From 366ce99712fa7239dcec2165ec3dd0890f24161e Mon Sep 17 00:00:00 2001
From: Pete Batard <pete@akeo.ie>
Date: Tue, 7 Sep 2021 23:39:04 +0100
Subject: [PATCH] [misc] fix Coverity and CodeQL warnings

* Also make sure to build Release for static analysis.
---
 .github/workflows/codeql.yml      |  2 +-
 .github/workflows/coverity.yml    |  2 +-
 res/appstore/Package.appxmanifest |  2 +-
 src/checksum.c                    |  4 ++--
 src/ext2fs/gen_bitmap64.c         |  2 +-
 src/ext2fs/io_manager.c           |  2 +-
 src/ext2fs/mkjournal.c            |  4 ++--
 src/format_fat32.c                |  2 +-
 src/iso.c                         |  2 +-
 src/libcdio/driver/util.c         |  2 ++
 src/libcdio/iso9660/iso9660.c     |  8 ++++++++
 src/rufus.rc                      | 10 +++++-----
 12 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 09755619..accd639d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -28,7 +28,7 @@ on:
 
 env:
   SOLUTION_FILE_PATH: ./rufus.sln
-  BUILD_CONFIGURATION: Debug
+  BUILD_CONFIGURATION: Release
   TARGET_PLATFORM: x64
 
 jobs:
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 14bdd158..e14bddf3 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -16,7 +16,7 @@ on:
 env:
   SOLUTION_FILE_PATH: ./rufus.sln
   EMAIL: pete@akeo.ie
-  BUILD_CONFIGURATION: Debug
+  BUILD_CONFIGURATION: Release
   TARGET_PLATFORM: x64
   COVERITY_PROJECT_NAME: pbatard%2Frufus
 
diff --git a/res/appstore/Package.appxmanifest b/res/appstore/Package.appxmanifest
index 2d6934d7..dc919d22 100644
--- a/res/appstore/Package.appxmanifest
+++ b/res/appstore/Package.appxmanifest
@@ -11,7 +11,7 @@
   <Identity
     Name="19453.net.Rufus"
     Publisher="CN=7AC86D13-3E5A-491A-ADD5-80095C212740"
-    Version="3.16.1817.0" />
+    Version="3.16.1818.0" />
 
   <Properties>
     <DisplayName>Rufus</DisplayName>
diff --git a/src/checksum.c b/src/checksum.c
index b6c62829..375e1eb6 100644
--- a/src/checksum.c
+++ b/src/checksum.c
@@ -1351,7 +1351,7 @@ int TestChecksum(void)
 	int i, j, errors = 0;
 	uint8_t sum[MAX_HASHSIZE], *sum_expected;
 	size_t full_msg_len = strlen(test_msg);
-	char* msg = malloc(full_msg_len);
+	char* msg = malloc(full_msg_len + 1);
 	if (msg == NULL)
 		return -1;
 
@@ -1364,7 +1364,7 @@ int TestChecksum(void)
 		copy_msg_len[2] = blocksize[j] - (blocksize[j] >> 3);
 		copy_msg_len[3] = full_msg_len;
 		for (i = 0; i < 4; i++) {
-			memset(msg, 0, full_msg_len);
+			memset(msg, 0, full_msg_len + 1);
 			if (i != 0)
 				memcpy(msg, test_msg, copy_msg_len[i]);
 			HashBuffer(j, msg, copy_msg_len[i], sum);
diff --git a/src/ext2fs/gen_bitmap64.c b/src/ext2fs/gen_bitmap64.c
index 2b01a395..b2f075c9 100644
--- a/src/ext2fs/gen_bitmap64.c
+++ b/src/ext2fs/gen_bitmap64.c
@@ -946,7 +946,7 @@ errcode_t ext2fs_count_used_clusters(ext2_filsys fs, blk64_t start,
 {
 	blk64_t		next;
 	blk64_t		tot_set = 0;
-	errcode_t	retval;
+	errcode_t	retval = 0;
 
 	while (start < end) {
 		retval = ext2fs_find_first_set_block_bitmap2(fs->block_map,
diff --git a/src/ext2fs/io_manager.c b/src/ext2fs/io_manager.c
index c395d615..6b30c12f 100644
--- a/src/ext2fs/io_manager.c
+++ b/src/ext2fs/io_manager.c
@@ -130,7 +130,7 @@ errcode_t io_channel_alloc_buf(io_channel io, int count, void *ptr)
 	if (count == 0)
 		size = io->block_size;
 	else if (count > 0)
-		size = io->block_size * count;
+		size = (size_t)io->block_size * count;
 	else
 		size = -count;
 
diff --git a/src/ext2fs/mkjournal.c b/src/ext2fs/mkjournal.c
index 768c6150..e347eebc 100644
--- a/src/ext2fs/mkjournal.c
+++ b/src/ext2fs/mkjournal.c
@@ -185,12 +185,12 @@ errcode_t ext2fs_zero_blocks2(ext2_filsys fs, blk64_t blk, int num,
 
 		if (new_stride > MAX_STRIDE_LENGTH)
 			new_stride = MAX_STRIDE_LENGTH;
-		p = realloc(buf, fs->blocksize * new_stride);
+		p = realloc(buf, (size_t)fs->blocksize * new_stride);
 		if (!p)
 			return EXT2_ET_NO_MEMORY;
 		buf = p;
 		stride_length = new_stride;
-		memset(buf, 0, fs->blocksize * stride_length);
+		memset(buf, 0, (size_t)fs->blocksize * stride_length);
 	}
 	/* OK, do the write loop */
 	j=0;
diff --git a/src/format_fat32.c b/src/format_fat32.c
index 09df7a28..36a5be11 100644
--- a/src/format_fat32.c
+++ b/src/format_fat32.c
@@ -139,7 +139,7 @@ static DWORD GetFATSizeSectors(DWORD DskSize, DWORD ReservedSecCnt, DWORD SecPer
 	ULONGLONG FatSz;
 
 	Numerator = DskSize - ReservedSecCnt + ReservedClusCnt * SecPerClus;
-	Denominator = SecPerClus * BytesPerSect / FatElementSize + NumFATs;
+	Denominator = (ULONGLONG)SecPerClus * BytesPerSect / FatElementSize + NumFATs;
 	FatSz = Numerator / Denominator + 1;	// +1 to ensure we are rounded up
 
 	return (DWORD)FatSz;
diff --git a/src/iso.c b/src/iso.c
index 8f0413d4..53c171f9 100644
--- a/src/iso.c
+++ b/src/iso.c
@@ -179,7 +179,7 @@ static BOOL check_iso_props(const char* psz_dirname, int64_t file_length, const
 
 	// Check for archiso loader/entries/*.conf files
 	if (safe_stricmp(psz_dirname, "/loader/entries") == 0) {
-		size_t len = strlen(psz_basename);
+		len = strlen(psz_basename);
 		props->is_conf = ((len > 4) && (stricmp(&psz_basename[len - 5], ".conf") == 0));
 	}
 
diff --git a/src/libcdio/driver/util.c b/src/libcdio/driver/util.c
index 5108457e..5adf3adc 100644
--- a/src/libcdio/driver/util.c
+++ b/src/libcdio/driver/util.c
@@ -64,6 +64,8 @@ _cdio_strfreev(char **strv)
   int n;
 
   cdio_assert (strv != NULL);
+  if (strv == NULL)
+      return;
 
   for(n = 0; strv[n]; n++)
     free(strv[n]);
diff --git a/src/libcdio/iso9660/iso9660.c b/src/libcdio/iso9660/iso9660.c
index ae4edda3..066c4f1a 100644
--- a/src/libcdio/iso9660/iso9660.c
+++ b/src/libcdio/iso9660/iso9660.c
@@ -95,6 +95,9 @@ timegm(struct tm *tm)
 static struct tm *
 gmtime_r(const time_t *timer, struct tm *result)
 {
+#ifdef WIN32
+    return (gmtime_s(result, timer) == 0) ? result : NULL;
+#else
     struct tm *tmp = gmtime(timer);
 
     if (tmp) {
@@ -102,6 +105,7 @@ gmtime_r(const time_t *timer, struct tm *result)
         return result;
     }
     return tmp;
+#endif
 }
 #endif
 
@@ -109,6 +113,9 @@ gmtime_r(const time_t *timer, struct tm *result)
 static struct tm *
 localtime_r(const time_t *timer, struct tm *result)
 {
+#ifdef WIN32
+    return (localtime_s(result, timer) == 0) ? result : NULL;
+#else
     struct tm *tmp = localtime(timer);
 
     if (tmp) {
@@ -116,6 +123,7 @@ localtime_r(const time_t *timer, struct tm *result)
         return result;
     }
     return tmp;
+#endif
 }
 #endif
 
diff --git a/src/rufus.rc b/src/rufus.rc
index 020834e2..3cc12933 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.16.1817"
+CAPTION "Rufus 3.16.1818"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -395,8 +395,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,16,1817,0
- PRODUCTVERSION 3,16,1817,0
+ FILEVERSION 3,16,1818,0
+ PRODUCTVERSION 3,16,1818,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -414,13 +414,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.16.1817"
+            VALUE "FileVersion", "3.16.1818"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2021 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-3.16.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.16.1817"
+            VALUE "ProductVersion", "3.16.1818"
         END
     END
     BLOCK "VarFileInfo"