raster pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=f3f032e63f7843b8bed3bbcccb58714b38b60e49
commit f3f032e63f7843b8bed3bbcccb58714b38b60e49 Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com> Date: Tue Apr 18 16:40:04 2017 +0900 eina log - try and fix coverity complaint about integer overflow again it seems coverity didn't like our checks like if end - start > 0xffff then dont do anything. this should effectively stop any issues but seemingly not, so try another way to keep coverity happy. CID 1361220 --- src/lib/eina/eina_log.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/src/lib/eina/eina_log.c b/src/lib/eina/eina_log.c index 21553b6..50a69d5 100644 --- a/src/lib/eina/eina_log.c +++ b/src/lib/eina/eina_log.c @@ -1128,40 +1128,38 @@ eina_log_domain_parse_pendings(void) while (1) { Eina_Log_Domain_Level_Pending *p; - char *end = NULL; - char *tmp = NULL; + char *end = NULL, *tmp = NULL; + ptrdiff_t diff; long int level; end = strchr(start, ':'); - if (!end) - break; + if (!end) break; // Parse level, keep going if failed level = strtol((char *)(end + 1), &tmp, 10); - if (tmp == (end + 1)) - goto parse_end; + if (tmp == (end + 1)) goto parse_end; + + if (start > end) break; + diff = end - start; // If the name of the log is more than 64k it's silly so give up // as it's pointless and in theory could overflow pointer - if ((end - start) > 0xffff) - break; + if (diff > (ptrdiff_t)0xffff) break; + // Parse name - p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + (end - start) + 1); - if (!p) - break; + p = malloc(sizeof(Eina_Log_Domain_Level_Pending) + diff + 1); + if (!p) break; - p->namelen = end - start; - memcpy((char *)p->name, start, end - start); - ((char *)p->name)[end - start] = '\0'; + p->namelen = diff; + memcpy((char *)p->name, start, diff); + ((char *)p->name)[diff] = '\0'; p->level = level; _pending_list = eina_inlist_append(_pending_list, EINA_INLIST_GET(p)); parse_end: start = strchr(tmp, ','); - if (start) - start++; - else - break; + if (start) start++; + else break; } } --