[misc] fix some static analysis warnings

* Also improve fast-zeroing code and upgrade Bled to latest

src/bled/decompress_bunzip2.c

@@ -680,6 +680,8 @@ int FAST_FUNC start_bunzip(bunzip_data **bdp, int in_fd,
 
 	/* Allocate bunzip_data.  Most fields initialize to zero. */
 	bd = *bdp = xzalloc(i);
+	if (bd == NULL)
+		return -1;
 
 	/* Setup input buffer */
 	bd->in_fd = in_fd;
@@ -743,6 +745,8 @@ unpack_bz2_stream(transformer_state_t *xstate)
 		return -1;
 
 	outbuf = xmalloc(IOBUF_SIZE);
+	if (outbuf == NULL)
+		return -1;
 	len = 0;
 	while (1) { /* "Process one BZ... stream" loop */
 

src/bled/decompress_gunzip.c

@@ -1039,6 +1039,8 @@ inflate_unzip(transformer_state_t *xstate)
 	DECLARE_STATE;
 
 	ALLOC_STATE;
+	if (state == NULL)
+		return -1;
 
 	to_read = xstate->bytes_in;
 //	bytebuffer_max = 0x8000;
@@ -1212,9 +1214,13 @@ unpack_gz_stream(transformer_state_t *xstate)
 	total = 0;
 
 	ALLOC_STATE;
+	if (state == NULL)
+		return -1;
 	to_read = -1;
 //	bytebuffer_max = 0x8000;
 	bytebuffer = xmalloc(bytebuffer_max);
+	if (bytebuffer == NULL)
+		return -1;
 	gunzip_src_fd = xstate->src_fd;
 
  again:

src/bled/decompress_unlzma.c

@@ -79,6 +79,8 @@ static ALWAYS_INLINE rc_t* rc_init(int fd) /*, int buffer_size) */
 	rc_t *rc;
 
 	rc = xzalloc(sizeof(*rc) + RC_BUFFER_SIZE);
+	if (rc == NULL)
+		return NULL;
 
 	rc->fd = fd;
 	/* rc->ptr = rc->buffer_end; */

src/bled/decompress_unzip.c

@@ -169,6 +169,8 @@ static uint32_t find_cdf_offset(int fd)
 	off_t end;
 	unsigned char *buf = xzalloc(PEEK_FROM_END);
 
+	if (buf == NULL)
+		return 0;
 	end = lseek(fd, 0, SEEK_END);
 	end -= PEEK_FROM_END;
 	if (end < 0)
@@ -216,7 +218,8 @@ static uint32_t read_next_cdf(int fd, uint32_t cdf_offset, cdf_header_t *cdf_ptr
 
 	if (cdf_offset != BAD_CDF_OFFSET) {
 		lseek(fd, cdf_offset + 4, SEEK_SET);
-		_read(fd, cdf_ptr->raw, CDF_HEADER_LEN);
+		if (_read(fd, cdf_ptr->raw, CDF_HEADER_LEN) != CDF_HEADER_LEN)
+			return 0;
 		FIX_ENDIANNESS_CDF(*cdf_ptr);
 		cdf_offset += 4 + CDF_HEADER_LEN
 			+ cdf_ptr->formatted.file_name_length

src/bled/init_handle.c

@@ -12,6 +12,8 @@ archive_handle_t* FAST_FUNC init_handle(void)
 
 	/* Initialize default values */
 	archive_handle = xzalloc(sizeof(archive_handle_t));
+	if (archive_handle == NULL)
+		return NULL;
 	archive_handle->file_header = xzalloc(sizeof(file_header_t));
 	archive_handle->action_header = header_skip;
 	archive_handle->action_data = data_skip;

src/format.c

@@ -1478,12 +1478,12 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, HANDLE hSourceImage)
 {
 	BOOL s, ret = FALSE;
 	LARGE_INTEGER li;
-	DWORD rSize, wSize, xSize, BufSize;
+	DWORD i, rSize, wSize, xSize, BufSize;
 	uint64_t wb, target_size = hSourceImage?img_report.image_size:SelectedDrive.DiskSize;
 	int64_t bled_ret;
-	uint8_t *buffer = NULL;
-	uint8_t *cmp_buffer = NULL;
-	int i, *ptr, zero_data, throttle_fast_zeroing = 0;
+	uint8_t* buffer = NULL;
+	uint32_t zero_data, *cmp_buffer = NULL;
+	int throttle_fast_zeroing = 0;
 
 	if (SelectedDrive.SectorSize < 512) {
 		uprintf("Unexpected sector size (%d) - Aborting", SelectedDrive.SectorSize);
@@ -1539,13 +1539,15 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, HANDLE hSourceImage)
 		// Clear buffer
 		memset(buffer, fast_zeroing ? 0xff : 0x00, BufSize);
 
-		cmp_buffer = (uint8_t*)_mm_malloc(BufSize, SelectedDrive.SectorSize);
-		if (cmp_buffer == NULL) {
-			FormatStatus = ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | ERROR_NOT_ENOUGH_MEMORY;
-			uprintf("Could not allocate disk comparison buffer");
-			goto out;
+		if (fast_zeroing) {
+			cmp_buffer = (uint32_t*)_mm_malloc(BufSize, SelectedDrive.SectorSize);
+			if (cmp_buffer == NULL) {
+				FormatStatus = ERROR_SEVERITY_ERROR | FAC(FACILITY_STORAGE) | ERROR_NOT_ENOUGH_MEMORY;
+				uprintf("Could not allocate disk comparison buffer");
+				goto out;
+			}
+			assert((uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0);
 		}
-		assert((uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0);
 
 		// Don't bother trying for something clever, using double buffering overlapped and whatnot:
 		// With Windows' default optimizations, sync read + sync write for sequential operations
@@ -1585,22 +1587,17 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, HANDLE hSourceImage)
 				// Read block and compare against the block that needs to be written
 				s = ReadFile(hPhysicalDrive, cmp_buffer, rSize, &xSize, NULL);
 				if ((!s) || (xSize != rSize) ) {
-					uprintf("Read error: Could not read data for comparison - %s", WindowsErrorString());
+					uprintf("Read error: Could not read data for fast zeroing comparison - %s", WindowsErrorString());
 					goto out;
 				}
 
-				// Check for an empty block
-				ptr = (int*)(cmp_buffer);
-				// Get first element
-				zero_data = ptr[0];
+				// Check for an empty block by comparing with the first element
+				zero_data = cmp_buffer[0];
 				// Check all bits are the same
-				if ((zero_data == 0) || (zero_data == -1)) {
+				if ((zero_data == 0) || (zero_data == 0xffffffff)) {
 					// Compare the rest of the block against the first element
-					for (i = 1; i < (int)(rSize / sizeof(int)); i++) {
-						if (ptr[i] != zero_data)
-							break;
-					}
-					if (i >= (int)(rSize / sizeof(int))) {
+					for (i = 1; (i < rSize / sizeof(uint32_t)) && (cmp_buffer[i] == zero_data); i++);
+					if (i >= rSize / sizeof(uint32_t)) {
 						// Block is empty, skip write
 						wSize = rSize;
 						continue;

src/net.c

@@ -985,13 +985,21 @@ static DWORD WINAPI DownloadISOThread(LPVOID param)
 	close_fido_cookie_prompts = FALSE;
 	if ((dwExitCode == 0) && PeekNamedPipe(hPipe, NULL, dwPipeSize, NULL, &dwAvail, NULL) && (dwAvail != 0)) {
 		url = malloc(dwAvail + 1);
+		dwSize = 0;
 		if ((url != NULL) && ReadFile(hPipe, url, dwAvail, &dwSize, NULL) && (dwSize > 4)) {
 #else
 	{	{	url = strdup(FORCE_URL);
 			dwSize = (DWORD)strlen(FORCE_URL);
 #endif
 			IMG_SAVE img_save = { 0 };
-			url[dwSize] = 0;
+// WTF is wrong with Microsoft's static analyzer reporting a potential buffer overflow here?!?
+#if defined(_MSC_VER)
+#pragma warning(disable: 6386)
+#endif
+			url[min(dwSize, dwAvail)] = 0;
+#if defined(_MSC_VER)
+#pragma warning(default: 6386)
+#endif
 			EXT_DECL(img_ext, GetShortName(url), __VA_GROUP__("*.iso"), __VA_GROUP__(lmprintf(MSG_036)));
 			img_save.Type = IMG_SAVE_TYPE_ISO;
 			img_save.ImagePath = FileDialog(TRUE, NULL, &img_ext, 0);

src/rufus.rc

@@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.13.1715"
+CAPTION "Rufus 3.13.1716"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
     LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@@ -395,8 +395,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,13,1715,0
- PRODUCTVERSION 3,13,1715,0
+ FILEVERSION 3,13,1716,0
+ PRODUCTVERSION 3,13,1716,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -414,13 +414,13 @@ BEGIN
             VALUE "Comments", "https://rufus.ie"
             VALUE "CompanyName", "Akeo Consulting"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.13.1715"
+            VALUE "FileVersion", "3.13.1716"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2020 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
             VALUE "OriginalFilename", "rufus-3.13.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.13.1715"
+            VALUE "ProductVersion", "3.13.1716"
         END
     END
     BLOCK "VarFileInfo"