE-2019-8905 CVE-2019-8907
After some discussion with the security team (Cc:) I decided to
address this in a point release.
However, while checking the latter, I realized upstream did a lot of
changes in the code since the 5.30 release which the stretch version is
based on. Changes that fix several issues of the (at least) "oh, that's
not good" category: Commit messages like "found by oss-fuzz", "found by
coverity" or "out of boundary read" suggest they are worth to pick even
if there's not an exploit around (I'm not aware of any TBH).
Additionally, some commits introduce changes that should ease applying
future fixes while not changing actual functionality, like switching to
an abstraction of type casting (CAST, RCAST).
So this escalated at little, and instead of picking a single commit, I
ended with the number of 26 ... But I am certain it's worth it.
Still there is an increased risk of introducing regressions, therefore
I'd like to give that package some time to mature. Hence no security
release, and if there are major concerns I might agree to wait until
the second-next point release if the next one is less then four weeks
in the future.
For my side, I did my usual checks, they all passed: The output of file
on a huge collection (>> 100k) of various files, diffing the buildlogs,
checking some packages that heavily depend on file/libmagic. So I'm
optimistic there is no change for worse.
Additionally, and without changing code, I've updated the description
of patches cherry-picked earlier: Adding a URL to the Origin:
information aims to ease the job of reviewers downstream and anywhere
else.
Regards,
Christoph
diff -Nru file-5.30/debian/changelog file-5.30/debian/changelog
--- file-5.30/debian/changelog 2018-06-11 23:16:09.000000000 +0200
+++ file-5.30/debian/changelog 2019-03-18 22:15:18.000000000 +0100
@@ -1,3 +1,12 @@
+file (1:5.30-1+deb9u3) stable; urgency=high
+
+ * Cherry-pick upstream commit FILE5_30-37-g8a942980 "Retain python 2
+ compatibility". Closes: #902796
+ * Cherry-pick a lot of patches that fix obvious issues or seem wise
+ to include. Also: Closes: #922968 [CVE-2019-8905 CVE-2019-8907]
+
+ -- Christoph Biedl <debian.a...@manchmal.in-ulm.de> Mon, 18 Mar 2019
22:15:18 +0100
+
file (1:5.30-1+deb9u2) stable; urgency=high
* Avoid reading past the end of buffer. Closes: #901351
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-01-g64e45647.more-cast-stuff.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-01-g64e45647.more-cast-stuff.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-01-g64e45647.more-cast-stuff.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-01-g64e45647.more-cast-stuff.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: More cast stuff
-Origin: FILE5_30-1-g64e45647
+Origin: FILE5_30-1-g64e45647
<https://github.com/file/file/commit/FILE5_30-1-g64e45647>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Feb 10 18:14:01 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-11-gb1b4efea.pr-598-off-by-one.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-11-gb1b4efea.pr-598-off-by-one.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-11-gb1b4efea.pr-598-off-by-one.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-11-gb1b4efea.pr-598-off-by-one.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: PR/598: Off-by-one
-Origin: FILE5_30-11-gb1b4efea
+Origin: FILE5_30-11-gb1b4efea
<https://github.com/file/file/commit/FILE5_30-11-gb1b4efea>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Tue Mar 7 22:36:10 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-12-g77a7041f.prevent-reading-beyond-our-buffer-when-compacting-whitespace-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-12-g77a7041f.prevent-reading-beyond-our-buffer-when-compacting-whitespace-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-12-g77a7041f.prevent-reading-beyond-our-buffer-when-compacting-whitespace-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-12-g77a7041f.prevent-reading-beyond-our-buffer-when-compacting-whitespace-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Prevent reading beyond our buffer when compacting whitespace
(oss-fuzz)
-Origin: FILE5_30-12-g77a7041f
+Origin: FILE5_30-12-g77a7041f
<https://github.com/file/file/commit/FILE5_30-12-g77a7041f>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Wed Mar 8 20:45:35 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-14-ga0b25417.use-the-correct-buffer-size-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-14-ga0b25417.use-the-correct-buffer-size-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-14-ga0b25417.use-the-correct-buffer-size-found-by-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-14-ga0b25417.use-the-correct-buffer-size-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Use the correct buffer size; found by oss-fuzz
-Origin: FILE5_30-14-ga0b25417
+Origin: FILE5_30-14-ga0b25417
<https://github.com/file/file/commit/FILE5_30-14-ga0b25417>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Thu Mar 9 16:57:53 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-18-g4e4e7609.pr-599-out-of-bounds-read-in-cdf-files.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-18-g4e4e7609.pr-599-out-of-bounds-read-in-cdf-files.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-18-g4e4e7609.pr-599-out-of-bounds-read-in-cdf-files.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-18-g4e4e7609.pr-599-out-of-bounds-read-in-cdf-files.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: PR/599: Out of bounds read in cdf files
-Origin: FILE5_30-18-g4e4e7609
+Origin: FILE5_30-18-g4e4e7609
<https://github.com/file/file/commit/FILE5_30-18-g4e4e7609>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Mar 17 19:50:22 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-19-g7605984c.although-i-can-t-reproduce-it-oss-fuzz-complains-about-is-tar.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-19-g7605984c.although-i-can-t-reproduce-it-oss-fuzz-complains-about-is-tar.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-19-g7605984c.although-i-can-t-reproduce-it-oss-fuzz-complains-about-is-tar.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-19-g7605984c.although-i-can-t-reproduce-it-oss-fuzz-complains-about-is-tar.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Although I can't reproduce it, oss-fuzz complains about is_tar
-Origin: FILE5_30-19-g7605984c
+Origin: FILE5_30-19-g7605984c
<https://github.com/file/file/commit/FILE5_30-19-g7605984c>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Mar 17 20:45:01 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-22-ged0542b8.better-fix-for-previous.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-22-ged0542b8.better-fix-for-previous.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-22-ged0542b8.better-fix-for-previous.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-22-ged0542b8.better-fix-for-previous.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Better fix for previous
-Origin: FILE5_30-22-ged0542b8
+Origin: FILE5_30-22-ged0542b8
<https://github.com/file/file/commit/FILE5_30-22-ged0542b8>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Mar 17 23:56:16 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-29-g76c2d4ae.several-fixes-in-cdf-parser.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-29-g76c2d4ae.several-fixes-in-cdf-parser.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-29-g76c2d4ae.several-fixes-in-cdf-parser.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-29-g76c2d4ae.several-fixes-in-cdf-parser.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: [ Several fixes in the cdf parser ]
-Origin: FILE5_30-29-g76c2d4ae
+Origin: FILE5_30-29-g76c2d4ae
<https://github.com/file/file/commit/FILE5_30-29-g76c2d4ae>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Mon Mar 27 21:34:32 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-30-gc703aa9f.free-memory-on-error.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-30-gc703aa9f.free-memory-on-error.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-30-gc703aa9f.free-memory-on-error.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-30-gc703aa9f.free-memory-on-error.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Free memory on error
-Origin: FILE5_30-30-gc703aa9f
+Origin: FILE5_30-30-gc703aa9f
<https://github.com/file/file/commit/FILE5_30-30-gc703aa9f>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Tue Mar 28 15:13:07 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-34-g22067c96.simplify-the-property-info-copy-function-and-check-for-bounds.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-34-g22067c96.simplify-the-property-info-copy-function-and-check-for-bounds.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-34-g22067c96.simplify-the-property-info-copy-function-and-check-for-bounds.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-34-g22067c96.simplify-the-property-info-copy-function-and-check-for-bounds.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Simplify the property info copy function and check for bounds
-Origin: FILE5_30-34-g22067c96
+Origin: FILE5_30-34-g22067c96
<https://github.com/file/file/commit/FILE5_30-34-g22067c96>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Wed Mar 29 19:45:22 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-37-g8a942980.retain-python-2-compatibility-factoring-out-the-conversion-functions.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-37-g8a942980.retain-python-2-compatibility-factoring-out-the-conversion-functions.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-37-g8a942980.retain-python-2-compatibility-factoring-out-the-conversion-functions.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-37-g8a942980.retain-python-2-compatibility-factoring-out-the-conversion-functions.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,136 @@
+Subject: Retain python 2 compatibility, factoring out the conversion functions
+Origin: FILE5_30-37-g8a942980
<https://github.com/file/file/commit/FILE5_30-37-g8a942980>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Tue Apr 4 20:48:40 2017 +0000
+Bug-Debian: https://bugs.debian.org/902796
+
+--- a/python/magic.py
++++ b/python/magic.py
+@@ -117,30 +117,43 @@
+ """
+ _close(self._magic_t)
+
++ @staticmethod
++ def __tostr(s):
++ if s is None:
++ return None
++ if isinstance(s, str):
++ return s
++ try: # keep Python 2 compatibility
++ return str(s, 'utf-8')
++ except TypeError:
++ return str(s)
++
++ @staticmethod
++ def __tobytes(b):
++ if b is None:
++ return None
++ if isinstance(b, bytes):
++ return b
++ try: # keep Python 2 compatibility
++ return bytes(b, 'utf-8')
++ except TypeError:
++ return bytes(b)
++
+ def file(self, filename):
+ """
+ Returns a textual description of the contents of the argument passed
+ as a filename or None if an error occurred and the MAGIC_ERROR flag
+- is set. A call to errno() will return the numeric error code.
++ is set. A call to errno() will return the numeric error code.
+ """
+- if isinstance(filename, bytes):
+- bi = filename
+- else:
+- try: # keep Python 2 compatibility
+- bi = bytes(filename, 'utf-8')
+- except TypeError:
+- bi = bytes(filename)
+- r = _file(self._magic_t, bi)
+- if isinstance(r, str):
+- return r
+- else:
+- return str(r, 'utf-8')
++ return Magic.__tostr(_file(self._magic_t, Magic.__tobytes(filename)))
+
+ def descriptor(self, fd):
+ """
+- Like the file method, but the argument is a file descriptor.
++ Returns a textual description of the contents of the argument passed
++ as a file descriptor or None if an error occurred and the MAGIC_ERROR
++ flag is set. A call to errno() will return the numeric error code.
+ """
+- return _descriptor(self._magic_t, fd)
++ return Magic.__tostr(_descriptor(self._magic_t, fd))
+
+ def buffer(self, buf):
+ """
+@@ -148,22 +161,14 @@
+ as a buffer or None if an error occurred and the MAGIC_ERROR flag
+ is set. A call to errno() will return the numeric error code.
+ """
+- r = _buffer(self._magic_t, buf, len(buf))
+- if isinstance(r, str):
+- return r
+- else:
+- return str(r, 'utf-8')
++ return Magic.__tostr(_buffer(self._magic_t, buf, len(buf)))
+
+ def error(self):
+ """
+ Returns a textual explanation of the last error or None
+ if there was no error.
+ """
+- e = _error(self._magic_t)
+- if isinstance(e, str):
+- return e
+- else:
+- return str(e, 'utf-8')
++ return Magic.__tostr(_error(self._magic_t))
+
+ def setflags(self, flags):
+ """
+@@ -184,35 +189,38 @@
+
+ Returns 0 on success and -1 on failure.
+ """
+- return _load(self._magic_t, filename)
++ return _load(self._magic_t, Magic.__tobytes(filename))
+
+ def compile(self, dbs):
+ """
+ Compile entries in the colon separated list of database files
+ passed as argument or the default database file if no argument.
+- Returns 0 on success and -1 on failure.
+ The compiled files created are named from the basename(1) of each file
+ argument with ".mgc" appended to it.
++
++ Returns 0 on success and -1 on failure.
+ """
+- return _compile(self._magic_t, dbs)
++ return _compile(self._magic_t, Magic.__tobytes(dbs))
+
+ def check(self, dbs):
+ """
+ Check the validity of entries in the colon separated list of
+ database files passed as argument or the default database file
+ if no argument.
++
+ Returns 0 on success and -1 on failure.
+ """
+- return _check(self._magic_t, dbs)
++ return _check(self._magic_t, Magic.__tobytes(dbs))
+
+ def list(self, dbs):
+ """
+ Check the validity of entries in the colon separated list of
+ database files passed as argument or the default database file
+ if no argument.
++
+ Returns 0 on success and -1 on failure.
+ """
+- return _list(self._magic_t, dbs)
++ return _list(self._magic_t, Magic.__tobytes(dbs))
+
+ def errno(self):
+ """
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-38-gfd42e119.if-we-could-not-read-a-field-set-it-to-0-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-38-gfd42e119.if-we-could-not-read-a-field-set-it-to-0-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-38-gfd42e119.if-we-could-not-read-a-field-set-it-to-0-found-by-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-38-gfd42e119.if-we-could-not-read-a-field-set-it-to-0-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: If we could not read a field, set it to 0; found by oss-fuzz
-Origin: FILE5_30-38-gfd42e119
+Origin: FILE5_30-38-gfd42e119
<https://github.com/file/file/commit/FILE5_30-38-gfd42e119>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Thu Apr 6 19:20:35 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-39-geb973428.limit-memory-usage-more-to-satisfy-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-39-geb973428.limit-memory-usage-more-to-satisfy-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-39-geb973428.limit-memory-usage-more-to-satisfy-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-39-geb973428.limit-memory-usage-more-to-satisfy-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Limit memory usage more to satisfy oss-fuzz
-Origin: FILE5_30-39-geb973428
+Origin: FILE5_30-39-geb973428
<https://github.com/file/file/commit/FILE5_30-39-geb973428>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Apr 7 15:07:31 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-41-g393dafa4.work-around-glibc-regex-msan-bug-regexec-returns-0-but-does-initialize-pmatch.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-41-g393dafa4.work-around-glibc-regex-msan-bug-regexec-returns-0-but-does-initialize-pmatch.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-41-g393dafa4.work-around-glibc-regex-msan-bug-regexec-returns-0-but-does-initialize-pmatch.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-41-g393dafa4.work-around-glibc-regex-msan-bug-regexec-returns-0-but-does-initialize-pmatch.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Work around glibc/regex/msan bug regexec returns 0 but does
initialize pmatch
-Origin: FILE5_30-41-g393dafa4
+Origin: FILE5_30-41-g393dafa4
<https://github.com/file/file/commit/FILE5_30-41-g393dafa4>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Apr 7 20:10:24 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-42-gf0bcdd07.dont-try-to-read-past-the-end-of-the-properties-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-42-gf0bcdd07.dont-try-to-read-past-the-end-of-the-properties-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-42-gf0bcdd07.dont-try-to-read-past-the-end-of-the-properties-found-by-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-42-gf0bcdd07.dont-try-to-read-past-the-end-of-the-properties-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Don't try to read past the end of the properties, found by oss-fuzz
-Origin: FILE5_30-42-gf0bcdd07
+Origin: FILE5_30-42-gf0bcdd07
<https://github.com/file/file/commit/FILE5_30-42-gf0bcdd07>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Sat Apr 8 20:38:46 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-43-g19ccebaf.dont-copy-the-string-past-its-length-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-43-g19ccebaf.dont-copy-the-string-past-its-length-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-43-g19ccebaf.dont-copy-the-string-past-its-length-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-43-g19ccebaf.dont-copy-the-string-past-its-length-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Don't copy the string past its length (oss-fuzz)
-Origin: FILE5_30-43-g19ccebaf
+Origin: FILE5_30-43-g19ccebaf
<https://github.com/file/file/commit/FILE5_30-43-g19ccebaf>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Sat Apr 8 20:58:03 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-46-g1fa18af6.check-read-bounds-for-vector-before-reading.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-46-g1fa18af6.check-read-bounds-for-vector-before-reading.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-46-g1fa18af6.check-read-bounds-for-vector-before-reading.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-46-g1fa18af6.check-read-bounds-for-vector-before-reading.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Check read bounds for vector before reading. Found by oss-fuzz
-Origin: FILE5_30-46-g1fa18af6
+Origin: FILE5_30-46-g1fa18af6
<https://github.com/file/file/commit/FILE5_30-46-g1fa18af6>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Wed Apr 12 14:57:22 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Fix out of bounds read; found by oss-fuzz
-Origin: FILE5_30-48-gaee11eef
+Origin: FILE5_30-48-gaee11eef
<https://github.com/file/file/commit/FILE5_30-48-gaee11eef>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Sat Apr 22 20:02:34 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: [ Fix memory handling ]
-Origin: FILE5_30-49-gbf90083a
+Origin: FILE5_30-49-gbf90083a
<https://github.com/file/file/commit/FILE5_30-49-gbf90083a>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Mon Apr 24 18:57:35 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
2018-06-11 23:14:41.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,5 +1,5 @@
Subject: Check one more read (found by oss-fuzz)
-Origin: FILE5_30-52-gd8233d09
+Origin: FILE5_30-52-gd8233d09
<https://github.com/file/file/commit/FILE5_30-52-gd8233d09>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Fri Apr 28 15:03:47 2017 +0000
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_30-56-g6623a8e0.off-by-one-reading-offset-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_30-56-g6623a8e0.off-by-one-reading-offset-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_30-56-g6623a8e0.off-by-one-reading-offset-found-by-oss-fuzz.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_30-56-g6623a8e0.off-by-one-reading-offset-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: Off-by-one reading offset (found by oss-fuzz)
+Origin: FILE5_30-56-g6623a8e0
<https://github.com/file/file/commit/FILE5_30-56-g6623a8e0>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Sun Apr 30 17:05:02 2017 +0000
+
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -861,7 +861,7 @@
+ DPRINTF(("Past end %p < %p\n", e, p));
+ return NULL;
+ }
+- if (cdf_check_stream_offset(sst, h, p, tail * sizeof(uint32_t),
++ if (cdf_check_stream_offset(sst, h, p, (tail + 1) * sizeof(uint32_t),
+ __LINE__) == -1)
+ return NULL;
+ ofs = CDF_GETUINT32(p, tail);
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_31-21-g55cb70a2.add-another-bounds-check-oss-fuzz-issue-2242.patch
file-5.30/debian/patches/cherry-pick.FILE5_31-21-g55cb70a2.add-another-bounds-check-oss-fuzz-issue-2242.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_31-21-g55cb70a2.add-another-bounds-check-oss-fuzz-issue-2242.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_31-21-g55cb70a2.add-another-bounds-check-oss-fuzz-issue-2242.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: Add another bounds check: OSS-FUZZ issue 2242
+Origin: FILE5_31-21-g55cb70a2
<https://github.com/file/file/commit/FILE5_31-21-g55cb70a2>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Mon Jun 19 18:30:25 2017 +0000
+
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -1199,7 +1199,7 @@
+ const char *end;
+ size_t lines, linecnt, bytecnt;
+
+- if (s == NULL) {
++ if (s == NULL || nbytes < offset) {
+ ms->search.s_len = 0;
+ ms->search.s = NULL;
+ return 0;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_32-61-gfb956c0a.decrease-the-sector-limit-oss-fuzz-4577.patch
file-5.30/debian/patches/cherry-pick.FILE5_32-61-gfb956c0a.decrease-the-sector-limit-oss-fuzz-4577.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_32-61-gfb956c0a.decrease-the-sector-limit-oss-fuzz-4577.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_32-61-gfb956c0a.decrease-the-sector-limit-oss-fuzz-4577.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: Decrease the sector limit (oss-fuzz 4577)
+Origin: FILE5_32-61-gfb956c0a
<https://github.com/file/file/commit/FILE5_32-61-gfb956c0a>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Thu Dec 14 01:43:29 2017 +0000
+
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -430,7 +430,7 @@
+ if (h->h_master_sat[i] == CDF_SECID_FREE)
+ break;
+
+-#define CDF_SEC_LIMIT (UINT32_MAX / (8 * ss))
++#define CDF_SEC_LIMIT (UINT32_MAX / (64 * ss))
+ if ((nsatpersec > 0 &&
+ h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec) ||
+ i > CDF_SEC_LIMIT) {
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_32-65-gfc4b6e34.drop-the-limit-lower-to-satisfy-oss-fuzz-4682.patch
file-5.30/debian/patches/cherry-pick.FILE5_32-65-gfc4b6e34.drop-the-limit-lower-to-satisfy-oss-fuzz-4682.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_32-65-gfc4b6e34.drop-the-limit-lower-to-satisfy-oss-fuzz-4682.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_32-65-gfc4b6e34.drop-the-limit-lower-to-satisfy-oss-fuzz-4682.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,18 @@
+Subject: Drop the limit lower to satisfy oss-fuzz 4682
+Origin: FILE5_32-65-gfc4b6e34
<https://github.com/file/file/commit/FILE5_32-65-gfc4b6e34>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Tue Dec 19 00:21:21 2017 +0000
+
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -840,8 +840,8 @@
+ return 0;
+ }
+
+-#define CDF_SHLEN_LIMIT (UINT32_MAX / 8)
+-#define CDF_PROP_LIMIT (UINT32_MAX / (8 * sizeof(cdf_property_info_t)))
++#define CDF_SHLEN_LIMIT (UINT32_MAX / 64)
++#define CDF_PROP_LIMIT (UINT32_MAX / (64 * sizeof(cdf_property_info_t)))
+
+ static const void *
+ cdf_offset(const void *p, size_t l)
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
2018-06-11 23:16:09.000000000 +0200
+++
file-5.30/debian/patches/cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
2019-03-18 22:15:18.000000000 +0100
@@ -1,6 +1,6 @@
Subject: Avoid reading past the end of buffer (Rui Reis)
ID: CVE-2018-10360
-Origin: FILE5_33-31-ga642587a
+Origin: FILE5_33-31-ga642587a
<https://github.com/file/file/commit/FILE5_33-31-ga642587a>
Upstream-Author: Christos Zoulas <chris...@zoulas.com>
Date: Sat Jun 9 16:00:06 2018 +0000
Bug-Debian: https://bugs.debian.org/901351
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_33-34-g72e9a7fe.pr-6-tobias-out-of-boundary-read-in-der-parser.patch
file-5.30/debian/patches/cherry-pick.FILE5_33-34-g72e9a7fe.pr-6-tobias-out-of-boundary-read-in-der-parser.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_33-34-g72e9a7fe.pr-6-tobias-out-of-boundary-read-in-der-parser.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_33-34-g72e9a7fe.pr-6-tobias-out-of-boundary-read-in-der-parser.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: PR/6: tobias: out of boundary read in DER parser
+Origin: FILE5_33-34-g72e9a7fe
<https://github.com/file/file/commit/FILE5_33-34-g72e9a7fe>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Sat Jun 23 15:15:26 2018 +0000
+
+--- a/src/der.c
++++ b/src/der.c
+@@ -199,7 +199,7 @@
+ for (i = 0; i < digits; i++)
+ len = (len << 8) | c[(*p)++];
+
+- if (*p + len >= l)
++ if (len > UINT32_MAX - *p || *p + len >= l)
+ return DER_BAD;
+ return CAST(uint32_t, len);
+ }
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-13-gcd752e7c.try-to-use-the-right-off-t-max.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-13-gcd752e7c.try-to-use-the-right-off-t-max.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-13-gcd752e7c.try-to-use-the-right-off-t-max.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-13-gcd752e7c.try-to-use-the-right-off-t-max.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,44 @@
+Subject: Try to use the "right" off_t_max
+Origin: FILE5_34-13-gcd752e7c
<https://github.com/file/file/commit/FILE5_34-13-gcd752e7c>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 09:53:18 2018 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -55,11 +55,6 @@
+ #include <limits.h>
+ #endif
+
+-#ifndef SSIZE_MAX
+-#define MAXMAGIC_SIZE ((ssize_t)0x7fffffff)
+-#else
+-#define MAXMAGIC_SIZE SSIZE_MAX
+-#endif
+
+ #define EATAB {while (isascii((unsigned char) *l) && \
+ isspace((unsigned char) *l)) ++l;}
+@@ -300,6 +295,15 @@
+ return p->type;
+ }
+
++private off_t
++maxoff_t(void) {
++ if (sizeof(off_t) == sizeof(int))
++ return CAST(off_t, INT_MAX);
++ if (sizeof(off_t) == sizeof(long))
++ return CAST(off_t, LONG_MAX);
++ return 0x7fffffff;
++}
++
+ private int
+ get_standard_integer_type(const char *l, const char **t)
+ {
+@@ -2950,7 +2954,7 @@
+ file_error(ms, errno, "cannot stat `%s'", dbname);
+ goto error;
+ }
+- if (st.st_size < 8 || st.st_size > MAXMAGIC_SIZE) {
++ if (st.st_size < 8 || st.st_size > maxoff_t()) {
+ file_error(ms, 0, "file `%s' is too %s", dbname,
+ st.st_size < 8 ? "small" : "large");
+ goto error;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-15-ge0805be4.fix-leak-on-error-found-by-coverity.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-15-ge0805be4.fix-leak-on-error-found-by-coverity.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-15-ge0805be4.fix-leak-on-error-found-by-coverity.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-15-ge0805be4.fix-leak-on-error-found-by-coverity.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,20 @@
+Subject: Fix leak on error, found by coverity
+Origin: FILE5_34-15-ge0805be4
<https://github.com/file/file/commit/FILE5_34-15-ge0805be4>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 09:59:45 2018 +0000
+
+--- a/src/compress.c
++++ b/src/compress.c
+@@ -247,8 +247,11 @@
+ * XXX: If file_buffer fails here, we overwrite
+ * the compressed text. FIXME.
+ */
+- if (file_buffer(ms, -1, NULL, buf, nbytes) == -1)
++ if (file_buffer(ms, -1, NULL, buf, nbytes) == -1) {
++ if (file_pop_buffer(ms, pb) != NULL)
++ abort();
+ goto error;
++ }
+ if ((rbuf = file_pop_buffer(ms, pb)) != NULL) {
+ if (file_printf(ms, "%s", rbuf) == -1) {
+ free(rbuf);
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-16-g2f866ff0.better-error-handling-found-by-coverity.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-16-g2f866ff0.better-error-handling-found-by-coverity.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-16-g2f866ff0.better-error-handling-found-by-coverity.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-16-g2f866ff0.better-error-handling-found-by-coverity.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,17 @@
+Subject: Better error handling, found by coverity
+Origin: FILE5_34-16-g2f866ff0
<https://github.com/file/file/commit/FILE5_34-16-g2f866ff0>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 10:02:20 2018 +0000
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -891,7 +891,8 @@
+
+ offset = get_offset_from_virtaddr(ms, swap, clazz, fd, ph_off, ph_num,
+ fsize, virtaddr);
+- if ((buflen = pread(fd, buf, CAST(size_t, buflen), offset)) <= 0) {
++ if (offset < 0 ||
++ (buflen = pread(fd, buf, CAST(size_t, buflen), offset)) <= 0) {
+ file_badread(ms);
+ return 0;
+ }
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-17-g54bec4a0.eliminate-toctou-by-using-fstat-and-always-opening-with-non-blocking-i-o.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-17-g54bec4a0.eliminate-toctou-by-using-fstat-and-always-opening-with-non-blocking-i-o.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-17-g54bec4a0.eliminate-toctou-by-using-fstat-and-always-opening-with-non-blocking-i-o.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-17-g54bec4a0.eliminate-toctou-by-using-fstat-and-always-opening-with-non-blocking-i-o.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,44 @@
+Subject: Eliminate toctou by using fstat and always opening with non-blocking
i/o
+Origin: FILE5_34-17-g54bec4a0
<https://github.com/file/file/commit/FILE5_34-17-g54bec4a0>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 10:07:00 2018 +0000
+
+ Found by coverity.
+
+--- a/src/file.h
++++ b/src/file.h
+@@ -597,6 +597,9 @@
+ #ifndef O_BINARY
+ #define O_BINARY 0
+ #endif
++#ifndef O_NONBLOCK
++#define O_NONBLOCK 0
++#endif
+
+ #ifndef __cplusplus
+ #if defined(__GNUC__) && (__GNUC__ >= 3)
+--- a/src/magic.c
++++ b/src/magic.c
+@@ -442,18 +442,12 @@
+ else
+ pos = lseek(fd, (off_t)0, SEEK_CUR);
+ } else {
+- int flags = O_RDONLY|O_BINARY;
+- int okstat = stat(inname, &sb) == 0;
+-
+- if (okstat && S_ISFIFO(sb.st_mode)) {
+-#ifdef O_NONBLOCK
+- flags |= O_NONBLOCK;
+-#endif
+- ispipe = 1;
+- }
+-
++ int flags = O_RDONLY|O_BINARY|O_NONBLOCK;
+ errno = 0;
+ if ((fd = open(inname, flags)) < 0) {
++ int okstat = fstat(fd, &sb) == 0;
++ if (okstat && S_ISFIFO(sb.st_mode))
++ ispipe = 1;
+ #ifdef WIN32
+ /*
+ * Can't stat, can't open. It may have been opened in
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-18-gbd8fafe3.check-file-printf.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-18-gbd8fafe3.check-file-printf.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-18-gbd8fafe3.check-file-printf.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-18-gbd8fafe3.check-file-printf.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,22 @@
+Subject: Check file_printf()
+Origin: FILE5_34-18-gbd8fafe3
<https://github.com/file/file/commit/FILE5_34-18-gbd8fafe3>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 10:09:47 2018 +0000
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -545,9 +545,11 @@
+ size_t noff, size_t doff, int *flags)
+ {
+ if (namesz == 5 && strcmp((char *)&nbuf[noff], "SuSE") == 0 &&
+- type == NT_GNU_VERSION && descsz == 2) {
+- *flags |= FLAGS_DID_OS_NOTE;
+- file_printf(ms, ", for SuSE %d.%d", nbuf[doff], nbuf[doff + 1]);
++ type == NT_GNU_VERSION && descsz == 2) {
++ *flags |= FLAGS_DID_OS_NOTE;
++ if (file_printf(ms, ", for SuSE %d.%d", nbuf[doff],
++ nbuf[doff + 1]) == -1)
++ return -1;
+ return 1;
+ }
+
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-19-gfda25acb.appease-coverity-by-calling-umask-around-mkstemp-3.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-19-gfda25acb.appease-coverity-by-calling-umask-around-mkstemp-3.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-19-gfda25acb.appease-coverity-by-calling-umask-around-mkstemp-3.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-19-gfda25acb.appease-coverity-by-calling-umask-around-mkstemp-3.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,17 @@
+Subject: Appease coverity by calling umask around mkstemp(3)
+Origin: FILE5_34-19-gfda25acb
<https://github.com/file/file/commit/FILE5_34-19-gfda25acb>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 10:11:16 2018 +0000
+
+--- a/src/compress.c
++++ b/src/compress.c
+@@ -397,7 +397,9 @@
+ #else
+ {
+ int te;
++ int ou = umask(0);
+ tfd = mkstemp(buf);
++ (void)umask(ou);
+ te = errno;
+ (void)unlink(buf);
+ errno = te;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-22-g7b807237.portability-fix-dont-call-qsort-with-null-0.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-22-g7b807237.portability-fix-dont-call-qsort-with-null-0.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-22-g7b807237.portability-fix-dont-call-qsort-with-null-0.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-22-g7b807237.portability-fix-dont-call-qsort-with-null-0.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,27 @@
+Subject: Portability fix, don't call qsort with NULL/0. Found by coverity
+Origin: FILE5_34-22-g7b807237
<https://github.com/file/file/commit/FILE5_34-22-g7b807237>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Aug 1 10:18:02 2018 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -1347,12 +1347,14 @@
+ filearr[files++] = mfn;
+ }
+ closedir(dir);
+- qsort(filearr, files, sizeof(*filearr), cmpstrp);
+- for (i = 0; i < files; i++) {
+- load_1(ms, action, filearr[i], &errs, mset);
+- free(filearr[i]);
++ if (filearr) {
++ qsort(filearr, files, sizeof(*filearr), cmpstrp);
++ for (i = 0; i < files; i++) {
++ load_1(ms, action, filearr[i], &errs, mset);
++ free(filearr[i]);
++ }
++ free(filearr);
+ }
+- free(filearr);
+ } else
+ load_1(ms, action, fn, &errs, mset);
+ if (errs)
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-32-g813f1b8a.correct-error-handling-for-file-printf-coverity.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-32-g813f1b8a.correct-error-handling-for-file-printf-coverity.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-32-g813f1b8a.correct-error-handling-for-file-printf-coverity.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-32-g813f1b8a.correct-error-handling-for-file-printf-coverity.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,28 @@
+Subject: Correct error handling for file_printf() (coverity)
+Origin: FILE5_34-32-g813f1b8a
<https://github.com/file/file/commit/FILE5_34-32-g813f1b8a>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Thu Aug 2 12:46:02 2018 +0000
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -1035,14 +1035,16 @@
+ }
+
+ if (namesz & 0x80000000) {
+- (void)file_printf(ms, ", bad note name size 0x%lx",
+- (unsigned long)namesz);
++ if (file_printf(ms, ", bad note name size 0x%lxx",
++ CAST(unsigned long, namesz)) == -1)
++ return -1;
+ return 0;
+ }
+
+ if (descsz & 0x80000000) {
+- (void)file_printf(ms, ", bad note description size 0x%lx",
+- (unsigned long)descsz);
++ if (file_printf(ms, ", bad note description size 0x%lx",
++ CAST(unsigned long, descsz)) == -1)
++ return -1;
+ return 0;
+ }
+
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-65-ge64f6d71.fix-use-after-free-https-runtimeverification-com.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-65-ge64f6d71.fix-use-after-free-https-runtimeverification-com.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-65-ge64f6d71.fix-use-after-free-https-runtimeverification-com.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-65-ge64f6d71.fix-use-after-free-https-runtimeverification-com.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,45 @@
+Subject: Fix use-after-free (https://runtimeverification.com/)
+Origin: FILE5_34-65-ge64f6d71
<https://github.com/file/file/commit/FILE5_34-65-ge64f6d71>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Sat Sep 1 15:52:02 2018 +0000
+
+ Fix use-after-free (https://runtimeverification.com/). The free code was
+ never changed when the mlist was changed from a NULL-terminated list to
+ a circular one.
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -586,6 +586,14 @@
+ }
+
+ private void
++mlist_free_one(struct mlist *ml)
++{
++ if (ml->map)
++ apprentice_unmap(CAST(struct magic_map *, ml->map));
++ free(ml);
++}
++
++private void
+ mlist_free(struct mlist *mlist)
+ {
+ struct mlist *ml, *next;
+@@ -593,14 +601,11 @@
+ if (mlist == NULL)
+ return;
+
+- ml = mlist->next;
+- for (ml = mlist->next; (next = ml->next) != NULL; ml = next) {
+- if (ml->map)
+- apprentice_unmap(CAST(struct magic_map *, ml->map));
+- free(ml);
+- if (ml == mlist)
+- break;
++ for (ml = mlist->next; ml != mlist; ml = next) {
++ next = ml->next;
++ mlist_free_one(ml);
+ }
++ mlist_free_one(mlist);
+ }
+
+ #ifndef COMPILE_ONLY
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_34-87-g765d2990.pr-48-tianxiaogu-avoid-zerodivide.patch
file-5.30/debian/patches/cherry-pick.FILE5_34-87-g765d2990.pr-48-tianxiaogu-avoid-zerodivide.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_34-87-g765d2990.pr-48-tianxiaogu-avoid-zerodivide.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_34-87-g765d2990.pr-48-tianxiaogu-avoid-zerodivide.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: PR/48: tianxiaogu: Avoid zerodivide
+Origin: FILE5_34-87-g765d2990
<https://github.com/file/file/commit/FILE5_34-87-g765d2990>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Oct 10 17:41:10 2018 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -831,6 +831,8 @@
+ break;
+
+ case FILE_SEARCH:
++ if (m->vallen == 0)
++ break;
+ val += m->vallen * MAX(MULT / m->vallen, 1);
+ break;
+
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-1-g338cc788.return-0-instead-of-1-for-error-in-donote.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-1-g338cc788.return-0-instead-of-1-for-error-in-donote.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-1-g338cc788.return-0-instead-of-1-for-error-in-donote.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-1-g338cc788.return-0-instead-of-1-for-error-in-donote.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,27 @@
+Subject: Return 0 instead of -1 for error in donote
+Origin: FILE5_35-1-g338cc788
<https://github.com/file/file/commit/FILE5_35-1-g338cc788>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Fri Oct 19 00:26:08 2018 +0000
+
+ - C++ cast
+ - return 0 instead of -1 for error in donote
+
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -1037,14 +1037,14 @@
+ if (namesz & 0x80000000) {
+ if (file_printf(ms, ", bad note name size 0x%lxx",
+ CAST(unsigned long, namesz)) == -1)
+- return -1;
++ return 0;
+ return 0;
+ }
+
+ if (descsz & 0x80000000) {
+ if (file_printf(ms, ", bad note description size 0x%lx",
+ CAST(unsigned long, descsz)) == -1)
+- return -1;
++ return 0;
+ return 0;
+ }
+
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-25-g48052fcf.fix-cut-n-pasto-for-regex-max-vsevolod-stakhov.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-25-g48052fcf.fix-cut-n-pasto-for-regex-max-vsevolod-stakhov.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-25-g48052fcf.fix-cut-n-pasto-for-regex-max-vsevolod-stakhov.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-25-g48052fcf.fix-cut-n-pasto-for-regex-max-vsevolod-stakhov.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: Fix cut-n-pasto for regex_max (Vsevolod Stakhov)
+Origin: FILE5_35-25-g48052fcf
<https://github.com/file/file/commit/FILE5_35-25-g48052fcf>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Tue Dec 11 14:41:11 2018 +0000
+
+--- a/src/magic.c
++++ b/src/magic.c
+@@ -600,7 +600,7 @@
+ ms->elf_notes_max = (uint16_t)*(const size_t *)val;
+ return 0;
+ case MAGIC_PARAM_REGEX_MAX:
+- ms->elf_notes_max = (uint16_t)*(const size_t *)val;
++ ms->elf_regex_max = (uint16_t)*(const size_t *)val;
+ return 0;
+ case MAGIC_PARAM_BYTES_MAX:
+ ms->bytes_max = *(const size_t *)val;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-26-g98f29456.fix-name.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-26-g98f29456.fix-name.patch
--- file-5.30/debian/patches/cherry-pick.FILE5_35-26-g98f29456.fix-name.patch
1970-01-01 01:00:00.000000000 +0100
+++ file-5.30/debian/patches/cherry-pick.FILE5_35-26-g98f29456.fix-name.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: Fix name
+Origin: FILE5_35-26-g98f29456
<https://github.com/file/file/commit/FILE5_35-26-g98f29456>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Tue Dec 11 21:10:33 2018 +0000
+
+--- a/src/magic.c
++++ b/src/magic.c
+@@ -600,7 +600,7 @@
+ ms->elf_notes_max = (uint16_t)*(const size_t *)val;
+ return 0;
+ case MAGIC_PARAM_REGEX_MAX:
+- ms->elf_regex_max = (uint16_t)*(const size_t *)val;
++ ms->regex_max = (uint16_t)*(const size_t *)val;
+ return 0;
+ case MAGIC_PARAM_BYTES_MAX:
+ ms->bytes_max = *(const size_t *)val;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-2-g8d68fb4f.lint-fixes.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-2-g8d68fb4f.lint-fixes.patch
--- file-5.30/debian/patches/cherry-pick.FILE5_35-2-g8d68fb4f.lint-fixes.patch
1970-01-01 01:00:00.000000000 +0100
+++ file-5.30/debian/patches/cherry-pick.FILE5_35-2-g8d68fb4f.lint-fixes.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,41 @@
+Subject: Lint fixes
+Origin: FILE5_35-2-g8d68fb4f
<https://github.com/file/file/commit/FILE5_35-2-g8d68fb4f>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Fri Oct 19 00:26:26 2018 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -297,9 +297,9 @@
+
+ private off_t
+ maxoff_t(void) {
+- if (sizeof(off_t) == sizeof(int))
++ if (/*CONSTCOND*/sizeof(off_t) == sizeof(int))
+ return CAST(off_t, INT_MAX);
+- if (sizeof(off_t) == sizeof(long))
++ if (/*CONSTCOND*/sizeof(off_t) == sizeof(long))
+ return CAST(off_t, LONG_MAX);
+ return 0x7fffffff;
+ }
+--- a/src/compress.c
++++ b/src/compress.c
+@@ -397,7 +397,7 @@
+ #else
+ {
+ int te;
+- int ou = umask(0);
++ mode_t ou = umask(0);
+ tfd = mkstemp(buf);
+ (void)umask(ou);
+ te = errno;
+--- a/src/file.h
++++ b/src/file.h
+@@ -369,7 +369,7 @@
+ #define CCAST(T, b) const_cast<T>(b)
+ #else
+ #define CAST(T, b) ((T)(b))
+-#define RCAST(T, b) ((T)(b))
++#define RCAST(T, b) ((T)(void *)(b))
+ #define CCAST(T, b) ((T)(uintptr_t)(b))
+ #endif
+
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-3-gc7d910ee.more-lint-fixes.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-3-gc7d910ee.more-lint-fixes.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-3-gc7d910ee.more-lint-fixes.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-3-gc7d910ee.more-lint-fixes.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,16 @@
+Subject: More lint fixes
+Origin: FILE5_35-3-gc7d910ee
<https://github.com/file/file/commit/FILE5_35-3-gc7d910ee>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Fri Oct 19 00:33:04 2018 +0000
+
+--- a/src/file.h
++++ b/src/file.h
+@@ -369,7 +369,7 @@
+ #define CCAST(T, b) const_cast<T>(b)
+ #else
+ #define CAST(T, b) ((T)(b))
+-#define RCAST(T, b) ((T)(void *)(b))
++#define RCAST(T, b) ((T)(uintptr_t)(b))
+ #define CCAST(T, b) ((T)(uintptr_t)(b))
+ #endif
+
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,57 @@
+Subject: Fix indirect offset overflow calculation (B. Watson)
+Origin: FILE5_35-49-g3a6f62e2
<https://github.com/file/file/commit/FILE5_35-49-g3a6f62e2>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Thu Feb 14 00:25:59 2019 +0000
+
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -1384,33 +1384,47 @@
+ if (m->in_op & FILE_OPINDIRECT) {
+ const union VALUETYPE *q = CAST(const union VALUETYPE *,
+ ((const void *)(s + offset + off)));
+- if (OFFSET_OOB(nbytes, offset + off, sizeof(*q)))
+- return 0;
+ switch (cvt_flip(m->in_type, flip)) {
+ case FILE_BYTE:
++ if (OFFSET_OOB(nbytes, offset + off, 1))
++ return 0;
+ off = SEXT(sgn,8,q->b);
+ break;
+ case FILE_SHORT:
++ if (OFFSET_OOB(nbytes, offset + off, 2))
++ return 0;
+ off = SEXT(sgn,16,q->h);
+ break;
+ case FILE_BESHORT:
++ if (OFFSET_OOB(nbytes, offset + off, 2))
++ return 0;
+ off = SEXT(sgn,16,BE16(q));
+ break;
+ case FILE_LESHORT:
++ if (OFFSET_OOB(nbytes, offset + off, 2))
++ return 0;
+ off = SEXT(sgn,16,LE16(q));
+ break;
+ case FILE_LONG:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
+ off = SEXT(sgn,32,q->l);
+ break;
+ case FILE_BELONG:
+ case FILE_BEID3:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
+ off = SEXT(sgn,32,BE32(q));
+ break;
+ case FILE_LEID3:
+ case FILE_LELONG:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
+ off = SEXT(sgn,32,LE32(q));
+ break;
+ case FILE_MELONG:
++ if (OFFSET_OOB(nbytes, offset + off, 4))
++ return 0;
+ off = SEXT(sgn,32,ME32(q));
+ break;
+ }
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-53-gd6578152.pr-62-spinpx-limit-size-of-file-printable.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-53-gd6578152.pr-62-spinpx-limit-size-of-file-printable.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-53-gd6578152.pr-62-spinpx-limit-size-of-file-printable.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-53-gd6578152.pr-62-spinpx-limit-size-of-file-printable.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,100 @@
+Subject: PR/62: spinpx: limit size of file_printable
+ID: CVE-2019-8905 CVE-2019-8907
+Origin: FILE5_35-53-gd6578152
<https://github.com/file/file/commit/FILE5_35-53-gd6578152>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Mon Feb 18 17:46:56 2019 +0000
+Bug-Debian: https://bugs.debian.org/901351
+
+--- a/src/file.h
++++ b/src/file.h
+@@ -491,7 +491,7 @@
+ size_t *);
+ protected size_t file_pstring_length_size(const struct magic *);
+ protected size_t file_pstring_get_length(const struct magic *, const char *);
+-protected char * file_printable(char *, size_t, const char *);
++protected char * file_printable(char *, size_t, const char *, size_t);
+ #ifdef __EMX__
+ protected int file_os2_apptype(struct magic_set *, const char *, const void *,
+ size_t);
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -581,12 +581,13 @@
+ * convert string to ascii printable format.
+ */
+ protected char *
+-file_printable(char *buf, size_t bufsiz, const char *str)
++file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+- char *ptr, *eptr;
++ char *ptr, *eptr = buf + bufsiz - 1;
+ const unsigned char *s = (const unsigned char *)str;
++ const unsigned char *es = s + slen;
+
+- for (ptr = buf, eptr = ptr + bufsiz - 1; ptr < eptr && *s; s++) {
++ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
+ if (isprint(*s)) {
+ *ptr++ = *s;
+ continue;
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -725,7 +725,7 @@
+ */
+ if (file_printf(ms, ", from '%.31s'",
+ file_printable(sbuf, sizeof(sbuf),
+- (const char *)&nbuf[doff + 0x7c])) == -1)
++ (const char *)&nbuf[doff + 0x7c], 32)) == -1)
+ return 1;
+
+ /*
+@@ -1543,7 +1543,8 @@
+ return -1;
+ if (interp[0])
+ if (file_printf(ms, ", interpreter %s",
+- file_printable(ibuf, sizeof(ibuf), interp)) == -1)
++ file_printable(ibuf, sizeof(ibuf), interp, strlen(interp)))
++ == -1)
+ return -1;
+ return 0;
+ }
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -544,8 +544,8 @@
+ case FILE_LESTRING16:
+ if (m->reln == '=' || m->reln == '!') {
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), m->value.s))
+- == -1)
++ file_printable(sbuf, sizeof(sbuf), m->value.s,
++ sizeof(m->value.s))) == -1)
+ return -1;
+ t = ms->offset + m->vallen;
+ }
+@@ -572,7 +572,8 @@
+ }
+
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), str)) == -1)
++ file_printable(sbuf, sizeof(sbuf), str,
++ sizeof(p->s) - (str - p->s))) == -1)
+ return -1;
+
+ if (m->type == FILE_PSTRING)
+@@ -678,7 +679,7 @@
+ return -1;
+ }
+ rval = file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), cp));
++ file_printable(sbuf, sizeof(sbuf), cp, ms->search.rm_len));
+ free(cp);
+
+ if (rval == -1)
+@@ -705,7 +706,8 @@
+ break;
+ case FILE_DER:
+ if (file_printf(ms, F(ms, m, "%s"),
+- file_printable(sbuf, sizeof(sbuf), ms->ms_value.s)) == -1)
++ file_printable(sbuf, sizeof(sbuf), ms->ms_value.s,
++ sizeof(ms->ms_value.s))) == -1)
+ return -1;
+ t = ms->offset;
+ break;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-56-gf0a26da7.pr-61-tmc-add-ucs-32-built-in-detection.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-56-gf0a26da7.pr-61-tmc-add-ucs-32-built-in-detection.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-56-gf0a26da7.pr-61-tmc-add-ucs-32-built-in-detection.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-56-gf0a26da7.pr-61-tmc-add-ucs-32-built-in-detection.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,117 @@
+Subject: PR/61: tmc: Add UCS-32 built-in detection
+Origin: FILE5_35-56-gf0a26da7
<https://github.com/file/file/commit/FILE5_35-56-gf0a26da7>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Tue Feb 19 20:30:35 2019 +0000
+Comment: Prerequisite for FILE5_36-1-gecca6e54
+
+--- a/src/encoding.c
++++ b/src/encoding.c
+@@ -49,6 +49,7 @@
+ size_t *);
+ private int looks_utf7(const unsigned char *, size_t, unichar *, size_t *);
+ private int looks_ucs16(const unsigned char *, size_t, unichar *, size_t *);
++private int looks_ucs32(const unsigned char *, size_t, unichar *, size_t *);
+ private int looks_latin1(const unsigned char *, size_t, unichar *, size_t *);
+ private int looks_extended(const unsigned char *, size_t, unichar *, size_t
*);
+ private void from_ebcdic(const unsigned char *, size_t, unsigned char *);
+@@ -106,6 +107,15 @@
+ DPRINTF(("utf8 %" SIZE_T_FORMAT "u\n", *ulen));
+ *code = "UTF-8 Unicode";
+ *code_mime = "utf-8";
++ } else if ((ucs_type = looks_ucs32(buf, nbytes, *ubuf, ulen)) != 0) {
++ if (ucs_type == 1) {
++ *code = "Little-endian UTF-32 Unicode";
++ *code_mime = "utf-32le";
++ } else {
++ *code = "Big-endian UTF-32 Unicode";
++ *code_mime = "utf-32be";
++ }
++ DPRINTF(("ucs32 %" SIZE_T_FORMAT "u\n", *ulen));
+ } else if ((ucs_type = looks_ucs16(buf, nbytes, *ubuf, ulen)) != 0) {
+ if (ucs_type == 1) {
+ *code = "Little-endian UTF-16 Unicode";
+@@ -398,7 +408,7 @@
+ }
+
+ private int
+-looks_ucs16(const unsigned char *buf, size_t nbytes, unichar *ubuf,
++looks_ucs16(const unsigned char *bf, size_t nbytes, unichar *ubf,
+ size_t *ulen)
+ {
+ int bigend;
+@@ -407,9 +417,9 @@
+ if (nbytes < 2)
+ return 0;
+
+- if (buf[0] == 0xff && buf[1] == 0xfe)
++ if (bf[0] == 0xff && bf[1] == 0xfe)
+ bigend = 0;
+- else if (buf[0] == 0xfe && buf[1] == 0xff)
++ else if (bf[0] == 0xfe && bf[1] == 0xff)
+ bigend = 1;
+ else
+ return 0;
+@@ -420,20 +430,58 @@
+ /* XXX fix to properly handle chars > 65536 */
+
+ if (bigend)
+- ubuf[(*ulen)++] = buf[i + 1] + 256 * buf[i];
++ ubf[(*ulen)++] = bf[i + 1] + 256 * bf[i];
+ else
+- ubuf[(*ulen)++] = buf[i] + 256 * buf[i + 1];
++ ubf[(*ulen)++] = bf[i] + 256 * bf[i + 1];
+
+- if (ubuf[*ulen - 1] == 0xfffe)
++ if (ubf[*ulen - 1] == 0xfffe)
+ return 0;
+- if (ubuf[*ulen - 1] < 128 &&
+- text_chars[(size_t)ubuf[*ulen - 1]] != T)
++ if (ubf[*ulen - 1] < 128 &&
++ text_chars[(size_t)ubf[*ulen - 1]] != T)
+ return 0;
+ }
+
+ return 1 + bigend;
+ }
+
++private int
++looks_ucs32(const unsigned char *bf, size_t nbytes, unichar *ubf,
++ size_t *ulen)
++{
++ int bigend;
++ size_t i;
++
++ if (nbytes < 4)
++ return 0;
++
++ if (bf[0] == 0xff && bf[1] == 0xfe && bf[2] == 0 && bf[3] == 0)
++ bigend = 0;
++ else if (bf[0] == 0 && bf[1] == 0 && bf[2] == 0xfe && bf[3] == 0xff)
++ bigend = 1;
++ else
++ return 0;
++
++ *ulen = 0;
++
++ for (i = 4; i + 1 < nbytes; i += 4) {
++ /* XXX fix to properly handle chars > 65536 */
++
++ if (bigend)
++ ubf[(*ulen)++] = bf[i + 3] | (bf[i + 2] << 8)
++ | (bf[i + 1] << 16) | bf[i] << 24;
++ else
++ ubf[(*ulen)++] = bf[i] | (bf[i + 1] << 8)
++ | (bf[i + 2] << 16) | (bf[i + 3] << 24);
++
++ if (ubf[*ulen - 1] == 0xfffe)
++ return 0;
++ if (ubf[*ulen - 1] < 128 &&
++ text_chars[(size_t)ubf[*ulen - 1]] != T)
++ return 0;
++ }
++
++ return 1 + bigend;
++}
+ #undef F
+ #undef T
+ #undef I
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_35-59-g8305d1cc.use-c-casts-everywhere.patch
file-5.30/debian/patches/cherry-pick.FILE5_35-59-g8305d1cc.use-c-casts-everywhere.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_35-59-g8305d1cc.use-c-casts-everywhere.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_35-59-g8305d1cc.use-c-casts-everywhere.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,2247 @@
+Subject: Use c++ casts everywhere
+Origin: FILE5_35-59-g8305d1cc
<https://github.com/file/file/commit/FILE5_35-59-g8305d1cc>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Feb 20 02:35:27 2019 +0000
+
+--- a/src/apprentice.c
++++ b/src/apprentice.c
+@@ -56,10 +56,10 @@
+ #endif
+
+
+-#define EATAB {while (isascii((unsigned char) *l) && \
+- isspace((unsigned char) *l)) ++l;}
+-#define LOWCASE(l) (isupper((unsigned char) (l)) ? \
+- tolower((unsigned char) (l)) : (l))
++#define EATAB {while (isascii(CAST(unsigned char, *l)) && \
++ isspace(CAST(unsigned char, *l))) ++l;}
++#define LOWCASE(l) (isupper(CAST(unsigned char, l)) ? \
++ tolower(CAST(unsigned char, l)) : (l))
+ /*
+ * Work around a bug in headers on Digital Unix.
+ * At least confirmed for: OSF1 V4.0 878
+@@ -78,8 +78,8 @@
+ #define MAP_FILE 0
+ #endif
+
+-#define ALLOC_CHUNK (size_t)10
+-#define ALLOC_INCR (size_t)200
++#define ALLOC_CHUNK CAST(size_t, 10)
++#define ALLOC_INCR CAST(size_t, 200)
+
+ #define MAP_TYPE_USER 0
+ #define MAP_TYPE_MALLOC 1
+@@ -309,7 +309,7 @@
+ {
+ int type;
+
+- if (isalpha((unsigned char)l[1])) {
++ if (isalpha(CAST(unsigned char, l[1]))) {
+ switch (l[1]) {
+ case 'C':
+ /* "dC" and "uC" */
+@@ -344,7 +344,7 @@
+ return FILE_INVALID;
+ }
+ l += 2;
+- } else if (isdigit((unsigned char)l[1])) {
++ } else if (isdigit(CAST(unsigned char, l[1]))) {
+ /*
+ * "d{num}" and "u{num}"; we only support {num} values
+ * of 1, 2, 4, and 8 - the Single UNIX Specification
+@@ -355,7 +355,7 @@
+ * neither of them support values bigger than 8 or
+ * non-power-of-2 values.
+ */
+- if (isdigit((unsigned char)l[2])) {
++ if (isdigit(CAST(unsigned char, l[2]))) {
+ /* Multi-digit, so > 9 */
+ return FILE_INVALID;
+ }
+@@ -441,8 +441,8 @@
+
+ if (magicsize != FILE_MAGICSIZE) {
+ file_error(ms, 0, "magic element size %lu != %lu",
+- (unsigned long)sizeof(*map->magic[0]),
+- (unsigned long)FILE_MAGICSIZE);
++ CAST(unsigned long, sizeof(*map->magic[0])),
++ CAST(unsigned long, FILE_MAGICSIZE));
+ return -1;
+ }
+
+@@ -455,7 +455,7 @@
+
+ #ifndef COMPILE_ONLY
+ map = apprentice_map(ms, fn);
+- if (map == (struct magic_map *)-1)
++ if (map == RCAST(struct magic_map *, -1))
+ return -1;
+ if (map == NULL) {
+ if (ms->flags & MAGIC_CHECK)
+@@ -507,7 +507,7 @@
+ struct magic_set *ms;
+ size_t i, len;
+
+- if ((ms = CAST(struct magic_set *, calloc((size_t)1,
++ if ((ms = CAST(struct magic_set *, calloc(CAST(size_t, 1u),
+ sizeof(struct magic_set)))) == NULL)
+ return NULL;
+
+@@ -1585,7 +1585,7 @@
+
+ for (p = cond_tbl; p->len; p++) {
+ if (strncmp(l, p->name, p->len) == 0 &&
+- isspace((unsigned char)l[p->len])) {
++ isspace(CAST(unsigned char, l[p->len]))) {
+ if (t)
+ *t = l + p->len;
+ break;
+@@ -1643,7 +1643,7 @@
+ {
+ const char *l = *lp;
+
+- while (!isspace((unsigned char)*++l))
++ while (!isspace(CAST(unsigned char, *++l)))
+ switch (*l) {
+ case CHAR_INDIRECT_RELATIVE:
+ m->str_flags |= INDIRECT_RELATIVE;
+@@ -1669,7 +1669,7 @@
+
+ ++l;
+ m->mask_op |= op;
+- val = (uint64_t)strtoull(l, &t, 0);
++ val = CAST(uint64_t, strtoull(l, &t, 0));
+ l = t;
+ m->num_mask = file_signextend(ms, m, val);
+ eatsize(&l);
+@@ -1683,7 +1683,7 @@
+ char *t;
+ int have_range = 0;
+
+- while (!isspace((unsigned char)*++l)) {
++ while (!isspace(CAST(unsigned char, *++l))) {
+ switch (*l) {
+ case '0': case '1': case '2':
+ case '3': case '4': case '5':
+@@ -1765,7 +1765,7 @@
+ goto out;
+ }
+ /* allow multiple '/' for readability */
+- if (l[1] == '/' && !isspace((unsigned char)l[2]))
++ if (l[1] == '/' && !isspace(CAST(unsigned char, l[2])))
+ l++;
+ }
+ if (string_modifier_check(ms, m) == -1)
+@@ -1820,7 +1820,7 @@
+ return -1;
+ }
+ m = &me->mp[me->cont_count - 1];
+- diff = (int32_t)cont_level - (int32_t)m->cont_level;
++ diff = CAST(int32_t, cont_level) - CAST(int32_t, m->cont_level);
+ if (diff > 1)
+ file_magwarn(ms, "New continuation level %u is more "
+ "than one larger than current level %u", cont_level,
+@@ -1879,7 +1879,7 @@
+ }
+
+ /* get offset, then skip over it */
+- m->offset = (uint32_t)strtoul(l, &t, 0);
++ m->offset = CAST(int32_t, strtoul(l, &t, 0));
+ if (l == t) {
+ if (ms->flags & MAGIC_CHECK)
+ file_magwarn(ms, "offset `%s' invalid", l);
+@@ -1960,8 +1960,8 @@
+ m->in_op |= FILE_OPINDIRECT;
+ l++;
+ }
+- if (isdigit((unsigned char)*l) || *l == '-') {
+- m->in_offset = (int32_t)strtol(l, &t, 0);
++ if (isdigit(CAST(unsigned char, *l)) || *l == '-') {
++ m->in_offset = CAST(int32_t, strtol(l, &t, 0));
+ if (l == t) {
+ if (ms->flags & MAGIC_CHECK)
+ file_magwarn(ms,
+@@ -2024,7 +2024,8 @@
+ */
+ if (*l == 'd')
+ m->type = get_standard_integer_type(l, &l);
+- else if (*l == 's' && !isalpha((unsigned char)l[1])) {
++ else if (*l == 's'
++ && !isalpha(CAST(unsigned char, l[1]))) {
+ m->type = FILE_STRING;
+ ++l;
+ }
+@@ -2114,8 +2115,8 @@
+ break;
+ default:
+ m->reln = '='; /* the default relation */
+- if (*l == 'x' && ((isascii((unsigned char)l[1]) &&
+- isspace((unsigned char)l[1])) || !l[1])) {
++ if (*l == 'x' && ((isascii(CAST(unsigned char, l[1])) &&
++ isspace(CAST(unsigned char, l[1]))) || !l[1])) {
+ m->reln = *l;
+ ++l;
+ }
+@@ -2212,11 +2213,11 @@
+ file_magwarn(ms, "Too large factor `%lu'", factor);
+ goto out;
+ }
+- if (*el && !isspace((unsigned char)*el)) {
++ if (*el && !isspace(CAST(unsigned char, *el))) {
+ file_magwarn(ms, "Bad factor `%s'", l);
+ goto out;
+ }
+- m->factor = (uint8_t)factor;
++ m->factor = CAST(uint8_t, factor);
+ if (m->factor == 0 && m->factor_op == FILE_FACTOR_OP_DIV) {
+ file_magwarn(ms, "Cannot have factor op `%c' and factor %u",
+ m->factor_op, m->factor);
+@@ -2247,7 +2248,7 @@
+ if (buf[0] != '\0') {
+ len = nt ? strlen(buf) : len;
+ file_magwarn(ms, "Current entry already has a %s type "
+- "`%.*s', new type `%s'", name, (int)len, buf, l);
++ "`%.*s', new type `%s'", name, CAST(int, len), buf, l);
+ return -1;
+ }
+
+@@ -2268,7 +2269,7 @@
+ file_magwarn(ms, "%s type `%s' truncated %"
+ SIZE_T_FORMAT "u", name, line, i);
+ } else {
+- if (!isspace((unsigned char)*l) && !goodchar(*l, extra))
++ if (!isspace(CAST(unsigned char, *l)) && !goodchar(*l, extra))
+ file_magwarn(ms, "%s type `%s' has bad char '%c'",
+ name, line, *l);
+ if (nt)
+@@ -2368,7 +2369,7 @@
+ if (*ptr == '.')
+ ptr++;
+ #define CHECKLEN() do { \
+- for (len = cnt = 0; isdigit((unsigned char)*ptr); ptr++, cnt++) \
++ for (len = cnt = 0; isdigit(CAST(unsigned char, *ptr)); ptr++, cnt++) \
+ len = len * 10 + (*ptr - '0'); \
+ if (cnt > 5 || len > 1024) \
+ goto toolong; \
+@@ -2486,11 +2487,11 @@
+ case FILE_FMT_STR:
+ if (*ptr == '-')
+ ptr++;
+- while (isdigit((unsigned char )*ptr))
++ while (isdigit(CAST(unsigned char, *ptr)))
+ ptr++;
+ if (*ptr == '.') {
+ ptr++;
+- while (isdigit((unsigned char )*ptr))
++ while (isdigit(CAST(unsigned char , *ptr)))
+ ptr++;
+ }
+
+@@ -2634,7 +2635,7 @@
+ char *ep;
+ errno = 0;
+ m->value.q = file_signextend(ms, m,
+- (uint64_t)strtoull(*p, &ep, 0));
++ CAST(uint64_t, strtoull(*p, &ep, 0)));
+ if (errno == 0) {
+ *p = ep;
+ eatsize(p);
+@@ -2969,11 +2970,11 @@
+ goto error;
+ }
+
+- map->len = (size_t)st.st_size;
++ map->len = CAST(size_t, st.st_size);
+ #ifdef QUICK
+ map->type = MAP_TYPE_MMAP;
+- if ((map->p = mmap(0, (size_t)st.st_size, PROT_READ|PROT_WRITE,
+- MAP_PRIVATE|MAP_FILE, fd, (off_t)0)) == MAP_FAILED) {
++ if ((map->p = mmap(0, CAST(size_t, st.st_size), PROT_READ|PROT_WRITE,
++ MAP_PRIVATE|MAP_FILE, fd, CAST(off_t, 0))) == MAP_FAILED) {
+ file_error(ms, errno, "cannot map `%s'", dbname);
+ goto error;
+ }
+@@ -2993,11 +2994,11 @@
+ fd = -1;
+
+ if (check_buffer(ms, map, dbname) != 0) {
+- rv = (struct magic_map *)-1;
++ rv = RCAST(struct magic_map *, -1);
+ goto error;
+ }
+ #ifdef QUICK
+- if (mprotect(map->p, (size_t)st.st_size, PROT_READ) == -1) {
++ if (mprotect(map->p, CAST(size_t, st.st_size), PROT_READ) == -1) {
+ file_error(ms, errno, "cannot mprotect `%s'", dbname);
+ goto error;
+ }
+@@ -3041,7 +3042,7 @@
+ VERSIONNO, dbname, version);
+ return -1;
+ }
+- entries = (uint32_t)(map->len / sizeof(struct magic));
++ entries = CAST(uint32_t, map->len / sizeof(struct magic));
+ if ((entries * sizeof(struct magic)) != map->len) {
+ file_error(ms, 0, "Size of `%s' %" SIZE_T_FORMAT "u is not "
+ "a multiple of %" SIZE_T_FORMAT "u",
+@@ -3103,14 +3104,14 @@
+ hdr.h[1] = VERSIONNO;
+ memcpy(hdr.h + 2, map->nmagic, nm);
+
+- if (write(fd, &hdr, sizeof(hdr)) != (ssize_t)sizeof(hdr)) {
++ if (write(fd, &hdr, sizeof(hdr)) != CAST(ssize_t, sizeof(hdr))) {
+ file_error(ms, errno, "error writing `%s'", dbname);
+ goto out;
+ }
+
+ for (i = 0; i < MAGIC_SETS; i++) {
+ len = m * map->nmagic[i];
+- if (write(fd, map->magic[i], len) != (ssize_t)len) {
++ if (write(fd, map->magic[i], len) != CAST(ssize_t, len)) {
+ file_error(ms, errno, "error writing `%s'", dbname);
+ goto out;
+ }
+@@ -3155,7 +3156,8 @@
+ q++;
+ /* Compatibility with old code that looked in .mime */
+ if (ms->flags & MAGIC_MIME) {
+- if (asprintf(&buf, "%.*s.mime%s", (int)(q - fn), fn, ext) < 0)
++ if (asprintf(&buf, "%.*s.mime%s", CAST(int, q - fn), fn, ext)
++ < 0)
+ return NULL;
+ if (access(buf, R_OK) != -1) {
+ ms->flags &= MAGIC_MIME_TYPE;
+@@ -3163,7 +3165,7 @@
+ }
+ free(buf);
+ }
+- if (asprintf(&buf, "%.*s%s", (int)(q - fn), fn, ext) < 0)
++ if (asprintf(&buf, "%.*s%s", CAST(int, q - fn), fn, ext) < 0)
+ return NULL;
+
+ /* Compatibility with old code that looked in .mime */
+@@ -3190,8 +3192,8 @@
+ swap2(uint16_t sv)
+ {
+ uint16_t rv;
+- uint8_t *s = (uint8_t *)(void *)&sv;
+- uint8_t *d = (uint8_t *)(void *)&rv;
++ uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv));
++ uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv));
+ d[0] = s[1];
+ d[1] = s[0];
+ return rv;
+@@ -3204,8 +3206,8 @@
+ swap4(uint32_t sv)
+ {
+ uint32_t rv;
+- uint8_t *s = (uint8_t *)(void *)&sv;
+- uint8_t *d = (uint8_t *)(void *)&rv;
++ uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv));
++ uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv));
+ d[0] = s[3];
+ d[1] = s[2];
+ d[2] = s[1];
+@@ -3220,8 +3222,8 @@
+ swap8(uint64_t sv)
+ {
+ uint64_t rv;
+- uint8_t *s = (uint8_t *)(void *)&sv;
+- uint8_t *d = (uint8_t *)(void *)&rv;
++ uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv));
++ uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv));
+ #if 0
+ d[0] = s[3];
+ d[1] = s[2];
+@@ -3251,9 +3253,9 @@
+ bs1(struct magic *m)
+ {
+ m->cont_level = swap2(m->cont_level);
+- m->offset = swap4((uint32_t)m->offset);
+- m->in_offset = swap4((uint32_t)m->in_offset);
+- m->lineno = swap4((uint32_t)m->lineno);
++ m->offset = swap4(CAST(uint32_t, m->offset));
++ m->in_offset = swap4(CAST(uint32_t, m->in_offset));
++ m->lineno = swap4(CAST(uint32_t, m->lineno));
+ if (IS_STRING(m->type)) {
+ m->str_range = swap4(m->str_range);
+ m->str_flags = swap4(m->str_flags);
+@@ -3285,7 +3287,7 @@
+ file_pstring_get_length(const struct magic *m, const char *ss)
+ {
+ size_t len = 0;
+- const unsigned char *s = (const unsigned char *)ss;
++ const unsigned char *s = RCAST(const unsigned char *, ss);
+ unsigned int s3, s2, s1, s0;
+
+ switch (m->str_flags & PSTRING_LEN) {
+--- a/src/ascmagic.c
++++ b/src/ascmagic.c
+@@ -117,7 +117,7 @@
+ int n_nel = 0;
+ int executable = 0;
+
+- size_t last_line_end = (size_t)-1;
++ size_t last_line_end = CAST(size_t, -1);
+ int has_long_lines = 0;
+
+ nbytes = trim_nuls(buf, nbytes);
+@@ -141,7 +141,7 @@
+ == NULL)
+ goto done;
+ if ((rv = file_softmagic(ms, utf8_buf,
+- (size_t)(utf8_end - utf8_buf), NULL, NULL,
++ CAST(size_t, utf8_end - utf8_buf), NULL, NULL,
+ TEXTTEST, text)) == 0)
+ rv = -1;
+ if ((ms->flags & (MAGIC_APPLE|MAGIC_EXTENSION))) {
+@@ -317,42 +317,42 @@
+ if (ubuf[i] <= 0x7f) {
+ if (end - buf < 1)
+ return NULL;
+- *buf++ = (unsigned char)ubuf[i];
++ *buf++ = CAST(unsigned char, ubuf[i]);
+ } else if (ubuf[i] <= 0x7ff) {
+ if (end - buf < 2)
+ return NULL;
+- *buf++ = (unsigned char)((ubuf[i] >> 6) + 0xc0);
+- *buf++ = (unsigned char)((ubuf[i] & 0x3f) + 0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] >> 6) + 0xc0);
++ *buf++ = CAST(unsigned char, (ubuf[i] & 0x3f) + 0x80);
+ } else if (ubuf[i] <= 0xffff) {
+ if (end - buf < 3)
+ return NULL;
+- *buf++ = (unsigned char)((ubuf[i] >> 12) + 0xe0);
+- *buf++ = (unsigned char)(((ubuf[i] >> 6) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)((ubuf[i] & 0x3f) + 0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] >> 12) + 0xe0);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 6) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] & 0x3f) + 0x80);
+ } else if (ubuf[i] <= 0x1fffff) {
+ if (end - buf < 4)
+ return NULL;
+- *buf++ = (unsigned char)((ubuf[i] >> 18) + 0xf0);
+- *buf++ = (unsigned char)(((ubuf[i] >> 12) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)(((ubuf[i] >> 6) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)((ubuf[i] & 0x3f) + 0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] >> 18) + 0xf0);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 12) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 6) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] & 0x3f) + 0x80);
+ } else if (ubuf[i] <= 0x3ffffff) {
+ if (end - buf < 5)
+ return NULL;
+- *buf++ = (unsigned char)((ubuf[i] >> 24) + 0xf8);
+- *buf++ = (unsigned char)(((ubuf[i] >> 18) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)(((ubuf[i] >> 12) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)(((ubuf[i] >> 6) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)((ubuf[i] & 0x3f) + 0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] >> 24) + 0xf8);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 18) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 12) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 6) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] & 0x3f) + 0x80);
+ } else if (ubuf[i] <= 0x7fffffff) {
+ if (end - buf < 6)
+ return NULL;
+- *buf++ = (unsigned char)((ubuf[i] >> 30) + 0xfc);
+- *buf++ = (unsigned char)(((ubuf[i] >> 24) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)(((ubuf[i] >> 18) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)(((ubuf[i] >> 12) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)(((ubuf[i] >> 6) & 0x3f) +
0x80);
+- *buf++ = (unsigned char)((ubuf[i] & 0x3f) + 0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] >> 30) + 0xfc);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 24) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 18) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 12) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, ((ubuf[i] >> 6) & 0x3f) +
0x80);
++ *buf++ = CAST(unsigned char, (ubuf[i] & 0x3f) + 0x80);
+ } else /* Invalid character */
+ return NULL;
+ }
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -68,11 +68,14 @@
+ uint32_t u;
+ } cdf_bo;
+
+-#define NEED_SWAP (cdf_bo.u == (uint32_t)0x01020304)
++#define NEED_SWAP (cdf_bo.u == CAST(uint32_t, 0x01020304))
+
+-#define CDF_TOLE8(x) ((uint64_t)(NEED_SWAP ? _cdf_tole8(x) : (uint64_t)(x)))
+-#define CDF_TOLE4(x) ((uint32_t)(NEED_SWAP ? _cdf_tole4(x) : (uint32_t)(x)))
+-#define CDF_TOLE2(x) ((uint16_t)(NEED_SWAP ? _cdf_tole2(x) : (uint16_t)(x)))
++#define CDF_TOLE8(x) \
++ (CAST(uint64_t, NEED_SWAP ? _cdf_tole8(x) : CAST(uint64_t, x)))
++#define CDF_TOLE4(x) \
++ (CAST(uint32_t, NEED_SWAP ? _cdf_tole4(x) : CAST(uint32_t, x)))
++#define CDF_TOLE2(x) \
++ (CAST(uint16_t, NEED_SWAP ? _cdf_tole2(x) : CAST(uint16_t, x)))
+ #define CDF_TOLE(x) (/*CONSTCOND*/sizeof(x) == 2 ? \
+ CDF_TOLE2(CAST(uint16_t, x)) : \
+ (/*CONSTCOND*/sizeof(x) == 4 ? \
+@@ -110,8 +113,8 @@
+ _cdf_tole2(uint16_t sv)
+ {
+ uint16_t rv;
+- uint8_t *s = (uint8_t *)(void *)&sv;
+- uint8_t *d = (uint8_t *)(void *)&rv;
++ uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv));
++ uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv));
+ d[0] = s[1];
+ d[1] = s[0];
+ return rv;
+@@ -124,8 +127,8 @@
+ _cdf_tole4(uint32_t sv)
+ {
+ uint32_t rv;
+- uint8_t *s = (uint8_t *)(void *)&sv;
+- uint8_t *d = (uint8_t *)(void *)&rv;
++ uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv));
++ uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv));
+ d[0] = s[3];
+ d[1] = s[2];
+ d[2] = s[1];
+@@ -140,8 +143,8 @@
+ _cdf_tole8(uint64_t sv)
+ {
+ uint64_t rv;
+- uint8_t *s = (uint8_t *)(void *)&sv;
+- uint8_t *d = (uint8_t *)(void *)&rv;
++ uint8_t *s = RCAST(uint8_t *, RCAST(void *, &sv));
++ uint8_t *d = RCAST(uint8_t *, RCAST(void *, &rv));
+ d[0] = s[7];
+ d[1] = s[6];
+ d[2] = s[5];
+@@ -206,15 +209,17 @@
+ h->h_min_size_standard_stream =
+ CDF_TOLE4(h->h_min_size_standard_stream);
+ h->h_secid_first_sector_in_short_sat =
+- CDF_TOLE4((uint32_t)h->h_secid_first_sector_in_short_sat);
++ CDF_TOLE4(CAST(uint32_t, h->h_secid_first_sector_in_short_sat));
+ h->h_num_sectors_in_short_sat =
+ CDF_TOLE4(h->h_num_sectors_in_short_sat);
+ h->h_secid_first_sector_in_master_sat =
+- CDF_TOLE4((uint32_t)h->h_secid_first_sector_in_master_sat);
++ CDF_TOLE4(CAST(uint32_t, h->h_secid_first_sector_in_master_sat));
+ h->h_num_sectors_in_master_sat =
+ CDF_TOLE4(h->h_num_sectors_in_master_sat);
+- for (i = 0; i < __arraycount(h->h_master_sat); i++)
+- h->h_master_sat[i] = CDF_TOLE4((uint32_t)h->h_master_sat[i]);
++ for (i = 0; i < __arraycount(h->h_master_sat); i++) {
++ h->h_master_sat[i] =
++ CDF_TOLE4(CAST(uint32_t, h->h_master_sat[i]));
++ }
+ }
+
+ void
+@@ -247,15 +252,16 @@
+ cdf_swap_dir(cdf_directory_t *d)
+ {
+ d->d_namelen = CDF_TOLE2(d->d_namelen);
+- d->d_left_child = CDF_TOLE4((uint32_t)d->d_left_child);
+- d->d_right_child = CDF_TOLE4((uint32_t)d->d_right_child);
+- d->d_storage = CDF_TOLE4((uint32_t)d->d_storage);
++ d->d_left_child = CDF_TOLE4(CAST(uint32_t, d->d_left_child));
++ d->d_right_child = CDF_TOLE4(CAST(uint32_t, d->d_right_child));
++ d->d_storage = CDF_TOLE4(CAST(uint32_t, d->d_storage));
+ d->d_storage_uuid[0] = CDF_TOLE8(d->d_storage_uuid[0]);
+ d->d_storage_uuid[1] = CDF_TOLE8(d->d_storage_uuid[1]);
+ d->d_flags = CDF_TOLE4(d->d_flags);
+- d->d_created = CDF_TOLE8((uint64_t)d->d_created);
+- d->d_modified = CDF_TOLE8((uint64_t)d->d_modified);
+- d->d_stream_first_sector =
CDF_TOLE4((uint32_t)d->d_stream_first_sector);
++ d->d_created = CDF_TOLE8(CAST(uint64_t, d->d_created));
++ d->d_modified = CDF_TOLE8(CAST(uint64_t, d->d_modified));
++ d->d_stream_first_sector = CDF_TOLE4(
++ CAST(uint32_t, d->d_stream_first_sector));
+ d->d_size = CDF_TOLE4(d->d_size);
+ }
+
+@@ -312,11 +318,11 @@
+ cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h,
+ const void *p, size_t tail, int line)
+ {
+- const char *b = (const char *)sst->sst_tab;
+- const char *e = ((const char *)p) + tail;
++ const char *b = RCAST(const char *, sst->sst_tab);
++ const char *e = RCAST(const char *, p) + tail;
+ size_t ss = cdf_check_stream(sst, h);
+ /*LINTED*/(void)&line;
+- if (e >= b && (size_t)(e - b) <= ss * sst->sst_len)
++ if (e >= b && CAST(size_t, e - b) <= ss * sst->sst_len)
+ return 0;
+ DPRINTF(("%d: offset begin %p < end %p || %" SIZE_T_FORMAT "u"
+ " > %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %"
+@@ -329,23 +335,23 @@
+ static ssize_t
+ cdf_read(const cdf_info_t *info, off_t off, void *buf, size_t len)
+ {
+- size_t siz = (size_t)off + len;
++ size_t siz = CAST(size_t, off + len);
+
+- if ((off_t)(off + len) != (off_t)siz)
++ if (CAST(off_t, off + len) != CAST(off_t, siz))
+ goto out;
+
+ if (info->i_buf != NULL && info->i_len >= siz) {
+ (void)memcpy(buf, &info->i_buf[off], len);
+- return (ssize_t)len;
++ return CAST(ssize_t, len);
+ }
+
+ if (info->i_fd == -1)
+ goto out;
+
+- if (pread(info->i_fd, buf, len, off) != (ssize_t)len)
++ if (pread(info->i_fd, buf, len, off) != CAST(ssize_t, len))
+ return -1;
+
+- return (ssize_t)len;
++ return CAST(ssize_t, len);
+ out:
+ errno = EINVAL;
+ return -1;
+@@ -357,7 +363,7 @@
+ char buf[512];
+
+ (void)memcpy(cdf_bo.s, "\01\02\03\04", 4);
+- if (cdf_read(info, (off_t)0, buf, sizeof(buf)) == -1)
++ if (cdf_read(info, CAST(off_t, 0), buf, sizeof(buf)) == -1)
+ return -1;
+ cdf_unpack_header(h, buf);
+ cdf_swap_header(h);
+@@ -391,7 +397,7 @@
+ size_t ss = CDF_SEC_SIZE(h);
+ size_t pos = CDF_SEC_POS(h, id);
+ assert(ss == len);
+- return cdf_read(info, (off_t)pos, ((char *)buf) + offs, len);
++ return cdf_read(info, CAST(off_t, pos), RCAST(char *, buf) + offs, len);
+ }
+
+ ssize_t
+@@ -407,8 +413,8 @@
+ pos + len, CDF_SEC_SIZE(h) * sst->sst_len));
+ goto out;
+ }
+- (void)memcpy(((char *)buf) + offs,
+- ((const char *)sst->sst_tab) + pos, len);
++ (void)memcpy(RCAST(char *, buf) + offs,
++ RCAST(const char *, sst->sst_tab) + pos, len);
+ return len;
+ out:
+ errno = EFTYPE;
+@@ -451,7 +457,7 @@
+ if (h->h_master_sat[i] < 0)
+ break;
+ if (cdf_read_sector(info, sat->sat_tab, ss * i, ss, h,
+- h->h_master_sat[i]) != (ssize_t)ss) {
++ h->h_master_sat[i]) != CAST(ssize_t, ss)) {
+ DPRINTF(("Reading sector %d", h->h_master_sat[i]));
+ goto out1;
+ }
+@@ -468,12 +474,13 @@
+ DPRINTF(("Reading master sector loop limit"));
+ goto out3;
+ }
+- if (cdf_read_sector(info, msa, 0, ss, h, mid) != (ssize_t)ss) {
++ if (cdf_read_sector(info, msa, 0, ss, h, mid) !=
++ CAST(ssize_t, ss)) {
+ DPRINTF(("Reading master sector %d", mid));
+ goto out2;
+ }
+ for (k = 0; k < nsatpersec; k++, i++) {
+- sec = CDF_TOLE4((uint32_t)msa[k]);
++ sec = CDF_TOLE4(CAST(uint32_t, msa[k]));
+ if (sec < 0)
+ goto out;
+ if (i >= sat->sat_len) {
+@@ -482,13 +489,13 @@
+ goto out3;
+ }
+ if (cdf_read_sector(info, sat->sat_tab, ss * i, ss, h,
+- sec) != (ssize_t)ss) {
++ sec) != CAST(ssize_t, ss)) {
+ DPRINTF(("Reading sector %d",
+ CDF_TOLE4(msa[k])));
+ goto out2;
+ }
+ }
+- mid = CDF_TOLE4((uint32_t)msa[nsatpersec]);
++ mid = CDF_TOLE4(CAST(uint32_t, msa[nsatpersec]));
+ }
+ out:
+ sat->sat_len = i;
+@@ -507,7 +514,7 @@
+ cdf_count_chain(const cdf_sat_t *sat, cdf_secid_t sid, size_t size)
+ {
+ size_t i, j;
+- cdf_secid_t maxsector = (cdf_secid_t)((sat->sat_len * size)
++ cdf_secid_t maxsector = CAST(cdf_secid_t, (sat->sat_len * size)
+ / sizeof(maxsector));
+
+ DPRINTF(("Chain:"));
+@@ -527,7 +534,7 @@
+ DPRINTF(("Sector %d >= %d\n", sid, maxsector));
+ goto out;
+ }
+- sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]);
++ sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid]));
+ }
+ if (i == 0) {
+ DPRINTF((" none, sid: %d\n", sid));
+@@ -538,7 +545,7 @@
+ return i;
+ out:
+ errno = EFTYPE;
+- return (size_t)-1;
++ return CAST(size_t, -1);
+ }
+
+ int
+@@ -555,7 +562,7 @@
+ if (sid == CDF_SECID_END_OF_CHAIN || len == 0)
+ return cdf_zero_stream(scn);
+
+- if (scn->sst_len == (size_t)-1)
++ if (scn->sst_len == CAST(size_t, -1))
+ goto out;
+
+ scn->sst_tab = CDF_CALLOC(scn->sst_len, ss);
+@@ -574,7 +581,7 @@
+ goto out;
+ }
+ if ((nr = cdf_read_sector(info, scn->sst_tab, i * ss, ss, h,
+- sid)) != (ssize_t)ss) {
++ sid)) != CAST(ssize_t, ss)) {
+ if (i == scn->sst_len - 1 && nr > 0) {
+ /* Last sector might be truncated */
+ return 0;
+@@ -582,7 +589,7 @@
+ DPRINTF(("Reading long sector chain %d", sid));
+ goto out;
+ }
+- sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]);
++ sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid]));
+ }
+ return 0;
+ out:
+@@ -601,7 +608,7 @@
+ scn->sst_dirlen = len;
+ scn->sst_ss = ss;
+
+- if (scn->sst_len == (size_t)-1)
++ if (scn->sst_len == CAST(size_t, -1))
+ goto out;
+
+ scn->sst_tab = CDF_CALLOC(scn->sst_len, ss);
+@@ -620,11 +627,11 @@
+ goto out;
+ }
+ if (cdf_read_short_sector(sst, scn->sst_tab, i * ss, ss, h,
+- sid) != (ssize_t)ss) {
++ sid) != CAST(ssize_t, ss)) {
+ DPRINTF(("Reading short sector chain %d", sid));
+ goto out;
+ }
+- sid = CDF_TOLE4((uint32_t)ssat->sat_tab[sid]);
++ sid = CDF_TOLE4(CAST(uint32_t, ssat->sat_tab[sid]));
+ }
+ return 0;
+ out:
+@@ -655,7 +662,7 @@
+ cdf_secid_t sid = h->h_secid_first_directory;
+
+ ns = cdf_count_chain(sat, sid, ss);
+- if (ns == (size_t)-1)
++ if (ns == CAST(size_t, -1))
+ return -1;
+
+ nd = ss / CDF_DIRECTORY_SIZE;
+@@ -676,7 +683,8 @@
+ DPRINTF(("Read dir loop limit"));
+ goto out;
+ }
+- if (cdf_read_sector(info, buf, 0, ss, h, sid) != (ssize_t)ss) {
++ if (cdf_read_sector(info, buf, 0, ss, h, sid) !=
++ CAST(ssize_t, ss)) {
+ DPRINTF(("Reading directory sector %d", sid));
+ goto out;
+ }
+@@ -684,7 +692,7 @@
+ cdf_unpack_dir(&dir->dir_tab[i * nd + j],
+ &buf[j * CDF_DIRECTORY_SIZE]);
+ }
+- sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]);
++ sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid]));
+ }
+ if (NEED_SWAP)
+ for (i = 0; i < dir->dir_len; i++)
+@@ -709,7 +717,7 @@
+
+ ssat->sat_tab = NULL;
+ ssat->sat_len = cdf_count_chain(sat, sid, ss);
+- if (ssat->sat_len == (size_t)-1)
++ if (ssat->sat_len == CAST(size_t, -1))
+ goto out;
+
+ ssat->sat_tab = CAST(cdf_secid_t *, CDF_CALLOC(ssat->sat_len, ss));
+@@ -728,11 +736,11 @@
+ goto out;
+ }
+ if (cdf_read_sector(info, ssat->sat_tab, i * ss, ss, h, sid) !=
+- (ssize_t)ss) {
++ CAST(ssize_t, ss)) {
+ DPRINTF(("Reading short sat sector %d", sid));
+ goto out1;
+ }
+- sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]);
++ sid = CDF_TOLE4(CAST(uint32_t, sat->sat_tab[sid]));
+ }
+ return 0;
+ out:
+@@ -782,7 +790,7 @@
+ {
+ for (; l--; d++, s++)
+ if (*d != CDF_TOLE2(*s))
+- return (unsigned char)*d - CDF_TOLE2(*s);
++ return CAST(unsigned char, *d) - CDF_TOLE2(*s);
+ return 0;
+ }
+
+@@ -913,7 +921,7 @@
+ if (inp->pi_type & CDF_VECTOR)
+ return 0;
+
+- if ((size_t)(CAST(const char *, e) - CAST(const char *, p)) < len)
++ if (CAST(size_t, CAST(const char *, e) - CAST(const char *, p)) < len)
+ return 0;
+
+ (void)memcpy(&inp->pi_val, p, len);
+@@ -1099,8 +1107,9 @@
+ const cdf_summary_info_header_t *si =
+ CAST(const cdf_summary_info_header_t *, sst->sst_tab);
+ const cdf_section_declaration_t *sd =
+- CAST(const cdf_section_declaration_t *, (const void *)
+- ((const char *)sst->sst_tab + CDF_SECTION_DECLARATION_OFFSET));
++ CAST(const cdf_section_declaration_t *, RCAST(const void *,
++ RCAST(const char *, sst->sst_tab)
++ + CDF_SECTION_DECLARATION_OFFSET));
+
+ if (cdf_check_stream_offset(sst, h, si, sizeof(*si), __LINE__) == -1 ||
+ cdf_check_stream_offset(sst, h, sd, sizeof(*sd), __LINE__) == -1)
+@@ -1251,28 +1260,28 @@
+ int days, hours, mins, secs;
+
+ ts /= CDF_TIME_PREC;
+- secs = (int)(ts % 60);
++ secs = CAST(int, ts % 60);
+ ts /= 60;
+- mins = (int)(ts % 60);
++ mins = CAST(int, ts % 60);
+ ts /= 60;
+- hours = (int)(ts % 24);
++ hours = CAST(int, ts % 24);
+ ts /= 24;
+- days = (int)ts;
++ days = CAST(int, ts);
+
+ if (days) {
+ len += snprintf(buf + len, bufsiz - len, "%dd+", days);
+- if ((size_t)len >= bufsiz)
++ if (CAST(size_t, len) >= bufsiz)
+ return len;
+ }
+
+ if (days || hours) {
+ len += snprintf(buf + len, bufsiz - len, "%.2d:", hours);
+- if ((size_t)len >= bufsiz)
++ if (CAST(size_t, len) >= bufsiz)
+ return len;
+ }
+
+ len += snprintf(buf + len, bufsiz - len, "%.2d:", mins);
+- if ((size_t)len >= bufsiz)
++ if (CAST(size_t, len) >= bufsiz)
+ return len;
+
+ len += snprintf(buf + len, bufsiz - len, "%.2d", secs);
+@@ -1284,7 +1293,7 @@
+ {
+ size_t i;
+ for (i = 0; i < len && p[i]; i++)
+- buf[i] = (char)p[i];
++ buf[i] = CAST(char, p[i]);
+ buf[i] = '\0';
+ return buf;
+ }
+--- a/src/cdf.h
++++ b/src/cdf.h
+@@ -76,9 +76,9 @@
+ cdf_secid_t h_master_sat[436/4];
+ } cdf_header_t;
+
+-#define CDF_SEC_SIZE(h) ((size_t)(1 << (h)->h_sec_size_p2))
++#define CDF_SEC_SIZE(h) CAST(size_t, 1 << (h)->h_sec_size_p2)
+ #define CDF_SEC_POS(h, secid) (CDF_SEC_SIZE(h) + (secid) * CDF_SEC_SIZE(h))
+-#define CDF_SHORT_SEC_SIZE(h) ((size_t)(1 << (h)->h_short_sec_size_p2))
++#define CDF_SHORT_SEC_SIZE(h) CAST(size_t, 1 << (h)->h_short_sec_size_p2)
+ #define CDF_SHORT_SEC_POS(h, secid) ((secid) * CDF_SHORT_SEC_SIZE(h))
+
+ typedef int32_t cdf_dirid_t;
+--- a/src/cdf_time.c
++++ b/src/cdf_time.c
+@@ -90,9 +90,9 @@
+ if (m == 1 && isleap(year))
+ days--;
+ if (days <= 0)
+- return (int)m;
++ return CAST(int, m);
+ }
+- return (int)m;
++ return CAST(int, m);
+ }
+
+ int
+@@ -108,22 +108,22 @@
+ ts->tv_nsec = (t % CDF_TIME_PREC) * 100;
+
+ t /= CDF_TIME_PREC;
+- tm.tm_sec = (int)(t % 60);
++ tm.tm_sec = CAST(int, t % 60);
+ t /= 60;
+
+- tm.tm_min = (int)(t % 60);
++ tm.tm_min = CAST(int, t % 60);
+ t /= 60;
+
+- tm.tm_hour = (int)(t % 24);
++ tm.tm_hour = CAST(int, t % 24);
+ t /= 24;
+
+ /* XXX: Approx */
+- tm.tm_year = (int)(CDF_BASE_YEAR + (t / 365));
++ tm.tm_year = CAST(int, CDF_BASE_YEAR + (t / 365));
+
+ rdays = cdf_getdays(tm.tm_year);
+ t -= rdays - 1;
+- tm.tm_mday = cdf_getday(tm.tm_year, (int)t);
+- tm.tm_mon = cdf_getmonth(tm.tm_year, (int)t);
++ tm.tm_mday = cdf_getday(tm.tm_year, CAST(int, t));
++ tm.tm_mon = cdf_getmonth(tm.tm_year, CAST(int, t));
+ tm.tm_wday = 0;
+ tm.tm_yday = 0;
+ tm.tm_isdst = 0;
+@@ -172,7 +172,7 @@
+ if (ptr != NULL)
+ return buf;
+ (void)snprintf(buf, 26, "*Bad* 0x%16.16" INT64_T_FORMAT "x\n",
+- (long long)*sec);
++ CAST(long long, *sec));
+ return buf;
+ }
+
+--- a/src/compress.c
++++ b/src/compress.c
+@@ -353,7 +353,7 @@
+ (void)ioctl(fd, FIONREAD, &t);
+ }
+
+- if (t > 0 && (size_t)t < n) {
++ if (t > 0 && CAST(size_t, t) < n) {
+ n = t;
+ rn = n;
+ }
+@@ -411,11 +411,11 @@
+ return -1;
+ }
+
+- if (swrite(tfd, startbuf, nbytes) != (ssize_t)nbytes)
++ if (swrite(tfd, startbuf, nbytes) != CAST(ssize_t, nbytes))
+ r = 1;
+ else {
+ while ((r = sread(fd, buf, sizeof(buf), 1)) > 0)
+- if (swrite(tfd, buf, (size_t)r) != r)
++ if (swrite(tfd, buf, CAST(size_t, r)) != r)
+ break;
+ }
+
+@@ -440,7 +440,7 @@
+ return -1;
+ }
+ (void)close(tfd);
+- if (lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) {
++ if (lseek(fd, CAST(off_t, 0), SEEK_SET) == CAST(off_t, -1)) {
+ file_badseek(ms);
+ return -1;
+ }
+@@ -517,7 +517,7 @@
+ if (rc != Z_OK && rc != Z_STREAM_END)
+ goto err;
+
+- *n = (size_t)z.total_out;
++ *n = CAST(size_t, z.total_out);
+ rc = inflateEnd(&z);
+ if (rc != Z_OK)
+ goto err;
+@@ -527,8 +527,8 @@
+
+ return OKDATA;
+ err:
+- strlcpy((char *)*newch, z.msg ? z.msg : zError(rc), bytes_max);
+- *n = strlen((char *)*newch);
++ strlcpy(RCAST(char *, *newch), z.msg ? z.msg : zError(rc), bytes_max);
++ *n = strlen(RCAST(char *, *newch));
+ return ERRDATA;
+ }
+ #endif
+@@ -548,7 +548,7 @@
+ *len = 0;
+ return NODATA;
+ }
+- *buf = (unsigned char *)msg;
++ *buf = RCAST(unsigned char *, msg);
+ *len = strlen(msg);
+ return ERRDATA;
+ }
+@@ -596,7 +596,7 @@
+ switch (fork()) {
+ case 0: /* child */
+ closefd(fdp[STDOUT_FILENO], 0);
+- if (swrite(fdp[STDIN_FILENO][1], old, n) != (ssize_t)n) {
++ if (swrite(fdp[STDIN_FILENO][1], old, n) != CAST(ssize_t, n)) {
+ DPRINTF("Write failed (%s)\n", strerror(errno));
+ exit(1);
+ }
+@@ -625,17 +625,17 @@
+ char *buf;
+
+ ubuf[n] = '\0';
+- buf = (char *)ubuf;
+- while (isspace((unsigned char)*buf))
++ buf = RCAST(char *, ubuf);
++ while (isspace(CAST(unsigned char, *buf)))
+ buf++;
+ DPRINTF("Filter error[[[%s]]]\n", buf);
+- if ((p = strchr((char *)buf, '\n')) != NULL)
++ if ((p = strchr(CAST(char *, buf), '\n')) != NULL)
+ *p = '\0';
+- if ((p = strchr((char *)buf, ';')) != NULL)
++ if ((p = strchr(CAST(char *, buf), ';')) != NULL)
+ *p = '\0';
+- if ((p = strrchr((char *)buf, ':')) != NULL) {
++ if ((p = strrchr(CAST(char *, buf), ':')) != NULL) {
+ ++p;
+- while (isspace((unsigned char)*p))
++ while (isspace(CAST(unsigned char, *p)))
+ p++;
+ n = strlen(p);
+ memmove(ubuf, p, CAST(size_t, n + 1));
+@@ -690,15 +690,15 @@
+ case 0: /* child */
+ if (fd != -1) {
+ fdp[STDIN_FILENO][0] = fd;
+- (void) lseek(fd, (off_t)0, SEEK_SET);
++ (void) lseek(fd, CAST(off_t, 0), SEEK_SET);
+ }
+
+ for (i = 0; i < __arraycount(fdp); i++)
+ copydesc(CAST(int, i), fdp[i]);
+
+ (void)execvp(compr[method].argv[0],
+- (char *const *)(intptr_t)compr[method].argv);
+- dprintf(STDERR_FILENO, "exec `%s' failed, %s",
++ RCAST(char *const *, RCAST(intptr_t, compr[method].argv)));
++ dprintf(STDERR_FILENO, "exec `%s' failed, %s",
+ compr[method].argv[0], strerror(errno));
+ exit(1);
+ /*NOTREACHED*/
+--- a/src/der.c
++++ b/src/der.c
+@@ -56,7 +56,7 @@
+ #include <err.h>
+ #endif
+
+-#define DER_BAD ((uint32_t)-1)
++#define DER_BAD CAST(uint32_t, -1)
+
+ #define DER_CLASS_UNIVERSAL 0
+ #define DER_CLASS_APPLICATION 1
+@@ -224,7 +224,7 @@
+ case DER_TAG_UTF8_STRING:
+ case DER_TAG_IA5_STRING:
+ case DER_TAG_UTCTIME:
+- return snprintf(buf, blen, "%.*s", len, (const char *)q);
++ return snprintf(buf, blen, "%.*s", len, RCAST(const char *, q));
+ default:
+ break;
+ }
+@@ -304,13 +304,13 @@
+ s++;
+ goto val;
+ default:
+- if (!isdigit((unsigned char)*s))
++ if (!isdigit(CAST(unsigned char, *s)))
+ return 0;
+
+ slen = 0;
+ do
+ slen = slen * 10 + *s - '0';
+- while (isdigit((unsigned char)*++s));
++ while (isdigit(CAST(unsigned char, *++s)));
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ fprintf(stderr, "%s: len %zu %u\n", __func__,
+ slen, tlen);
+--- a/src/elfclass.h
++++ b/src/elfclass.h
+@@ -41,8 +41,8 @@
+ return toomany(ms, "program headers", phnum);
+ flags |= FLAGS_IS_CORE;
+ if (dophn_core(ms, clazz, swap, fd,
+- (off_t)elf_getu(swap, elfhdr.e_phoff), phnum,
+- (size_t)elf_getu16(swap, elfhdr.e_phentsize),
++ CAST(off_t, elf_getu(swap, elfhdr.e_phoff)), phnum,
++ CAST(size_t, elf_getu16(swap, elfhdr.e_phentsize)),
+ fsize, &flags, ¬ecount) == -1)
+ return -1;
+ break;
+@@ -56,8 +56,8 @@
+ if (shnum > ms->elf_shnum_max)
+ return toomany(ms, "section", shnum);
+ if (dophn_exec(ms, clazz, swap, fd,
+- (off_t)elf_getu(swap, elfhdr.e_phoff), phnum,
+- (size_t)elf_getu16(swap, elfhdr.e_phentsize),
++ CAST(off_t, elf_getu(swap, elfhdr.e_phoff)), phnum,
++ CAST(size_t, elf_getu16(swap, elfhdr.e_phentsize)),
+ fsize, shnum, &flags, ¬ecount) == -1)
+ return -1;
+ /*FALLTHROUGH*/
+@@ -66,10 +66,10 @@
+ if (shnum > ms->elf_shnum_max)
+ return toomany(ms, "section headers", shnum);
+ if (doshn(ms, clazz, swap, fd,
+- (off_t)elf_getu(swap, elfhdr.e_shoff), shnum,
+- (size_t)elf_getu16(swap, elfhdr.e_shentsize),
++ CAST(off_t, elf_getu(swap, elfhdr.e_shoff)), shnum,
++ CAST(size_t, elf_getu16(swap, elfhdr.e_shentsize)),
+ fsize, elf_getu16(swap, elfhdr.e_machine),
+- (int)elf_getu16(swap, elfhdr.e_shstrndx),
++ CAST(int, elf_getu16(swap, elfhdr.e_shstrndx)),
+ &flags, ¬ecount) == -1)
+ return -1;
+ break;
+--- a/src/encoding.c
++++ b/src/encoding.c
+@@ -79,12 +79,12 @@
+ *code_mime = "binary";
+
+ mlen = (nbytes + 1) * sizeof((*ubuf)[0]);
+- if ((*ubuf = CAST(unichar *, calloc((size_t)1, mlen))) == NULL) {
++ if ((*ubuf = CAST(unichar *, calloc(CAST(size_t, 1), mlen))) == NULL) {
+ file_oomem(ms, mlen);
+ goto done;
+ }
+ mlen = (nbytes + 1) * sizeof(nbuf[0]);
+- if ((nbuf = CAST(unsigned char *, calloc((size_t)1, mlen))) == NULL) {
++ if ((nbuf = CAST(unsigned char *, calloc(CAST(size_t, 1), mlen))) ==
NULL) {
+ file_oomem(ms, mlen);
+ goto done;
+ }
+@@ -437,7 +437,7 @@
+ if (ubf[*ulen - 1] == 0xfffe)
+ return 0;
+ if (ubf[*ulen - 1] < 128 &&
+- text_chars[(size_t)ubf[*ulen - 1]] != T)
++ text_chars[CAST(size_t, ubf[*ulen - 1])] != T)
+ return 0;
+ }
+
+@@ -476,7 +476,7 @@
+ if (ubf[*ulen - 1] == 0xfffe)
+ return 0;
+ if (ubf[*ulen - 1] < 128 &&
+- text_chars[(size_t)ubf[*ulen - 1]] != T)
++ text_chars[CAST(size_t, ubf[*ulen - 1])] != T)
+ return 0;
+ }
+
+--- a/src/file.c
++++ b/src/file.c
+@@ -368,7 +368,8 @@
+ }
+ else {
+ size_t j, wid, nw;
+- for (wid = 0, j = (size_t)optind; j < (size_t)argc; j++) {
++ for (wid = 0, j = CAST(size_t, optind); j < CAST(size_t, argc);
++ j++) {
+ nw = file_mbswidth(argv[j]);
+ if (nw > wid)
+ wid = nw;
+@@ -510,9 +511,8 @@
+ (void)putc('\0', stdout);
+ if (nulsep < 2) {
+ (void)printf("%s", separator);
+- (void)printf("%*s ",
+- (int) (nopad ? 0 : (wid - file_mbswidth(inname))),
+- "");
++ (void)printf("%*s ", CAST(int, nopad ? 0
++ : (wid - file_mbswidth(inname))), "");
+ }
+ }
+
+@@ -539,8 +539,8 @@
+
+ while (n > 0) {
+ bytesconsumed = mbrtowc(&nextchar, s, n, &state);
+- if (bytesconsumed == (size_t)(-1) ||
+- bytesconsumed == (size_t)(-2)) {
++ if (bytesconsumed == CAST(size_t, -1) ||
++ bytesconsumed == CAST(size_t, -2)) {
+ /* Something went wrong, return something reasonable */
+ return old_n;
+ }
+@@ -598,13 +598,13 @@
+ for (sp = p - 1; sp > opts && *sp == ' '; sp--)
+ continue;
+
+- fprintf(stdout, "%.*s", (int)(p - opts), opts);
++ fprintf(stdout, "%.*s", CAST(int, p - opts), opts);
+
+ comma = 0;
+ for (i = 0; i < __arraycount(nv); i++) {
+ fprintf(stdout, "%s%s", comma++ ? ", " : "", nv[i].name);
+ if (i && i % 5 == 0) {
+- fprintf(stdout, ",\n%*s", (int)(p - sp - 1), "");
++ fprintf(stdout, ",\n%*s", CAST(int, p - sp - 1), "");
+ comma = 0;
+ }
+ }
+--- a/src/funcs.c
++++ b/src/funcs.c
+@@ -350,9 +350,9 @@
+ #define OCTALIFY(n, o) \
+ /*LINTED*/ \
+ (void)(*(n)++ = '\\', \
+- *(n)++ = (((uint32_t)*(o) >> 6) & 3) + '0', \
+- *(n)++ = (((uint32_t)*(o) >> 3) & 7) + '0', \
+- *(n)++ = (((uint32_t)*(o) >> 0) & 7) + '0', \
++ *(n)++ = ((CAST(uint32_t, *(o)) >> 6) & 3) + '0', \
++ *(n)++ = ((CAST(uint32_t, *(o)) >> 3) & 7) + '0', \
++ *(n)++ = ((CAST(uint32_t, *(o)) >> 0) & 7) + '0', \
+ (o)++)
+
+ protected const char *
+@@ -398,9 +398,9 @@
+
+ while (op < eop) {
+ bytesconsumed = mbrtowc(&nextchar, op,
+- (size_t)(eop - op), &state);
+- if (bytesconsumed == (size_t)(-1) ||
+- bytesconsumed == (size_t)(-2)) {
++ CAST(size_t, eop - op), &state);
++ if (bytesconsumed == CAST(size_t, -1) ||
++ bytesconsumed == CAST(size_t, -2)) {
+ mb_conv = 0;
+ break;
+ }
+@@ -423,7 +423,7 @@
+ #endif
+
+ for (np = ms->o.pbuf, op = ms->o.buf; *op;) {
+- if (isprint((unsigned char)*op)) {
++ if (isprint(CAST(unsigned char, *op))) {
+ *np++ = *op++;
+ } else {
+ OCTALIFY(np, op);
+@@ -584,7 +584,7 @@
+ file_printable(char *buf, size_t bufsiz, const char *str, size_t slen)
+ {
+ char *ptr, *eptr = buf + bufsiz - 1;
+- const unsigned char *s = (const unsigned char *)str;
++ const unsigned char *s = RCAST(const unsigned char *, str);
+ const unsigned char *es = s + slen;
+
+ for (ptr = buf; ptr < eptr && s < es && *s; s++) {
+--- a/src/is_tar.c
++++ b/src/is_tar.c
+@@ -92,7 +92,8 @@
+ private int
+ is_tar(const unsigned char *buf, size_t nbytes)
+ {
+- const union record *header = (const union record *)(const void *)buf;
++ const union record *header = RCAST(const union record *,
++ RCAST(const void *, buf));
+ size_t i;
+ int sum, recsum;
+ const unsigned char *p, *ep;
+@@ -141,7 +142,7 @@
+ if (digs == 0)
+ return -1;
+
+- while (isspace((unsigned char)*where)) { /* Skip spaces */
++ while (isspace(CAST(unsigned char, *where))) { /* Skip spaces */
+ where++;
+ if (digs-- == 0)
+ return -1; /* All blank field */
+@@ -152,7 +153,7 @@
+ digs--;
+ }
+
+- if (digs > 0 && *where && !isspace((unsigned char)*where))
++ if (digs > 0 && *where && !isspace(CAST(unsigned char, *where)))
+ return -1; /* Ended on non-(space/NUL) */
+
+ return value;
+--- a/src/magic.c
++++ b/src/magic.c
+@@ -314,7 +314,8 @@
+ {
+ if (ms == NULL)
+ return -1;
+- return buffer_apprentice(ms, (struct magic **)bufs, sizes, nbufs);
++ return buffer_apprentice(ms, RCAST(struct magic **, bufs),
++ sizes, nbufs);
+ }
+ #endif
+
+@@ -407,7 +408,7 @@
+ struct stat sb;
+ ssize_t nbytes = 0; /* number of bytes read from a datafile */
+ int ispipe = 0;
+- off_t pos = (off_t)-1;
++ off_t pos = CAST(off_t, -1);
+
+ if (file_reset(ms) == -1)
+ goto out;
+@@ -440,7 +441,7 @@
+ if (fstat(fd, &sb) == 0 && S_ISFIFO(sb.st_mode))
+ ispipe = 1;
+ else
+- pos = lseek(fd, (off_t)0, SEEK_CUR);
++ pos = lseek(fd, CAST(off_t, 0), SEEK_CUR);
+ } else {
+ int flags = O_RDONLY|O_BINARY|O_NONBLOCK;
+ errno = 0;
+@@ -480,8 +481,8 @@
+ if (ispipe) {
+ ssize_t r = 0;
+
+- while ((r = sread(fd, (void *)&buf[nbytes],
+- (size_t)(ms->bytes_max - nbytes), 1)) > 0) {
++ while ((r = sread(fd, RCAST(void *, &buf[nbytes]),
++ CAST(size_t, ms->bytes_max - nbytes), 1)) > 0) {
+ nbytes += r;
+ if (r < PIPE_BUF) break;
+ }
+@@ -501,7 +502,7 @@
+ _isatty(fd) ? 8 * 1024 :
+ #endif
+ ms->bytes_max;
+- if ((nbytes = read(fd, (char *)buf, howmany)) == -1) {
++ if ((nbytes = read(fd, RCAST(void *, buf), howmany)) == -1) {
+ if (inname == NULL && fd != STDIN_FILENO)
+ file_error(ms, errno, "cannot read fd %d", fd);
+ else
+@@ -512,13 +513,13 @@
+ }
+
+ (void)memset(buf + nbytes, 0, SLOP); /* NUL terminate */
+- if (file_buffer(ms, fd, inname, buf, (size_t)nbytes) == -1)
++ if (file_buffer(ms, fd, inname, buf, CAST(size_t, nbytes)) == -1)
+ goto done;
+ rv = 0;
+ done:
+ free(buf);
+ if (fd != -1) {
+- if (pos != (off_t)-1)
++ if (pos != CAST(off_t, -1))
+ (void)lseek(fd, pos, SEEK_SET);
+ close_and_restore(ms, inname, fd, &sb);
+ }
+@@ -585,25 +586,25 @@
+ {
+ switch (param) {
+ case MAGIC_PARAM_INDIR_MAX:
+- ms->indir_max = (uint16_t)*(const size_t *)val;
++ ms->indir_max = CAST(uint16_t, *CAST(const size_t *, val));
+ return 0;
+ case MAGIC_PARAM_NAME_MAX:
+- ms->name_max = (uint16_t)*(const size_t *)val;
++ ms->name_max = CAST(uint16_t, *CAST(const size_t *, val));
+ return 0;
+ case MAGIC_PARAM_ELF_PHNUM_MAX:
+- ms->elf_phnum_max = (uint16_t)*(const size_t *)val;
++ ms->elf_phnum_max = CAST(uint16_t, *CAST(const size_t *, val));
+ return 0;
+ case MAGIC_PARAM_ELF_SHNUM_MAX:
+- ms->elf_shnum_max = (uint16_t)*(const size_t *)val;
++ ms->elf_shnum_max = CAST(uint16_t, *CAST(const size_t *, val));
+ return 0;
+ case MAGIC_PARAM_ELF_NOTES_MAX:
+- ms->elf_notes_max = (uint16_t)*(const size_t *)val;
++ ms->elf_notes_max = CAST(uint16_t, *CAST(const size_t *, val));
+ return 0;
+ case MAGIC_PARAM_REGEX_MAX:
+- ms->regex_max = (uint16_t)*(const size_t *)val;
++ ms->regex_max = CAST(uint16_t, *CAST(const size_t *, val));
+ return 0;
+ case MAGIC_PARAM_BYTES_MAX:
+- ms->bytes_max = *(const size_t *)val;
++ ms->bytes_max = *CAST(const size_t *, val);
+ return 0;
+ default:
+ errno = EINVAL;
+@@ -616,25 +617,25 @@
+ {
+ switch (param) {
+ case MAGIC_PARAM_INDIR_MAX:
+- *(size_t *)val = ms->indir_max;
++ *CAST(size_t *, val) = ms->indir_max;
+ return 0;
+ case MAGIC_PARAM_NAME_MAX:
+- *(size_t *)val = ms->name_max;
++ *CAST(size_t *, val) = ms->name_max;
+ return 0;
+ case MAGIC_PARAM_ELF_PHNUM_MAX:
+- *(size_t *)val = ms->elf_phnum_max;
++ *CAST(size_t *, val) = ms->elf_phnum_max;
+ return 0;
+ case MAGIC_PARAM_ELF_SHNUM_MAX:
+- *(size_t *)val = ms->elf_shnum_max;
++ *CAST(size_t *, val) = ms->elf_shnum_max;
+ return 0;
+ case MAGIC_PARAM_ELF_NOTES_MAX:
+- *(size_t *)val = ms->elf_notes_max;
++ *CAST(size_t *, val) = ms->elf_notes_max;
+ return 0;
+ case MAGIC_PARAM_REGEX_MAX:
+- *(size_t *)val = ms->regex_max;
++ *CAST(size_t *, val) = ms->regex_max;
+ return 0;
+ case MAGIC_PARAM_BYTES_MAX:
+- *(size_t *)val = ms->bytes_max;
++ *CAST(size_t *, val) = ms->bytes_max;
+ return 0;
+ default:
+ errno = EINVAL;
+--- a/src/print.c
++++ b/src/print.c
+@@ -65,7 +65,7 @@
+ if (m->in_op & FILE_OPINVERSE)
+ (void) fputc('~', stderr);
+ (void) fprintf(stderr, "%c%u),",
+- ((size_t)(m->in_op & FILE_OPS_MASK) <
++ (CAST(size_t, m->in_op & FILE_OPS_MASK) <
+ SZOF(optyp)) ? optyp[m->in_op & FILE_OPS_MASK] : '?',
+ m->in_offset);
+ }
+@@ -112,14 +112,14 @@
+ (void) fprintf(stderr, "/%u", m->str_range);
+ }
+ else {
+- if ((size_t)(m->mask_op & FILE_OPS_MASK) < SZOF(optyp))
++ if (CAST(size_t, m->mask_op & FILE_OPS_MASK) < SZOF(optyp))
+ (void) fputc(optyp[m->mask_op & FILE_OPS_MASK], stderr);
+ else
+ (void) fputc('?', stderr);
+
+ if (m->num_mask) {
+ (void) fprintf(stderr, "%.8llx",
+- (unsigned long long)m->num_mask);
++ CAST(unsigned long long, m->num_mask));
+ }
+ }
+ (void) fprintf(stderr, ",%c", m->reln);
+@@ -141,7 +141,7 @@
+ case FILE_LEQUAD:
+ case FILE_QUAD:
+ (void) fprintf(stderr, "%" INT64_T_FORMAT "d",
+- (unsigned long long)m->value.q);
++ CAST(long long, m->value.q));
+ break;
+ case FILE_PSTRING:
+ case FILE_STRING:
+@@ -149,7 +149,8 @@
+ case FILE_BESTRING16:
+ case FILE_LESTRING16:
+ case FILE_SEARCH:
+- file_showstr(stderr, m->value.s, (size_t)m->vallen);
++ file_showstr(stderr, m->value.s,
++ CAST(size_t, m->vallen));
+ break;
+ case FILE_DATE:
+ case FILE_LEDATE:
+@@ -221,7 +222,7 @@
+
+ if (ms->file)
+ (void) fprintf(stderr, "%s, %lu: ", ms->file,
+- (unsigned long)ms->line);
++ CAST(unsigned long, ms->line));
+ (void) fprintf(stderr, "Warning: ");
+ va_start(va, f);
+ (void) vfprintf(stderr, f, va);
+@@ -243,7 +244,7 @@
+ } else {
+ // XXX: perhaps detect and print something if overflow
+ // on 32 bit time_t?
+- t = (time_t)v;
++ t = CAST(time_t, v);
+ }
+
+ if (flags & FILE_T_LOCAL) {
+--- a/src/readcdf.c
++++ b/src/readcdf.c
+@@ -204,7 +204,7 @@
+ && len--; s += k) {
+ if (*s == '\0')
+ break;
+- if (isprint((unsigned char)*s))
++ if (isprint(CAST(unsigned char, *s)))
+ vbuf[j++] = *s;
+ }
+ if (j == sizeof(vbuf))
+@@ -318,19 +318,19 @@
+ case 2:
+ if (file_printf(ms, ", Os: Windows, Version %d.%d",
+ si.si_os_version & 0xff,
+- (uint32_t)si.si_os_version >> 8) == -1)
++ CAST(uint32_t, si.si_os_version) >> 8) == -1)
+ return -2;
+ break;
+ case 1:
+ if (file_printf(ms, ", Os: MacOS, Version %d.%d",
+- (uint32_t)si.si_os_version >> 8,
++ CAST(uint32_t, si.si_os_version) >> 8,
+ si.si_os_version & 0xff) == -1)
+ return -2;
+ break;
+ default:
+ if (file_printf(ms, ", Os %d, Version: %d.%d",
si.si_os,
+ si.si_os_version & 0xff,
+- (uint32_t)si.si_os_version >> 8) == -1)
++ CAST(uint32_t, si.si_os_version) >> 8) == -1)
+ return -2;
+ break;
+ }
+@@ -406,7 +406,7 @@
+ for (j = 0; str == NULL && j < dir->dir_len; j++) {
+ d = &dir->dir_tab[j];
+ for (k = 0; k < sizeof(name); k++)
+- name[k] = (char)cdf_tole2(d->d_name[k]);
++ name[k] = CAST(char, cdf_tole2(d->d_name[k]));
+ str = cdf_app_to_mime(name,
+ NOTMIME(ms) ? name2desc : name2mime);
+ }
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -368,9 +368,9 @@
+ }
+ offset = 0;
+ for (;;) {
+- if (offset >= (size_t)bufsize)
++ if (offset >= CAST(size_t, bufsize))
+ break;
+- offset = donote(ms, nbuf, offset, (size_t)bufsize,
++ offset = donote(ms, nbuf, offset, CAST(size_t, bufsize),
+ clazz, swap, 4, flags, notecount, fd, ph_off,
+ ph_num, fsize);
+ if (offset == 0)
+@@ -508,7 +508,7 @@
+ int swap __attribute__((__unused__)), uint32_t namesz, uint32_t descsz,
+ size_t noff, size_t doff, int *flags)
+ {
+- if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
++ if (namesz == 4 && strcmp(RCAST(char *, &nbuf[noff]), "GNU") == 0 &&
+ type == NT_GNU_BUILD_ID && (descsz >= 4 && descsz <= 20)) {
+ uint8_t desc[20];
+ const char *btype;
+@@ -544,7 +544,9 @@
+ int swap, uint32_t namesz, uint32_t descsz,
+ size_t noff, size_t doff, int *flags)
+ {
+- if (namesz == 5 && strcmp((char *)&nbuf[noff], "SuSE") == 0 &&
++ const char *name = RCAST(const char *, &nbuf[noff]);
++
++ if (namesz == 5 && strcmp(name, "SuSE") == 0 &&
+ type == NT_GNU_VERSION && descsz == 2) {
+ *flags |= FLAGS_DID_OS_NOTE;
+ if (file_printf(ms, ", for SuSE %d.%d", nbuf[doff],
+@@ -553,7 +555,7 @@
+ return 1;
+ }
+
+- if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
++ if (namesz == 4 && strcmp(name, "GNU") == 0 &&
+ type == NT_GNU_VERSION && descsz == 16) {
+ uint32_t desc[4];
+ (void)memcpy(desc, &nbuf[doff], sizeof(desc));
+@@ -592,7 +594,7 @@
+ return 1;
+ }
+
+- if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) {
++ if (namesz == 7 && strcmp(name, "NetBSD") == 0) {
+ if (type == NT_NETBSD_VERSION && descsz == 4) {
+ *flags |= FLAGS_DID_OS_NOTE;
+ do_note_netbsd_version(ms, swap, &nbuf[doff]);
+@@ -600,7 +602,7 @@
+ }
+ }
+
+- if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0) {
++ if (namesz == 8 && strcmp(name, "FreeBSD") == 0) {
+ if (type == NT_FREEBSD_VERSION && descsz == 4) {
+ *flags |= FLAGS_DID_OS_NOTE;
+ do_note_freebsd_version(ms, swap, &nbuf[doff]);
+@@ -608,7 +610,7 @@
+ }
+ }
+
+- if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 &&
++ if (namesz == 8 && strcmp(name, "OpenBSD") == 0 &&
+ type == NT_OPENBSD_VERSION && descsz == 4) {
+ *flags |= FLAGS_DID_OS_NOTE;
+ if (file_printf(ms, ", for OpenBSD") == -1)
+@@ -617,7 +619,7 @@
+ return 1;
+ }
+
+- if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 &&
++ if (namesz == 10 && strcmp(name, "DragonFly") == 0 &&
+ type == NT_DRAGONFLY_VERSION && descsz == 4) {
+ uint32_t desc;
+ *flags |= FLAGS_DID_OS_NOTE;
+@@ -638,7 +640,9 @@
+ int swap, uint32_t namesz, uint32_t descsz,
+ size_t noff, size_t doff, int *flags)
+ {
+- if (namesz == 4 && strcmp((char *)&nbuf[noff], "PaX") == 0 &&
++ const char *name = RCAST(const char *, &nbuf[noff]);
++
++ if (namesz == 4 && strcmp(name, "PaX") == 0 &&
+ type == NT_NETBSD_PAX && descsz == 4) {
+ static const char *pax[] = {
+ "+mprotect",
+@@ -660,7 +664,7 @@
+ return 1;
+
+ for (i = 0; i < __arraycount(pax); i++) {
+- if (((1 << (int)i) & desc) == 0)
++ if (((1 << CAST(int, i)) & desc) == 0)
+ continue;
+ if (file_printf(ms, "%s%s", did++ ? "," : "",
+ pax[i]) == -1)
+@@ -677,6 +681,8 @@
+ size_t noff, size_t doff, int *flags, size_t size, int clazz)
+ {
+ #ifdef ELFCORE
++ const char *name = RCAST(const char *, &nbuf[noff]);
++
+ int os_style = -1;
+ /*
+ * Sigh. The 2.0.36 kernel in Debian 2.1, at
+@@ -692,16 +698,16 @@
+ * doesn't include the terminating null in the
+ * name....
+ */
+- if ((namesz == 4 && strncmp((char *)&nbuf[noff], "CORE", 4) == 0) ||
+- (namesz == 5 && strcmp((char *)&nbuf[noff], "CORE") == 0)) {
++ if ((namesz == 4 && strncmp(name, "CORE", 4) == 0) ||
++ (namesz == 5 && strcmp(name, "CORE") == 0)) {
+ os_style = OS_STYLE_SVR4;
+ }
+
+- if ((namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0)) {
++ if ((namesz == 8 && strcmp(name, "FreeBSD") == 0)) {
+ os_style = OS_STYLE_FREEBSD;
+ }
+
+- if ((namesz >= 11 && strncmp((char *)&nbuf[noff], "NetBSD-CORE", 11)
++ if ((namesz >= 11 && strncmp(name, "NetBSD-CORE", 11)
+ == 0)) {
+ os_style = OS_STYLE_NETBSD;
+ }
+@@ -725,7 +731,7 @@
+ */
+ if (file_printf(ms, ", from '%.31s'",
+ file_printable(sbuf, sizeof(sbuf),
+- (const char *)&nbuf[doff + 0x7c], 32)) == -1)
++ RCAST(const char *, &nbuf[doff + 0x7c]), 32)) == -1)
+ return 1;
+
+ /*
+@@ -824,8 +830,8 @@
+ i = k;
+ }
+
+- cname = (unsigned char *)
+- &nbuf[doff + prpsoffsets(i)];
++ cname = CAST(unsigned char *,
++ &nbuf[doff + prpsoffsets(i)]);
+ for (cp = cname; cp < nbuf + size && *cp
+ && isprint(*cp); cp++)
+ continue;
+@@ -836,7 +842,7 @@
+ while (cp > cname && isspace(cp[-1]))
+ cp--;
+ if (file_printf(ms, ", from '%.*s'",
+- (int)(cp - cname), cname) == -1)
++ CAST(int, cp - cname), cname) == -1)
+ return 1;
+ *flags |= FLAGS_DID_CORE;
+ return 1;
+@@ -863,7 +869,8 @@
+ * virtual address in which the "virtaddr" belongs to.
+ */
+ for ( ; num; num--) {
+- if (pread(fd, xph_addr, xph_sizeof, off) < (ssize_t)xph_sizeof)
{
++ if (pread(fd, xph_addr, xph_sizeof, off) <
++ CAST(ssize_t, xph_sizeof)) {
+ file_badread(ms);
+ return -1;
+ }
+@@ -903,7 +910,7 @@
+
+ /* We expect only printable characters, so return if buffer contains
+ * non-printable character before the '\0' or just '\0'. */
+- for (bptr = buf; *bptr && isprint((unsigned char)*bptr); bptr++)
++ for (bptr = buf; *bptr && isprint(CAST(unsigned char, *bptr)); bptr++)
+ continue;
+ if (*bptr != '\0')
+ return 0;
+@@ -988,8 +995,8 @@
+ if (file_printf(ms, ", %s: '%s'", tag, buf) == -1)
+ return 0;
+ } else {
+- if (file_printf(ms, ", %s: %d", tag, (int) xauxv_val)
+- == -1)
++ if (file_printf(ms, ", %s: %d", tag,
++ CAST(int, xauxv_val)) == -1)
+ return 0;
+ }
+ }
+@@ -1525,7 +1532,7 @@
+ */
+ offset = 0;
+ for (;;) {
+- if (offset >= (size_t)bufsize)
++ if (offset >= CAST(size_t, bufsize))
+ break;
+ offset = donote(ms, nbuf, offset,
+ (size_t)bufsize, clazz, swap, align,
+--- a/src/softmagic.c
++++ b/src/softmagic.c
+@@ -63,24 +63,46 @@
+ private int cvt_32(union VALUETYPE *, const struct magic *);
+ private int cvt_64(union VALUETYPE *, const struct magic *);
+
+-#define OFFSET_OOB(n, o, i) ((n) < (uint32_t)(o) || (i) > ((n) - (o)))
+-#define BE64(p) (((uint64_t)(p)->hq[0]<<56)|((uint64_t)(p)->hq[1]<<48)| \
+- ((uint64_t)(p)->hq[2]<<40)|((uint64_t)(p)->hq[3]<<32)| \
+- ((uint64_t)(p)->hq[4]<<24)|((uint64_t)(p)->hq[5]<<16)| \
+- ((uint64_t)(p)->hq[6]<<8)|((uint64_t)(p)->hq[7]))
+-#define LE64(p) (((uint64_t)(p)->hq[7]<<56)|((uint64_t)(p)->hq[6]<<48)| \
+- ((uint64_t)(p)->hq[5]<<40)|((uint64_t)(p)->hq[4]<<32)| \
+- ((uint64_t)(p)->hq[3]<<24)|((uint64_t)(p)->hq[2]<<16)| \
+- ((uint64_t)(p)->hq[1]<<8)|((uint64_t)(p)->hq[0]))
+-#define LE32(p) (((uint32_t)(p)->hl[3]<<24)|((uint32_t)(p)->hl[2]<<16)| \
+- ((uint32_t)(p)->hl[1]<<8)|((uint32_t)(p)->hl[0]))
+-#define BE32(p) (((uint32_t)(p)->hl[0]<<24)|((uint32_t)(p)->hl[1]<<16)| \
+- ((uint32_t)(p)->hl[2]<<8)|((uint32_t)(p)->hl[3]))
+-#define ME32(p) (((uint32_t)(p)->hl[1]<<24)|((uint32_t)(p)->hl[0]<<16)| \
+- ((uint32_t)(p)->hl[3]<<8)|((uint32_t)(p)->hl[2]))
+-#define BE16(p) (((uint16_t)(p)->hs[0]<<8)|((uint16_t)(p)->hs[1]))
+-#define LE16(p) (((uint16_t)(p)->hs[1]<<8)|((uint16_t)(p)->hs[0]))
+-#define SEXT(s,v,p) ((s)?(intmax_t)(int##v##_t)(p):(intmax_t)(uint##v##_t)(p))
++#define OFFSET_OOB(n, o, i) ((n) < CAST(uint32_t, (o)) || (i) > ((n) - (o)))
++#define BE64(p) ( \
++ (CAST(uint64_t, (p)->hq[0])<<56)| \
++ (CAST(uint64_t, (p)->hq[1])<<48)| \
++ (CAST(uint64_t, (p)->hq[2])<<40)| \
++ (CAST(uint64_t, (p)->hq[3])<<32)| \
++ (CAST(uint64_t, (p)->hq[4])<<24)| \
++ (CAST(uint64_t, (p)->hq[5])<<16)| \
++ (CAST(uint64_t, (p)->hq[6])<<8)| \
++ (CAST(uint64_t, (p)->hq[7])))
++#define LE64(p) ( \
++ (CAST(uint64_t, (p)->hq[7])<<56)| \
++ (CAST(uint64_t, (p)->hq[6])<<48)| \
++ (CAST(uint64_t, (p)->hq[5])<<40)| \
++ (CAST(uint64_t, (p)->hq[4])<<32)| \
++ (CAST(uint64_t, (p)->hq[3])<<24)| \
++ (CAST(uint64_t, (p)->hq[2])<<16)| \
++ (CAST(uint64_t, (p)->hq[1])<<8)| \
++ (CAST(uint64_t, (p)->hq[0])))
++#define LE32(p) ( \
++ (CAST(uint32_t, (p)->hl[3])<<24)| \
++ (CAST(uint32_t, (p)->hl[2])<<16)| \
++ (CAST(uint32_t, (p)->hl[1])<<8)| \
++ (CAST(uint32_t, (p)->hl[0])))
++#define BE32(p) ( \
++ (CAST(uint32_t, (p)->hl[0])<<24)| \
++ (CAST(uint32_t, (p)->hl[1])<<16)| \
++ (CAST(uint32_t, (p)->hl[2])<<8)| \
++ (CAST(uint32_t, (p)->hl[3])))
++#define ME32(p) ( \
++ (CAST(uint32_t, (p)->hl[1])<<24)| \
++ (CAST(uint32_t, (p)->hl[0])<<16)| \
++ (CAST(uint32_t, (p)->hl[3])<<8)| \
++ (CAST(uint32_t, (p)->hl[2])))
++
++#define BE16(p) ((CAST(uint16_t, (p)->hs[0])<<8)|(CAST(uint16_t, (p)->hs[1])))
++#define LE16(p) ((CAST(uint16_t, (p)->hs[1])<<8)|(CAST(uint16_t, (p)->hs[0])))
++#define SEXT(s,v,p) ((s) ? \
++ CAST(intmax_t, CAST(int##v##_t, p)) : \
++ CAST(intmax_t, CAST(uint##v##_t, p)))
+
+ /*
+ * softmagic - lookup one file in parsed, in-memory copy of database
+@@ -525,13 +547,13 @@
+ return -1;
+ case 1:
+ (void)snprintf(buf, sizeof(buf), "%" INT64_T_FORMAT "u",
+- (unsigned long long)v);
++ CAST(unsigned long long, v));
+ if (file_printf(ms, F(ms, m, "%s"), buf) == -1)
+ return -1;
+ break;
+ default:
+ if (file_printf(ms, F(ms, m, "%" INT64_T_FORMAT "u"),
+- (unsigned long long) v) == -1)
++ CAST(unsigned long long, v)) == -1)
+ return -1;
+ break;
+ }
+@@ -560,13 +582,13 @@
+
+ if (m->str_flags & STRING_TRIM) {
+ char *last;
+- while (isspace((unsigned char)*str))
++ while (isspace(CAST(unsigned char, *str)))
+ str++;
+ last = str;
+ while (*last)
+ last++;
+ --last;
+- while (isspace((unsigned char)*last))
++ while (isspace(CAST(unsigned char, *last)))
+ last--;
+ *++last = '\0';
+ }
+@@ -673,7 +695,8 @@
+ char *cp;
+ int rval;
+
+- cp = strndup((const char *)ms->search.s, ms->search.rm_len);
++ cp = strndup(RCAST(const char *, ms->search.s),
++ ms->search.rm_len);
+ if (cp == NULL) {
+ file_oomem(ms, ms->search.rm_len);
+ return -1;
+@@ -715,7 +738,7 @@
+ file_magerror(ms, "invalid m->type (%d) in mprint()", m->type);
+ return -1;
+ }
+- return (int32_t)t;
++ return CAST(int32_t, t);
+ }
+
+ private int
+@@ -760,7 +783,8 @@
+ p->s[strcspn(p->s, "\r\n")] = '\0';
+ o = CAST(uint32_t, (ms->offset + strlen(p->s)));
+ if (m->type == FILE_PSTRING)
+- o += (uint32_t)file_pstring_length_size(m);
++ o += CAST(uint32_t,
++ file_pstring_length_size(m));
+ }
+ break;
+
+@@ -826,7 +850,7 @@
+ case FILE_DER:
+ {
+ o = der_offs(ms, m, nbytes);
+- if (o == -1 || (size_t)o > nbytes) {
++ if (o == -1 || CAST(size_t, o) > nbytes) {
+ if ((ms->flags & MAGIC_DEBUG) != 0) {
+ (void)fprintf(stderr,
+ "Bad DER offset %d nbytes=%zu",
+@@ -843,7 +867,7 @@
+ break;
+ }
+
+- if ((size_t)o > nbytes) {
++ if (CAST(size_t, o) > nbytes) {
+ #if 0
+ file_error(ms, 0, "Offset out of range %zu > %zu",
+ (size_t)o, nbytes);
+@@ -916,36 +940,36 @@
+ return type;
+ }
+ }
+-#define DO_CVT(fld, cast) \
++#define DO_CVT(fld, type) \
+ if (m->num_mask) \
+ switch (m->mask_op & FILE_OPS_MASK) { \
+ case FILE_OPAND: \
+- p->fld &= cast m->num_mask; \
++ p->fld &= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPOR: \
+- p->fld |= cast m->num_mask; \
++ p->fld |= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPXOR: \
+- p->fld ^= cast m->num_mask; \
++ p->fld ^= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPADD: \
+- p->fld += cast m->num_mask; \
++ p->fld += CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPMINUS: \
+- p->fld -= cast m->num_mask; \
++ p->fld -= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPMULTIPLY: \
+- p->fld *= cast m->num_mask; \
++ p->fld *= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPDIVIDE: \
+- if (cast m->num_mask == 0) \
++ if (CAST(type, m->num_mask) == 0) \
+ return -1; \
+- p->fld /= cast m->num_mask; \
++ p->fld /= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPMODULO: \
+- if (cast m->num_mask == 0) \
++ if (CAST(type, m->num_mask) == 0) \
+ return -1; \
+- p->fld %= cast m->num_mask; \
++ p->fld %= CAST(type, m->num_mask); \
+ break; \
+ } \
+ if (m->mask_op & FILE_OPINVERSE) \
+@@ -954,61 +978,61 @@
+ private int
+ cvt_8(union VALUETYPE *p, const struct magic *m)
+ {
+- DO_CVT(b, (uint8_t));
++ DO_CVT(b, uint8_t);
+ return 0;
+ }
+
+ private int
+ cvt_16(union VALUETYPE *p, const struct magic *m)
+ {
+- DO_CVT(h, (uint16_t));
++ DO_CVT(h, uint16_t);
+ return 0;
+ }
+
+ private int
+ cvt_32(union VALUETYPE *p, const struct magic *m)
+ {
+- DO_CVT(l, (uint32_t));
++ DO_CVT(l, uint32_t);
+ return 0;
+ }
+
+ private int
+ cvt_64(union VALUETYPE *p, const struct magic *m)
+ {
+- DO_CVT(q, (uint64_t));
++ DO_CVT(q, uint64_t);
+ return 0;
+ }
+
+-#define DO_CVT2(fld, cast) \
++#define DO_CVT2(fld, type) \
+ if (m->num_mask) \
+ switch (m->mask_op & FILE_OPS_MASK) { \
+ case FILE_OPADD: \
+- p->fld += cast m->num_mask; \
++ p->fld += CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPMINUS: \
+- p->fld -= cast m->num_mask; \
++ p->fld -= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPMULTIPLY: \
+- p->fld *= cast m->num_mask; \
++ p->fld *= CAST(type, m->num_mask); \
+ break; \
+ case FILE_OPDIVIDE: \
+- if (cast m->num_mask == 0) \
++ if (CAST(type, m->num_mask) == 0) \
+ return -1; \
+- p->fld /= cast m->num_mask; \
++ p->fld /= CAST(type, m->num_mask); \
+ break; \
+ } \
+
+ private int
+ cvt_float(union VALUETYPE *p, const struct magic *m)
+ {
+- DO_CVT2(f, (float));
++ DO_CVT2(f, float);
+ return 0;
+ }
+
+ private int
+ cvt_double(union VALUETYPE *p, const struct magic *m)
+ {
+- DO_CVT2(d, (double));
++ DO_CVT2(d, double);
+ return 0;
+ }
+
+@@ -1073,14 +1097,14 @@
+ return 1;
+ }
+ case FILE_BESHORT:
+- p->h = (short)BE16(p);
++ p->h = CAST(short, BE16(p));
+ if (cvt_16(p, m) == -1)
+ goto out;
+ return 1;
+ case FILE_BELONG:
+ case FILE_BEDATE:
+ case FILE_BELDATE:
+- p->l = (int32_t)BE32(p);
++ p->l = CAST(int32_t, BE32(p));
+ if (cvt_32(p, m) == -1)
+ goto out;
+ return 1;
+@@ -1088,19 +1112,19 @@
+ case FILE_BEQDATE:
+ case FILE_BEQLDATE:
+ case FILE_BEQWDATE:
+- p->q = (uint64_t)BE64(p);
++ p->q = CAST(uint64_t, BE64(p));
+ if (cvt_64(p, m) == -1)
+ goto out;
+ return 1;
+ case FILE_LESHORT:
+- p->h = (short)LE16(p);
++ p->h = CAST(short, LE16(p));
+ if (cvt_16(p, m) == -1)
+ goto out;
+ return 1;
+ case FILE_LELONG:
+ case FILE_LEDATE:
+ case FILE_LELDATE:
+- p->l = (int32_t)LE32(p);
++ p->l = CAST(int32_t, LE32(p));
+ if (cvt_32(p, m) == -1)
+ goto out;
+ return 1;
+@@ -1108,14 +1132,14 @@
+ case FILE_LEQDATE:
+ case FILE_LEQLDATE:
+ case FILE_LEQWDATE:
+- p->q = (uint64_t)LE64(p);
++ p->q = CAST(uint64_t, LE64(p));
+ if (cvt_64(p, m) == -1)
+ goto out;
+ return 1;
+ case FILE_MELONG:
+ case FILE_MEDATE:
+ case FILE_MELDATE:
+- p->l = (int32_t)ME32(p);
++ p->l = CAST(int32_t, ME32(p));
+ if (cvt_32(p, m) == -1)
+ goto out;
+ return 1;
+@@ -1294,7 +1318,7 @@
+ * might even cause problems
+ */
+ if (nbytes < sizeof(*p))
+- (void)memset(((char *)(void *)p) + nbytes, '\0',
++ (void)memset(RCAST(char *, RCAST(void *, p)) + nbytes, '\0',
+ sizeof(*p) - nbytes);
+ return 0;
+ }
+@@ -1335,7 +1359,7 @@
+ if (m->in_op & FILE_OPINVERSE)
+ offset = ~offset;
+
+- return (uint32_t)offset;
++ return CAST(uint32_t, offset);
+ }
+
+ private int
+@@ -1648,8 +1672,8 @@
+ * the ctype functions will work correctly without extra
+ * casting.
+ */
+- const unsigned char *a = (const unsigned char *)s1;
+- const unsigned char *b = (const unsigned char *)s2;
++ const unsigned char *a = RCAST(const unsigned char *, s1);
++ const unsigned char *b = RCAST(const unsigned char *, s2);
+ const unsigned char *eb = b + len;
+ uint64_t v;
+
+@@ -1844,13 +1868,15 @@
+ case FILE_STRING:
+ case FILE_PSTRING:
+ l = 0;
+- v = file_strncmp(m->value.s, p->s, (size_t)m->vallen,
m->str_flags);
++ v = file_strncmp(m->value.s, p->s, CAST(size_t, m->vallen),
++ m->str_flags);
+ break;
+
+ case FILE_BESTRING16:
+ case FILE_LESTRING16:
+ l = 0;
+- v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen,
m->str_flags);
++ v = file_strncmp16(m->value.s, p->s, CAST(size_t, m->vallen),
++ m->str_flags);
+ break;
+
+ case FILE_SEARCH: { /* search ms->search.s for the string m->value.s */
+@@ -1892,7 +1918,7 @@
+ ((m->str_flags & STRING_IGNORE_CASE) ? REG_ICASE : 0));
+ if (rc) {
+ file_regerror(&rx, rc, ms);
+- v = (uint64_t)-1;
++ v = CAST(uint64_t, -1);
+ } else {
+ regmatch_t pmatch;
+ size_t slen = ms->search.s_len;
+@@ -1913,15 +1939,15 @@
+ search = CCAST(char *, "");
+ copy = NULL;
+ }
+- rc = file_regexec(&rx, (const char *)search,
++ rc = file_regexec(&rx, RCAST(const char *, search),
+ 1, &pmatch, 0);
+ free(copy);
+ switch (rc) {
+ case 0:
+- ms->search.s += (int)pmatch.rm_so;
+- ms->search.offset += (size_t)pmatch.rm_so;
+- ms->search.rm_len =
+- (size_t)(pmatch.rm_eo - pmatch.rm_so);
++ ms->search.s += CAST(int, pmatch.rm_so);
++ ms->search.offset += CAST(size_t, pmatch.rm_so);
++ ms->search.rm_len = CAST(size_t,
++ pmatch.rm_eo - pmatch.rm_so);
+ v = 0;
+ break;
+
+@@ -1931,12 +1957,12 @@
+
+ default:
+ file_regerror(&rx, rc, ms);
+- v = (uint64_t)-1;
++ v = CAST(uint64_t, -1);
+ break;
+ }
+ }
+ file_regfree(&rx);
+- if (v == (uint64_t)-1)
++ if (v == CAST(uint64_t, -1))
+ return -1;
+ break;
+ }
+@@ -1965,7 +1991,7 @@
+ case 'x':
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT
+- "u == *any* = 1\n", (unsigned long long)v);
++ "u == *any* = 1\n", CAST(unsigned long long, v));
+ matched = 1;
+ break;
+
+@@ -1973,16 +1999,18 @@
+ matched = v != l;
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT "u != %"
+- INT64_T_FORMAT "u = %d\n", (unsigned long long)v,
+- (unsigned long long)l, matched);
++ INT64_T_FORMAT "u = %d\n",
++ CAST(unsigned long long, v),
++ CAST(unsigned long long, l), matched);
+ break;
+
+ case '=':
+ matched = v == l;
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT "u == %"
+- INT64_T_FORMAT "u = %d\n", (unsigned long long)v,
+- (unsigned long long)l, matched);
++ INT64_T_FORMAT "u = %d\n",
++ CAST(unsigned long long, v),
++ CAST(unsigned long long, l), matched);
+ break;
+
+ case '>':
+@@ -1991,15 +2019,16 @@
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT
+ "u > %" INT64_T_FORMAT "u = %d\n",
+- (unsigned long long)v,
+- (unsigned long long)l, matched);
++ CAST(unsigned long long, v),
++ CAST(unsigned long long, l), matched);
+ }
+ else {
+- matched = (int64_t) v > (int64_t) l;
++ matched = CAST(int64_t, v) > CAST(int64_t, l);
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT
+ "d > %" INT64_T_FORMAT "d = %d\n",
+- (long long)v, (long long)l, matched);
++ CAST(long long, v),
++ CAST(long long, l), matched);
+ }
+ break;
+
+@@ -2009,15 +2038,16 @@
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT
+ "u < %" INT64_T_FORMAT "u = %d\n",
+- (unsigned long long)v,
+- (unsigned long long)l, matched);
++ CAST(unsigned long long, v),
++ CAST(unsigned long long, l), matched);
+ }
+ else {
+- matched = (int64_t) v < (int64_t) l;
++ matched = CAST(int64_t, v) < CAST(int64_t, l);
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "%" INT64_T_FORMAT
+ "d < %" INT64_T_FORMAT "d = %d\n",
+- (long long)v, (long long)l, matched);
++ CAST(long long, v),
++ CAST(long long, l), matched);
+ }
+ break;
+
+@@ -2026,8 +2056,9 @@
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "((%" INT64_T_FORMAT "x & %"
+ INT64_T_FORMAT "x) == %" INT64_T_FORMAT
+- "x) = %d\n", (unsigned long long)v,
+- (unsigned long long)l, (unsigned long long)l,
++ "x) = %d\n", CAST(unsigned long long, v),
++ CAST(unsigned long long, l),
++ CAST(unsigned long long, l),
+ matched);
+ break;
+
+@@ -2036,9 +2067,9 @@
+ if ((ms->flags & MAGIC_DEBUG) != 0)
+ (void) fprintf(stderr, "((%" INT64_T_FORMAT "x & %"
+ INT64_T_FORMAT "x) != %" INT64_T_FORMAT
+- "x) = %d\n", (unsigned long long)v,
+- (unsigned long long)l, (unsigned long long)l,
+- matched);
++ "x) = %d\n", CAST(unsigned long long, v),
++ CAST(unsigned long long, l),
++ CAST(unsigned long long, l), matched);
+ break;
+
+ default:
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,40 @@
+Subject: Fix casts and bounds check (found by oss-fuzz)
+Origin: FILE5_36-1-gecca6e54
<https://github.com/file/file/commit/FILE5_36-1-gecca6e54>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Wed Feb 20 16:15:47 2019 +0000
+
+--- a/src/encoding.c
++++ b/src/encoding.c
+@@ -430,9 +430,9 @@
+ /* XXX fix to properly handle chars > 65536 */
+
+ if (bigend)
+- ubf[(*ulen)++] = bf[i + 1] + 256 * bf[i];
++ ubf[(*ulen)++] = bf[i + 1] + (bf[i] << 8);
+ else
+- ubf[(*ulen)++] = bf[i] + 256 * bf[i + 1];
++ ubf[(*ulen)++] = bf[i] + (bf[i + 1] << 8);
+
+ if (ubf[*ulen - 1] == 0xfffe)
+ return 0;
+@@ -463,15 +463,17 @@
+
+ *ulen = 0;
+
+- for (i = 4; i + 1 < nbytes; i += 4) {
++ for (i = 4; i + 3 < nbytes; i += 4) {
+ /* XXX fix to properly handle chars > 65536 */
+
+ if (bigend)
+ ubf[(*ulen)++] = bf[i + 3] | (bf[i + 2] << 8)
+- | (bf[i + 1] << 16) | bf[i] << 24;
++ | (bf[i + 1] << 16)
++ | CAST(unichar, bf[i] << 24);
+ else
+ ubf[(*ulen)++] = bf[i] | (bf[i + 1] << 8)
+- | (bf[i + 2] << 16) | (bf[i + 3] << 24);
++ | (bf[i + 2] << 16)
++ | CAST(unichar, bf[i + 3] << 24);
+
+ if (ubf[*ulen - 1] == 0xfffe)
+ return 0;
diff -Nru
file-5.30/debian/patches/cherry-pick.FILE5_36-24-g9b2f9d6a.cast-to-unsigned-first-to-appease-ubsan-oss-fuzz.patch
file-5.30/debian/patches/cherry-pick.FILE5_36-24-g9b2f9d6a.cast-to-unsigned-first-to-appease-ubsan-oss-fuzz.patch
---
file-5.30/debian/patches/cherry-pick.FILE5_36-24-g9b2f9d6a.cast-to-unsigned-first-to-appease-ubsan-oss-fuzz.patch
1970-01-01 01:00:00.000000000 +0100
+++
file-5.30/debian/patches/cherry-pick.FILE5_36-24-g9b2f9d6a.cast-to-unsigned-first-to-appease-ubsan-oss-fuzz.patch
2019-03-18 22:15:18.000000000 +0100
@@ -0,0 +1,21 @@
+Subject: Cast to unsigned first to appease ubsan (oss-fuzz)
+Origin: FILE5_36-24-g9b2f9d6a
<https://github.com/file/file/commit/FILE5_36-24-g9b2f9d6a>
+Upstream-Author: Christos Zoulas <chris...@zoulas.com>
+Date: Sat Feb 23 21:54:05 2019 +0000
+
+--- a/src/encoding.c
++++ b/src/encoding.c
+@@ -469,11 +469,11 @@
+ if (bigend)
+ ubf[(*ulen)++] = bf[i + 3] | (bf[i + 2] << 8)
+ | (bf[i + 1] << 16)
+- | CAST(unichar, bf[i] << 24);
++ | (CAST(unichar, bf[i]) << 24);
+ else
+ ubf[(*ulen)++] = bf[i] | (bf[i + 1] << 8)
+ | (bf[i + 2] << 16)
+- | CAST(unichar, bf[i + 3] << 24);
++ | (CAST(unichar, bf[i + 3]) << 24);
+
+ if (ubf[*ulen - 1] == 0xfffe)
+ return 0;
diff -Nru
file-5.30/debian/patches/local.support-local-definitions-in-etc-magic.patch
file-5.30/debian/patches/local.support-local-definitions-in-etc-magic.patch
--- file-5.30/debian/patches/local.support-local-definitions-in-etc-magic.patch
2018-06-11 23:14:41.000000000 +0200
+++ file-5.30/debian/patches/local.support-local-definitions-in-etc-magic.patch
2019-03-18 22:15:18.000000000 +0100
@@ -25,8 +25,8 @@
+
--- a/src/apprentice.c
+++ b/src/apprentice.c
-@@ -454,7 +454,7 @@
- if (map == (struct magic_map *)-1)
+@@ -458,7 +458,7 @@
+ if (map == RCAST(struct magic_map *, -1))
return -1;
if (map == NULL) {
- if (ms->flags & MAGIC_CHECK)
diff -Nru file-5.30/debian/patches/series file-5.30/debian/patches/series
--- file-5.30/debian/patches/series 2018-06-11 23:15:30.000000000 +0200
+++ file-5.30/debian/patches/series 2019-03-18 22:15:18.000000000 +0100
@@ -14,6 +14,7 @@
cherry-pick.FILE5_30-29-g76c2d4ae.several-fixes-in-cdf-parser.patch
cherry-pick.FILE5_30-30-gc703aa9f.free-memory-on-error.patch
cherry-pick.FILE5_30-34-g22067c96.simplify-the-property-info-copy-function-and-check-for-bounds.patch
+cherry-pick.FILE5_30-37-g8a942980.retain-python-2-compatibility-factoring-out-the-conversion-functions.patch
cherry-pick.FILE5_30-38-gfd42e119.if-we-could-not-read-a-field-set-it-to-0-found-by-oss-fuzz.patch
cherry-pick.FILE5_30-39-geb973428.limit-memory-usage-more-to-satisfy-oss-fuzz.patch
cherry-pick.FILE5_30-41-g393dafa4.work-around-glibc-regex-msan-bug-regexec-returns-0-but-does-initialize-pmatch.patch
@@ -24,8 +25,40 @@
cherry-pick.FILE5_30-48-gaee11eef.fix-out-of-bounds-read-found-by-oss-fuzz.patch
cherry-pick.FILE5_30-49-gbf90083a.fix-memory-handling.patch
cherry-pick.FILE5_30-52-gd8233d09.check-one-more-read-found-by-oss-fuzz.patch
+cherry-pick.FILE5_30-56-g6623a8e0.off-by-one-reading-offset-found-by-oss-fuzz.patch
+
+cherry-pick.FILE5_31-21-g55cb70a2.add-another-bounds-check-oss-fuzz-issue-2242.patch
cherry-pick.FILE5_31-36-g35c94dc6.Fix-always-true-condition-Thomas-Jarosch.patch
+
+cherry-pick.FILE5_32-61-gfb956c0a.decrease-the-sector-limit-oss-fuzz-4577.patch
+cherry-pick.FILE5_32-65-gfc4b6e34.drop-the-limit-lower-to-satisfy-oss-fuzz-4682.patch
+
cherry-pick.FILE5_33-31-ga642587a.avoid-reading-past-the-end-of-buffer.patch
+cherry-pick.FILE5_33-34-g72e9a7fe.pr-6-tobias-out-of-boundary-read-in-der-parser.patch
+
+cherry-pick.FILE5_34-13-gcd752e7c.try-to-use-the-right-off-t-max.patch
+cherry-pick.FILE5_34-15-ge0805be4.fix-leak-on-error-found-by-coverity.patch
+cherry-pick.FILE5_34-16-g2f866ff0.better-error-handling-found-by-coverity.patch
+cherry-pick.FILE5_34-17-g54bec4a0.eliminate-toctou-by-using-fstat-and-always-opening-with-non-blocking-i-o.patch
+cherry-pick.FILE5_34-18-gbd8fafe3.check-file-printf.patch
+cherry-pick.FILE5_34-19-gfda25acb.appease-coverity-by-calling-umask-around-mkstemp-3.patch
+cherry-pick.FILE5_34-22-g7b807237.portability-fix-dont-call-qsort-with-null-0.patch
+cherry-pick.FILE5_34-32-g813f1b8a.correct-error-handling-for-file-printf-coverity.patch
+cherry-pick.FILE5_34-65-ge64f6d71.fix-use-after-free-https-runtimeverification-com.patch
+cherry-pick.FILE5_34-87-g765d2990.pr-48-tianxiaogu-avoid-zerodivide.patch
+
+cherry-pick.FILE5_35-1-g338cc788.return-0-instead-of-1-for-error-in-donote.patch
+cherry-pick.FILE5_35-2-g8d68fb4f.lint-fixes.patch
+cherry-pick.FILE5_35-3-gc7d910ee.more-lint-fixes.patch
+cherry-pick.FILE5_35-25-g48052fcf.fix-cut-n-pasto-for-regex-max-vsevolod-stakhov.patch
+cherry-pick.FILE5_35-26-g98f29456.fix-name.patch
+cherry-pick.FILE5_35-49-g3a6f62e2.fix-indirect-offset-overflow-calculation-b.patch
+cherry-pick.FILE5_35-53-gd6578152.pr-62-spinpx-limit-size-of-file-printable.patch
+cherry-pick.FILE5_35-56-gf0a26da7.pr-61-tmc-add-ucs-32-built-in-detection.patch
+cherry-pick.FILE5_35-59-g8305d1cc.use-c-casts-everywhere.patch
+
+cherry-pick.FILE5_36-1-gecca6e54.fix-casts-and-bounds-check-found-by-oss-fuzz.patch
+cherry-pick.FILE5_36-24-g9b2f9d6a.cast-to-unsigned-first-to-appease-ubsan-oss-fuzz.patch
# local modifications
local.support-local-definitions-in-etc-magic.patch
signature.asc
Description: PGP signature
