1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00

[misc] fix Coverity warnings

* Also use a new if_not_assert() construct where possible.
This commit is contained in:
Pete Batard 2024-07-17 14:30:59 +01:00
parent 78608c35fe
commit ceee3e9a28
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
24 changed files with 133 additions and 70 deletions

View file

@ -426,6 +426,11 @@ static unsigned int test_rw(HANDLE hDrive, blk64_t last_block, size_t block_size
cancel_ops = -1; cancel_ops = -1;
return 0; return 0;
} }
if ((first_block * block_size > 1 * PB) || (last_block * block_size > 1 * PB)) {
uprintf("%sDisk is too large\n", bb_prefix);
cancel_ops = -1;
return 0;
}
buffer = allocate_buffer(2 * blocks_at_once * block_size); buffer = allocate_buffer(2 * blocks_at_once * block_size);
if (!buffer) { if (!buffer) {
@ -543,9 +548,12 @@ static unsigned int test_rw(HANDLE hDrive, blk64_t last_block, size_t block_size
for (i=0; i < got; i++) { for (i=0; i < got; i++) {
if (memcmp(read_buffer + i * block_size, if (memcmp(read_buffer + i * block_size,
buffer + i * block_size, buffer + i * block_size,
block_size)) block_size)) {
if_not_assert(currently_testing * block_size < 1 * PB)
goto out;
bb_count += bb_output(currently_testing+i-got, CORRUPTION_ERROR); bb_count += bb_output(currently_testing+i-got, CORRUPTION_ERROR);
} }
}
if (v_flag > 1) if (v_flag > 1)
print_status(); print_status();
} }

View file

@ -38,6 +38,7 @@ static void crc32init_le(uint32_t *crc32table_le)
crc32table_le[0] = 0; crc32table_le[0] = 0;
for (i = 1 << (CRC_LE_BITS - 1); i; i >>= 1) { for (i = 1 << (CRC_LE_BITS - 1); i; i >>= 1) {
// coverity[overflow_const]
crc = (crc >> 1) ^ ((crc & 1) ? CRCPOLY_LE : 0); crc = (crc >> 1) ^ ((crc & 1) ? CRCPOLY_LE : 0);
for (j = 0; j < 1 << CRC_LE_BITS; j += 2 * i) for (j = 0; j < 1 << CRC_LE_BITS; j += 2 * i)
crc32table_le[i + j] = crc ^ crc32table_le[j]; crc32table_le[i + j] = crc ^ crc32table_le[j];
@ -81,6 +82,7 @@ static void crc32init_be(uint32_t *crc32table_be)
uint32_t crc = 0x80000000; uint32_t crc = 0x80000000;
for (i = 1; i < 1 << CRC_BE_BITS; i <<= 1) { for (i = 1; i < 1 << CRC_BE_BITS; i <<= 1) {
// coverity[overflow_const]
crc = (crc << 1) ^ ((crc & 0x80000000) ? CRCPOLY_BE : 0); crc = (crc << 1) ^ ((crc & 0x80000000) ? CRCPOLY_BE : 0);
for (j = 0; j < i; j++) for (j = 0; j < i; j++)
crc32table_be[i + j] = crc ^ crc32table_be[j]; crc32table_be[i + j] = crc ^ crc32table_be[j];

View file

@ -280,6 +280,7 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current
bytebuffer_offset++; bytebuffer_offset++;
*current += 8; *current += 8;
} }
// coverity[return_overflow]
return bitbuffer; return bitbuffer;
} }
@ -661,7 +662,7 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
/* called once from inflate_block */ /* called once from inflate_block */
static void inflate_stored_setup(STATE_PARAM int my_n, int my_b, int my_k) static void inflate_stored_setup(STATE_PARAM unsigned my_n, unsigned my_b, unsigned my_k)
{ {
inflate_stored_n = my_n; inflate_stored_n = my_n;
inflate_stored_b = my_b; inflate_stored_b = my_b;
@ -1043,7 +1044,15 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
n = (nwrote <0)?nwrote:-1; n = (nwrote <0)?nwrote:-1;
goto ret; goto ret;
} }
IF_DESKTOP(n += nwrote;) #if ENABLE_DESKTOP
long long int v = n + nwrote;
if (v < n) {
bb_simple_error_msg("overflow");
n = -1;
goto ret;
}
n = v;
#endif
if (r == 0) break; if (r == 0) break;
} }
@ -1054,6 +1063,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
bytebuffer_offset--; bytebuffer_offset--;
bytebuffer[bytebuffer_offset] = gunzip_bb & 0xff; bytebuffer[bytebuffer_offset] = gunzip_bb & 0xff;
gunzip_bb >>= 8; gunzip_bb >>= 8;
// coverity[overflow_const]
gunzip_bk -= 8; gunzip_bk -= 8;
} }
ret: ret:

View file

@ -23,6 +23,7 @@
#include "platform.h" #include "platform.h"
#include "msapi_utf8.h" #include "msapi_utf8.h"
#include <assert.h>
#include <ctype.h> #include <ctype.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>

View file

@ -18,6 +18,7 @@
/* #define XZ_DEC_ARMTHUMB */ /* #define XZ_DEC_ARMTHUMB */
/* #define XZ_DEC_SPARC */ /* #define XZ_DEC_SPARC */
#include <assert.h>
#include <stdbool.h> #include <stdbool.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>

View file

@ -109,6 +109,7 @@ static noinline_for_stack size_t XZ_FUNC bcj_x86(
if ((buf[i] & 0xFE) != 0xE8) if ((buf[i] & 0xFE) != 0xE8)
continue; continue;
// coverity[overflow_const]
prev_pos = i - prev_pos; prev_pos = i - prev_pos;
if (prev_pos > 3) { if (prev_pos > 3) {
prev_mask = 0; prev_mask = 0;

View file

@ -622,7 +622,7 @@ static void XZ_FUNC lzma_len(struct xz_dec_lzma2 *s, struct lzma_len_dec *l,
uint32_t pos_state) uint32_t pos_state)
{ {
uint16_t *probs; uint16_t *probs;
uint32_t limit; uint32_t limit, v;
if (!rc_bit(&s->rc, &l->choice)) { if (!rc_bit(&s->rc, &l->choice)) {
probs = l->low[pos_state]; probs = l->low[pos_state];
@ -641,7 +641,9 @@ static void XZ_FUNC lzma_len(struct xz_dec_lzma2 *s, struct lzma_len_dec *l,
} }
} }
s->lzma.len += rc_bittree(&s->rc, probs, limit) - limit; v = s->lzma.len + rc_bittree(&s->rc, probs, limit) - limit;
assert(v >= s->lzma.len);
s->lzma.len = (v < s->lzma.len) ? 0 : v;
} }
/* Decode a match. The distance will be stored in s->lzma.rep0. */ /* Decode a match. The distance will be stored in s->lzma.rep0. */
@ -660,6 +662,7 @@ static void XZ_FUNC lzma_match(struct xz_dec_lzma2 *s, uint32_t pos_state)
lzma_len(s, &s->lzma.match_len_dec, pos_state); lzma_len(s, &s->lzma.match_len_dec, pos_state);
probs = s->lzma.dist_slot[lzma_get_dist_state(s->lzma.len)]; probs = s->lzma.dist_slot[lzma_get_dist_state(s->lzma.len)];
// covertity[overflow_const]
dist_slot = rc_bittree(&s->rc, probs, DIST_SLOTS) - DIST_SLOTS; dist_slot = rc_bittree(&s->rc, probs, DIST_SLOTS) - DIST_SLOTS;
if (dist_slot < DIST_MODEL_START) { if (dist_slot < DIST_MODEL_START) {

View file

@ -137,7 +137,8 @@ BOOL CyclePort(int index)
DWORD size; DWORD size;
USB_CYCLE_PORT_PARAMS cycle_port; USB_CYCLE_PORT_PARAMS cycle_port;
assert(index < MAX_DRIVES); if_not_assert(index < MAX_DRIVES)
return -1;
// Wait at least 10 secs between resets // Wait at least 10 secs between resets
if (GetTickCount64() < LastReset + 10000ULL) { if (GetTickCount64() < LastReset + 10000ULL) {
uprintf("You must wait at least 10 seconds before trying to reset a device"); uprintf("You must wait at least 10 seconds before trying to reset a device");
@ -190,7 +191,8 @@ int CycleDevice(int index)
SP_DEVINFO_DATA dev_info_data; SP_DEVINFO_DATA dev_info_data;
SP_PROPCHANGE_PARAMS propchange_params; SP_PROPCHANGE_PARAMS propchange_params;
assert(index < MAX_DRIVES); if_not_assert(index < MAX_DRIVES)
return ERROR_INVALID_DRIVE;
if ((index < 0) || (safe_strlen(rufus_drive[index].id) < 8)) if ((index < 0) || (safe_strlen(rufus_drive[index].id) < 8))
return ERROR_INVALID_PARAMETER; return ERROR_INVALID_PARAMETER;
@ -583,8 +585,10 @@ BOOL GetDevices(DWORD devnum)
// Better safe than sorry. And yeah, we could have used arrays of // Better safe than sorry. And yeah, we could have used arrays of
// arrays to avoid this, but it's more readable this way. // arrays to avoid this, but it's more readable this way.
assert((uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))); if_not_assert((uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name)))
assert((card_start > 0) && (card_start < ARRAYSIZE(genstor_name))); goto out;
if_not_assert((card_start > 0) && (card_start < ARRAYSIZE(genstor_name)))
goto out;
devid_list = NULL; devid_list = NULL;
if (full_list_size != 0) { if (full_list_size != 0) {
@ -671,7 +675,8 @@ BOOL GetDevices(DWORD devnum)
} }
// Also test for "_SD&" instead of "_SD_" and so on to allow for devices like // Also test for "_SD&" instead of "_SD_" and so on to allow for devices like
// "SCSI\DiskRicoh_Storage_SD&REV_3.0" to be detected. // "SCSI\DiskRicoh_Storage_SD&REV_3.0" to be detected.
assert(strlen(scsi_card_name_copy) > 1); if_not_assert(strlen(scsi_card_name_copy) > 1)
continue;
scsi_card_name_copy[strlen(scsi_card_name_copy) - 1] = '&'; scsi_card_name_copy[strlen(scsi_card_name_copy) - 1] = '&';
if (safe_strstr(buffer, scsi_card_name_copy) != NULL) { if (safe_strstr(buffer, scsi_card_name_copy) != NULL) {
props.is_CARD = TRUE; props.is_CARD = TRUE;
@ -999,7 +1004,8 @@ BOOL GetDevices(DWORD devnum)
rufus_drive[num_drives].display_name = safe_strdup(display_name); rufus_drive[num_drives].display_name = safe_strdup(display_name);
rufus_drive[num_drives].label = safe_strdup(label); rufus_drive[num_drives].label = safe_strdup(label);
rufus_drive[num_drives].size = drive_size; rufus_drive[num_drives].size = drive_size;
assert(rufus_drive[num_drives].size != 0); if_not_assert(rufus_drive[num_drives].size != 0)
break;
if (hub_path != NULL) { if (hub_path != NULL) {
rufus_drive[num_drives].hub = safe_strdup(hub_path); rufus_drive[num_drives].hub = safe_strdup(hub_path);
rufus_drive[num_drives].port = props.port; rufus_drive[num_drives].port = props.port;

View file

@ -280,9 +280,12 @@ char* GetLogicalName(DWORD DriveIndex, uint64_t PartitionOffset, BOOL bKeepTrail
// Sanity checks // Sanity checks
len = safe_strlen(volume_name); len = safe_strlen(volume_name);
assert(len > 4); if_not_assert(len > 4)
assert(safe_strnicmp(volume_name, volume_start, 4) == 0); continue;
assert(volume_name[len - 1] == '\\'); if_not_assert(safe_strnicmp(volume_name, volume_start, 4) == 0)
continue;
if_not_assert(volume_name[len - 1] == '\\')
continue;
drive_type = GetDriveTypeA(volume_name); drive_type = GetDriveTypeA(volume_name);
if ((drive_type != DRIVE_REMOVABLE) && (drive_type != DRIVE_FIXED)) if ((drive_type != DRIVE_REMOVABLE) && (drive_type != DRIVE_FIXED))
@ -1817,6 +1820,7 @@ const char* GetFsName(HANDLE hPhysical, LARGE_INTEGER StartingOffset)
} }
} }
assert(rev < ARRAYSIZE(ext_names)); assert(rev < ARRAYSIZE(ext_names));
if (rev < ARRAYSIZE(ext_names))
ret = ext_names[rev]; ret = ext_names[rev];
goto out; goto out;
} }

View file

@ -45,6 +45,7 @@ static void TEA_transform(__u32 buf[4], __u32 const in[])
int n = 16; int n = 16;
do { do {
// coverity[overflow_const]
sum += DELTA; sum += DELTA;
b0 += ((b1 << 4)+a) ^ (b1+sum) ^ ((b1 >> 5)+b); b0 += ((b1 << 4)+a) ^ (b1+sum) ^ ((b1 >> 5)+b);
b1 += ((b0 << 4)+c) ^ (b0+sum) ^ ((b0 >> 5)+d); b1 += ((b0 << 4)+c) ^ (b0+sum) ^ ((b0 >> 5)+d);

View file

@ -11,6 +11,7 @@
*/ */
#include "config.h" #include "config.h"
#include <assert.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#if HAVE_UNISTD_H #if HAVE_UNISTD_H
@ -374,6 +375,8 @@ ipg_retry:
* adjust inode count to reflect the adjusted inodes_per_group * adjust inode count to reflect the adjusted inodes_per_group
*/ */
if ((__u64)super->s_inodes_per_group * fs->group_desc_count > ~0U) { if ((__u64)super->s_inodes_per_group * fs->group_desc_count > ~0U) {
assert(ipg != 0);
if (ipg != 0)
ipg--; ipg--;
goto ipg_retry; goto ipg_retry;
} }

View file

@ -117,8 +117,7 @@ static BOOLEAN __stdcall FormatExCallback(FILE_SYSTEM_CALLBACK_COMMAND Command,
if (IS_ERROR(ErrorStatus)) if (IS_ERROR(ErrorStatus))
return FALSE; return FALSE;
assert((actual_fs_type >= 0) && (actual_fs_type < FS_MAX)); if_not_assert((actual_fs_type >= 0) && (actual_fs_type < FS_MAX))
if ((actual_fs_type < 0) || (actual_fs_type >= FS_MAX))
return FALSE; return FALSE;
switch(Command) { switch(Command) {
@ -1108,6 +1107,10 @@ static int sector_write(int fd, const void* _buf, unsigned int count)
if (sec_size == 0) if (sec_size == 0)
sec_size = 512; sec_size = 512;
if_not_assert(sec_size <= 64 * KB)
return -1;
if_not_assert(count <= 1 * GB)
return -1;
// If we are on a sector boundary and count is multiple of the // If we are on a sector boundary and count is multiple of the
// sector size, just issue a regular write // sector size, just issue a regular write
@ -1116,6 +1119,8 @@ static int sector_write(int fd, const void* _buf, unsigned int count)
// If we have an existing partial sector, fill and write it // If we have an existing partial sector, fill and write it
if (sec_buf_pos > 0) { if (sec_buf_pos > 0) {
if_not_assert(sec_size >= sec_buf_pos)
return -1;
fill_size = min(sec_size - sec_buf_pos, count); fill_size = min(sec_size - sec_buf_pos, count);
memcpy(&sec_buf[sec_buf_pos], buf, fill_size); memcpy(&sec_buf[sec_buf_pos], buf, fill_size);
sec_buf_pos += fill_size; sec_buf_pos += fill_size;
@ -1133,10 +1138,18 @@ static int sector_write(int fd, const void* _buf, unsigned int count)
written = _write(fd, &buf[fill_size], sec_num * sec_size); written = _write(fd, &buf[fill_size], sec_num * sec_size);
if (written < 0) if (written < 0)
return written; return written;
else if (written != sec_num * sec_size) if (written != sec_num * sec_size) {
return fill_size + written; // Detect overflows
// coverity[overflow]
int v = fill_size + written;
if_not_assert(v >= fill_size)
return -1;
else
return v;
}
sec_buf_pos = count - fill_size - written; sec_buf_pos = count - fill_size - written;
assert(sec_buf_pos < sec_size); if_not_assert(sec_buf_pos < sec_size)
return -1;
// Keep leftover bytes, if any, in the sector buffer // Keep leftover bytes, if any, in the sector buffer
if (sec_buf_pos != 0) if (sec_buf_pos != 0)
@ -1180,7 +1193,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive)
uprintf("Could not allocate disk zeroing buffer"); uprintf("Could not allocate disk zeroing buffer");
goto out; goto out;
} }
assert((uintptr_t)buffer % SelectedDrive.SectorSize == 0); if_not_assert((uintptr_t)buffer % SelectedDrive.SectorSize == 0)
goto out;
// Clear buffer // Clear buffer
memset(buffer, fast_zeroing ? 0xff : 0x00, buf_size); memset(buffer, fast_zeroing ? 0xff : 0x00, buf_size);
@ -1192,7 +1206,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive)
uprintf("Could not allocate disk comparison buffer"); uprintf("Could not allocate disk comparison buffer");
goto out; goto out;
} }
assert((uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0); if_not_assert((uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0)
goto out;
} }
read_size[0] = buf_size; read_size[0] = buf_size;
@ -1290,7 +1305,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive)
uprintf("Could not allocate disk write buffer"); uprintf("Could not allocate disk write buffer");
goto out; goto out;
} }
assert((uintptr_t)sec_buf % SelectedDrive.SectorSize == 0); if_not_assert((uintptr_t)sec_buf% SelectedDrive.SectorSize == 0)
goto out;
sec_buf_pos = 0; sec_buf_pos = 0;
bled_init(256 * KB, uprintf, NULL, sector_write, update_progress, NULL, &ErrorStatus); bled_init(256 * KB, uprintf, NULL, sector_write, update_progress, NULL, &ErrorStatus);
bled_ret = bled_uncompress_with_handles(hSourceImage, hPhysicalDrive, img_report.compression_type); bled_ret = bled_uncompress_with_handles(hSourceImage, hPhysicalDrive, img_report.compression_type);
@ -1312,7 +1328,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive)
goto out; goto out;
} }
} else { } else {
assert(img_report.compression_type != IMG_COMPRESSION_FFU); if_not_assert(img_report.compression_type != IMG_COMPRESSION_FFU)
goto out;
// VHD/VHDX require mounting the image first // VHD/VHDX require mounting the image first
if (img_report.compression_type == IMG_COMPRESSION_VHD || if (img_report.compression_type == IMG_COMPRESSION_VHD ||
img_report.compression_type == IMG_COMPRESSION_VHDX) { img_report.compression_type == IMG_COMPRESSION_VHDX) {
@ -1338,7 +1355,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive)
uprintf("Could not allocate disk write buffer"); uprintf("Could not allocate disk write buffer");
goto out; goto out;
} }
assert((uintptr_t)buffer % SelectedDrive.SectorSize == 0); if_not_assert((uintptr_t)buffer% SelectedDrive.SectorSize == 0)
goto out;
// Start the initial read // Start the initial read
ReadFileAsync(hSourceImage, &buffer[read_bufnum * buf_size], (DWORD)MIN(buf_size, target_size)); ReadFileAsync(hSourceImage, &buffer[read_bufnum * buf_size], (DWORD)MIN(buf_size, target_size));
@ -1365,7 +1383,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive)
// 2. WriteFile fails unless the size is a multiple of sector size // 2. WriteFile fails unless the size is a multiple of sector size
if (read_size[read_bufnum] % SelectedDrive.SectorSize != 0) { if (read_size[read_bufnum] % SelectedDrive.SectorSize != 0) {
assert(HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize) <= buf_size); if_not_assert(HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize) <= buf_size)
goto out;
read_size[read_bufnum] = HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize); read_size[read_bufnum] = HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize);
} }
@ -1660,7 +1679,8 @@ DWORD WINAPI FormatThread(void* param)
if (img_report.compression_type == IMG_COMPRESSION_FFU) { if (img_report.compression_type == IMG_COMPRESSION_FFU) {
char cmd[MAX_PATH + 128], *physical = NULL; char cmd[MAX_PATH + 128], *physical = NULL;
// Should have been filtered out beforehand // Should have been filtered out beforehand
assert(has_ffu_support); if_not_assert(has_ffu_support)
goto out;
safe_unlockclose(hPhysicalDrive); safe_unlockclose(hPhysicalDrive);
physical = GetPhysicalName(SelectedDrive.DeviceNumber); physical = GetPhysicalName(SelectedDrive.DeviceNumber);
static_sprintf(cmd, "dism /Apply-Ffu /ApplyDrive:%s /ImageFile:\"%s\"", physical, image_path); static_sprintf(cmd, "dism /Apply-Ffu /ApplyDrive:%s /ImageFile:\"%s\"", physical, image_path);
@ -1848,8 +1868,7 @@ DWORD WINAPI FormatThread(void* param)
// All good // All good
} else if (target_type == TT_UEFI) { } else if (target_type == TT_UEFI) {
// For once, no need to do anything - just check our sanity // For once, no need to do anything - just check our sanity
assert((boot_type == BT_IMAGE) && IS_EFI_BOOTABLE(img_report) && (fs_type <= FS_NTFS)); if_not_assert((boot_type == BT_IMAGE) && IS_EFI_BOOTABLE(img_report) && (fs_type <= FS_NTFS)) {
if ( (boot_type != BT_IMAGE) || !IS_EFI_BOOTABLE(img_report) || (fs_type > FS_NTFS) ) {
ErrorStatus = RUFUS_ERROR(ERROR_INSTALL_FAILURE); ErrorStatus = RUFUS_ERROR(ERROR_INSTALL_FAILURE);
goto out; goto out;
} }
@ -1924,7 +1943,8 @@ DWORD WINAPI FormatThread(void* param)
ErrorStatus = RUFUS_ERROR(APPERR(ERROR_CANT_PATCH)); ErrorStatus = RUFUS_ERROR(APPERR(ERROR_CANT_PATCH));
} }
} else { } else {
assert(!img_report.is_windows_img); if_not_assert(!img_report.is_windows_img)
goto out;
if (!ExtractISO(image_path, drive_name, FALSE)) { if (!ExtractISO(image_path, drive_name, FALSE)) {
if (!IS_ERROR(ErrorStatus)) if (!IS_ERROR(ErrorStatus))
ErrorStatus = RUFUS_ERROR(APPERR(ERROR_ISO_EXTRACT)); ErrorStatus = RUFUS_ERROR(APPERR(ERROR_ISO_EXTRACT));

View file

@ -1571,8 +1571,8 @@ uint32_t ReadISOFileToBuffer(const char* iso, const char* iso_file, uint8_t** bu
goto out; goto out;
} }
file_length = udf_get_file_length(p_udf_file); file_length = udf_get_file_length(p_udf_file);
if (file_length > UINT32_MAX) { if (file_length > 1 * GB) {
uprintf("Only files smaller than 4 GB are supported"); uprintf("Only files smaller than 1 GB are supported");
goto out; goto out;
} }
nblocks = (uint32_t)((file_length + UDF_BLOCKSIZE - 1) / UDF_BLOCKSIZE); nblocks = (uint32_t)((file_length + UDF_BLOCKSIZE - 1) / UDF_BLOCKSIZE);
@ -1604,10 +1604,11 @@ try_iso:
goto out; goto out;
} }
file_length = p_statbuf->total_size; file_length = p_statbuf->total_size;
if (file_length > UINT32_MAX) { if (file_length > 1 * GB) {
uprintf("Only files smaller than 4 GB are supported"); uprintf("Only files smaller than 1 GB are supported");
goto out; goto out;
} }
// coverity[cast_overflow]
nblocks = (uint32_t)((file_length + ISO_BLOCKSIZE - 1) / ISO_BLOCKSIZE); nblocks = (uint32_t)((file_length + ISO_BLOCKSIZE - 1) / ISO_BLOCKSIZE);
*buf = malloc(nblocks * ISO_BLOCKSIZE + 1); *buf = malloc(nblocks * ISO_BLOCKSIZE + 1);
if (*buf == NULL) { if (*buf == NULL) {

View file

@ -407,7 +407,8 @@ static PWSTR GetProcessCommandLine(HANDLE hProcess)
ucmdline = (UNICODE_STRING*)(pp + cmd_offset); ucmdline = (UNICODE_STRING*)(pp + cmd_offset);
// In the absolute, someone could craft a process with dodgy attributes to try to cause an overflow // In the absolute, someone could craft a process with dodgy attributes to try to cause an overflow
ucmdline->Length = min(ucmdline->Length, 512); // coverity[cast_overflow]
ucmdline->Length = min(ucmdline->Length, (USHORT)512);
wcmdline = (PWSTR)calloc(ucmdline->Length + 1, sizeof(WCHAR)); wcmdline = (PWSTR)calloc(ucmdline->Length + 1, sizeof(WCHAR));
if (!ReadProcessMemory(hProcess, ucmdline->Buffer, wcmdline, ucmdline->Length, NULL)) { if (!ReadProcessMemory(hProcess, ucmdline->Buffer, wcmdline, ucmdline->Length, NULL)) {
safe_free(wcmdline); safe_free(wcmdline);
@ -493,8 +494,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param)
// Work on our own copy of the handle names so we don't have to hold the // Work on our own copy of the handle names so we don't have to hold the
// mutex for string comparison. Update only if the version has changed. // mutex for string comparison. Update only if the version has changed.
if (blocking_process.nVersion[0] != blocking_process.nVersion[1]) { if (blocking_process.nVersion[0] != blocking_process.nVersion[1]) {
assert(blocking_process.wHandleName != NULL && blocking_process.nHandles != 0); if_not_assert(blocking_process.wHandleName != NULL && blocking_process.nHandles != 0) {
if (blocking_process.wHandleName == NULL || blocking_process.nHandles == 0) {
ReleaseMutex(hLock); ReleaseMutex(hLock);
goto out; goto out;
} }
@ -930,8 +930,7 @@ BYTE GetProcessSearch(uint32_t timeout, uint8_t access_mask, BOOL bIgnoreStalePr
return 0; return 0;
} }
assert(blocking_process.hLock != NULL); if_not_assert(blocking_process.hLock != NULL)
if (blocking_process.hLock == NULL)
return 0; return 0;
retry: retry:

View file

@ -37,11 +37,9 @@ static __inline BOOL DeleteRegistryKey(HKEY key_root, const char* key_name)
HKEY hSoftware = NULL; HKEY hSoftware = NULL;
LONG s; LONG s;
assert(key_root == REGKEY_HKCU); if_not_assert(key_root == REGKEY_HKCU)
if (key_root != REGKEY_HKCU)
return FALSE; return FALSE;
assert(key_name != NULL); if_not_assert(key_name != NULL)
if (key_name == NULL)
return FALSE; return FALSE;
if (RegOpenKeyExA(key_root, "SOFTWARE", 0, KEY_READ|KEY_CREATE_SUB_KEY, &hSoftware) != ERROR_SUCCESS) if (RegOpenKeyExA(key_root, "SOFTWARE", 0, KEY_READ|KEY_CREATE_SUB_KEY, &hSoftware) != ERROR_SUCCESS)
@ -135,15 +133,12 @@ static __inline BOOL _SetRegistryKey(HKEY key_root, const char* key_name, DWORD
HKEY hRoot = NULL, hApp = NULL; HKEY hRoot = NULL, hApp = NULL;
DWORD dwDisp, dwType = reg_type; DWORD dwDisp, dwType = reg_type;
assert(key_name != NULL); if_not_assert(key_name != NULL)
if (key_name == NULL)
return FALSE; return FALSE;
assert(key_root == REGKEY_HKCU); if_not_assert(key_root == REGKEY_HKCU)
if (key_root != REGKEY_HKCU)
return FALSE; return FALSE;
// Validate that we are always dealing with a short key // Validate that we are always dealing with a short key
assert(strchr(key_name, '\\') == NULL); if_not_assert(strchr(key_name, '\\') == NULL)
if (strchr(key_name, '\\') != NULL)
return FALSE; return FALSE;
if (RegOpenKeyExA(key_root, NULL, 0, KEY_READ|KEY_CREATE_SUB_KEY, &hRoot) != ERROR_SUCCESS) { if (RegOpenKeyExA(key_root, NULL, 0, KEY_READ|KEY_CREATE_SUB_KEY, &hRoot) != ERROR_SUCCESS) {

View file

@ -1131,7 +1131,8 @@ static void DisplayISOProps(void)
// Insert the image name into the Boot selection dropdown and (re)populate the Image option dropdown // Insert the image name into the Boot selection dropdown and (re)populate the Image option dropdown
static void UpdateImage(BOOL update_image_option_only) static void UpdateImage(BOOL update_image_option_only)
{ {
assert(image_index != 0); if_not_assert(image_index != 0)
return;
if (!update_image_option_only) { if (!update_image_option_only) {
if (ComboBox_GetItemData(hBootType, image_index) == BT_IMAGE) if (ComboBox_GetItemData(hBootType, image_index) == BT_IMAGE)
@ -1429,8 +1430,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param)
} }
if (boot_type == BT_IMAGE) { if (boot_type == BT_IMAGE) {
assert(image_path != NULL); if_not_assert(image_path != NULL)
if (image_path == NULL)
goto out; goto out;
if ((size_check) && (img_report.projected_size > (uint64_t)SelectedDrive.DiskSize)) { if ((size_check) && (img_report.projected_size > (uint64_t)SelectedDrive.DiskSize)) {
// This ISO image is too big for the selected target // This ISO image is too big for the selected target

View file

@ -15,6 +15,7 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include <assert.h>
#include <windows.h> #include <windows.h>
#include <malloc.h> #include <malloc.h>
#include <inttypes.h> #include <inttypes.h>
@ -36,6 +37,7 @@
#define MB 1048576LL #define MB 1048576LL
#define GB 1073741824LL #define GB 1073741824LL
#define TB 1099511627776LL #define TB 1099511627776LL
#define PB 1125899906842624LL
/* /*
* Features not ready for prime time and that may *DESTROY* your data - USE AT YOUR OWN RISKS! * Features not ready for prime time and that may *DESTROY* your data - USE AT YOUR OWN RISKS!
@ -186,6 +188,7 @@ static __inline void static_repchr(char* p, char s, char r) {
} }
#define to_unix_path(str) static_repchr(str, '\\', '/') #define to_unix_path(str) static_repchr(str, '\\', '/')
#define to_windows_path(str) static_repchr(str, '/', '\\') #define to_windows_path(str) static_repchr(str, '/', '\\')
#define if_not_assert(cond) assert(cond); if (!(cond))
extern void uprintf(const char *format, ...); extern void uprintf(const char *format, ...);
extern void uprintfs(const char *str); extern void uprintfs(const char *str);

View file

@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 232, 326 IDD_DIALOG DIALOGEX 12, 12, 232, 326
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 4.6.2189" CAPTION "Rufus 4.6.2190"
FONT 9, "Segoe UI Symbol", 400, 0, 0x0 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
BEGIN BEGIN
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -397,8 +397,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 4,6,2189,0 FILEVERSION 4,6,2190,0
PRODUCTVERSION 4,6,2189,0 PRODUCTVERSION 4,6,2190,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -416,13 +416,13 @@ BEGIN
VALUE "Comments", "https://rufus.ie" VALUE "Comments", "https://rufus.ie"
VALUE "CompanyName", "Akeo Consulting" VALUE "CompanyName", "Akeo Consulting"
VALUE "FileDescription", "Rufus" VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "4.6.2189" VALUE "FileVersion", "4.6.2190"
VALUE "InternalName", "Rufus" VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)" VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
VALUE "OriginalFilename", "rufus-4.6.exe" VALUE "OriginalFilename", "rufus-4.6.exe"
VALUE "ProductName", "Rufus" VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "4.6.2189" VALUE "ProductVersion", "4.6.2190"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

View file

@ -80,8 +80,7 @@ BOOL htab_create(uint32_t nel, htab_table* htab)
if (htab == NULL) { if (htab == NULL) {
return FALSE; return FALSE;
} }
assert(htab->table == NULL); if_not_assert(htab->table == NULL) {
if (htab->table != NULL) {
uprintf("Warning: htab_create() was called with a non empty table"); uprintf("Warning: htab_create() was called with a non empty table");
return FALSE; return FALSE;
} }
@ -197,8 +196,7 @@ uint32_t htab_hash(char* str, htab_table* htab)
// Not found => New entry // Not found => New entry
// If the table is full return an error // If the table is full return an error
assert(htab->filled < htab->size); if_not_assert(htab->filled < htab->size) {
if (htab->filled >= htab->size) {
uprintf("Hash table is full (%d entries)", htab->size); uprintf("Hash table is full (%d entries)", htab->size);
return 0; return 0;
} }
@ -1199,7 +1197,8 @@ BOOL MountRegistryHive(const HKEY key, const char* pszHiveName, const char* pszH
LSTATUS status; LSTATUS status;
HANDLE token = INVALID_HANDLE_VALUE; HANDLE token = INVALID_HANDLE_VALUE;
assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)); if_not_assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS))
return FALSE;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)) { if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)) {
uprintf("Could not get current process token: %s", WindowsErrorString()); uprintf("Could not get current process token: %s", WindowsErrorString());
@ -1230,7 +1229,8 @@ BOOL UnmountRegistryHive(const HKEY key, const char* pszHiveName)
{ {
LSTATUS status; LSTATUS status;
assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)); if_not_assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS))
return FALSE;
status = RegUnLoadKeyA(key, pszHiveName); status = RegUnLoadKeyA(key, pszHiveName);
if (status != ERROR_SUCCESS) { if (status != ERROR_SUCCESS) {

View file

@ -857,7 +857,8 @@ uint32_t ResolveDllAddress(dll_resolver_t* resolver)
// NB: SymLoadModuleEx() does not load a PDB unless the file has an explicit '.pdb' extension // NB: SymLoadModuleEx() does not load a PDB unless the file has an explicit '.pdb' extension
base_address = pfSymLoadModuleEx(hRufus, NULL, path, NULL, DEFAULT_BASE_ADDRESS, 0, NULL, 0); base_address = pfSymLoadModuleEx(hRufus, NULL, path, NULL, DEFAULT_BASE_ADDRESS, 0, NULL, 0);
assert(base_address == DEFAULT_BASE_ADDRESS); if_not_assert(base_address == DEFAULT_BASE_ADDRESS)
goto out;
// On Windows 11 ARM64 the following call will return *TWO* different addresses for the same // On Windows 11 ARM64 the following call will return *TWO* different addresses for the same
// call, because most Windows DLL's are ARM64X, which means that they are an unholy union of // call, because most Windows DLL's are ARM64X, which means that they are an unholy union of
// both X64 and ARM64 code in the same binary... // both X64 and ARM64 code in the same binary...

View file

@ -588,7 +588,8 @@ INT_PTR CALLBACK NotificationCallback(HWND hDlg, UINT message, WPARAM wParam, LP
return (INT_PTR)TRUE; return (INT_PTR)TRUE;
case IDC_MORE_INFO: case IDC_MORE_INFO:
if (notification_more_info != NULL) { if (notification_more_info != NULL) {
assert(notification_more_info->callback != NULL); if_not_assert(notification_more_info->callback != NULL)
return (INT_PTR)FALSE;
if (notification_more_info->id == MORE_INFO_URL) { if (notification_more_info->id == MORE_INFO_URL) {
ShellExecuteA(hDlg, "open", notification_more_info->url, NULL, NULL, SW_SHOWNORMAL); ShellExecuteA(hDlg, "open", notification_more_info->url, NULL, NULL, SW_SHOWNORMAL);
} else { } else {

View file

@ -575,7 +575,8 @@ void SetSectionHeaders(HWND hDlg)
memset(wtmp, 0, sizeof(wtmp)); memset(wtmp, 0, sizeof(wtmp));
GetWindowTextW(hCtrl, wtmp, ARRAYSIZE(wtmp) - 4); GetWindowTextW(hCtrl, wtmp, ARRAYSIZE(wtmp) - 4);
wlen = wcslen(wtmp); wlen = wcslen(wtmp);
assert(wlen < ARRAYSIZE(wtmp) - 2); if_not_assert(wlen < ARRAYSIZE(wtmp) - 2)
break;
wtmp[wlen++] = L' '; wtmp[wlen++] = L' ';
wtmp[wlen++] = L' '; wtmp[wlen++] = L' ';
SetWindowTextW(hCtrl, wtmp); SetWindowTextW(hCtrl, wtmp);

View file

@ -1006,8 +1006,9 @@ static DWORD WINAPI VhdSaveImageThread(void* param)
OVERLAPPED overlapped = { 0 }; OVERLAPPED overlapped = { 0 };
DWORD r = ERROR_NOT_FOUND, flags; DWORD r = ERROR_NOT_FOUND, flags;
assert(img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHD || if_not_assert(img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHD ||
img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHDX); img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHDX)
return ERROR_INVALID_PARAMETER;
UpdateProgressWithInfoInit(NULL, FALSE); UpdateProgressWithInfoInit(NULL, FALSE);

View file

@ -905,7 +905,8 @@ BOOL ApplyWindowsCustomization(char drive_letter, int flags)
// If we have a windowsPE section, copy the answer files to the root of boot.wim as // If we have a windowsPE section, copy the answer files to the root of boot.wim as
// Autounattend.xml. This also results in that file being automatically copied over // Autounattend.xml. This also results in that file being automatically copied over
// to %WINDIR%\Panther\unattend.xml for later passes processing. // to %WINDIR%\Panther\unattend.xml for later passes processing.
assert(mount_path != NULL); if_not_assert(mount_path != NULL)
goto out;
static_sprintf(path, "%s\\Autounattend.xml", mount_path); static_sprintf(path, "%s\\Autounattend.xml", mount_path);
if (!CopyFileU(unattend_xml_path, path, TRUE)) { if (!CopyFileU(unattend_xml_path, path, TRUE)) {
uprintf("Could not create boot.wim 'Autounattend.xml': %s", WindowsErrorString()); uprintf("Could not create boot.wim 'Autounattend.xml': %s", WindowsErrorString());