[EGIT] [core/efl] master 05/08: eina log - try and fix coverity complaint about integer overflow again

Tue, 18 Apr 2017 01:32:43 -0700 

raster pushed a commit to branch master.

http://git.enlightenment.org/core/efl.git/commit/?id=f3f032e63f7843b8bed3bbcccb58714b38b60e49

commit f3f032e63f7843b8bed3bbcccb58714b38b60e49
Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com>
Date:   Tue Apr 18 16:40:04 2017 +0900

    eina log - try and fix coverity complaint about integer overflow again
    
    it seems coverity didn't like our checks like if end - start > 0xffff
    then dont do anything. this should effectively stop any issues but
    seemingly not, so try another way to keep coverity happy.
    
    CID 1361220
---
 src/lib/eina/eina_log.c | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/lib/eina/eina_log.c b/src/lib/eina/eina_log.c
index 21553b6..50a69d5 100644
--- a/src/lib/eina/eina_log.c
+++ b/src/lib/eina/eina_log.c
@@ -1128,40 +1128,38 @@ eina_log_domain_parse_pendings(void)
    while (1)
      {
         Eina_Log_Domain_Level_Pending *p;
-        char *end = NULL;
-        char *tmp = NULL;
+        char *end = NULL, *tmp = NULL;
+        ptrdiff_t diff;
         long int level;
 
         end = strchr(start, ':');
-        if (!end)
-           break;
+        if (!end) break;
 
         // Parse level, keep going if failed
         level = strtol((char *)(end + 1), &tmp, 10);
-        if (tmp == (end + 1))
-           goto parse_end;
+        if (tmp == (end + 1)) goto parse_end;
+
+        if (start > end) break;
+        diff = end - start;
         // If the name of the log is more than 64k it's silly so give up
         // as it's pointless and in theory could overflow pointer
-        if ((end - start) > 0xffff)
-           break;
+        if (diff > (ptrdiff_t)0xffff) break;
+
         // Parse name
-        p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + (end - start) + 1);
-        if (!p)
-           break;
+        p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + diff + 1);
+        if (!p) break;
 
-        p->namelen = end - start;
-        memcpy((char *)p->name, start, end - start);
-        ((char *)p->name)[end - start] = '\0';
+        p->namelen = diff;
+        memcpy((char *)p->name, start, diff);
+        ((char *)p->name)[diff] = '\0';
         p->level = level;
 
         _pending_list = eina_inlist_append(_pending_list, EINA_INLIST_GET(p));
 
 parse_end:
         start = strchr(tmp, ',');
-        if (start)
-           start++;
-        else
-           break;
+        if (start) start++;
+        else break;
      }
 }
 

--

Reply via email to