From e1c00435fa8b255d6da5053fd50e10dfbeff371b Mon Sep 17 00:00:00 2001 From: evoskuil Date: Tue, 21 Apr 2015 03:45:33 -0700 Subject: [PATCH 1/4] Add missing exports for zgossip and test. --- include/zgossip.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/zgossip.h b/include/zgossip.h index 57ef8bbcb..647cb28c0 100644 --- a/include/zgossip.h +++ b/include/zgossip.h @@ -80,11 +80,11 @@ extern "C" { // // This is the zgossip constructor as a zactor_fn: // -void +CZMQ_EXPORT void zgossip (zsock_t *pipe, void *args); // Self test of this class -void +CZMQ_EXPORT void zgossip_test (bool verbose); // @end From a302ba0404087c2310ea558bf5d179b074062179 Mon Sep 17 00:00:00 2001 From: evoskuil Date: Tue, 21 Apr 2015 03:45:48 -0700 Subject: [PATCH 2/4] Fix forcing to bool. --- src/zgossip_engine.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/zgossip_engine.inc b/src/zgossip_engine.inc index e9a753236..1a4d6ebd5 100644 --- a/src/zgossip_engine.inc +++ b/src/zgossip_engine.inc @@ -821,7 +821,7 @@ s_server_handle_pipe (zloop_t *loop, zsock_t *reader, void *argument) zconfig_put (self->config, path, value); if (streq (path, "server/animate")) { zsys_warning ("'%s' is deprecated, use VERBOSE command instead", path); - self->verbose = atoi (value); + self->verbose = atoi (value) != 0; } s_server_config_global (self); free (path); From 03a75b359c6ea43b40217245afadd679f35d9d87 Mon Sep 17 00:00:00 2001 From: evoskuil Date: Tue, 21 Apr 2015 04:42:13 -0700 Subject: [PATCH 3/4] Fix integer narrowing and sign mismatch issues. --- foreign/sha1/sha1.c | 6 +++--- foreign/slre/slre.c | 25 +++++++++++++------------ foreign/slre/slre.h | 4 ++-- src/zarmour.c | 16 ++++++++-------- src/zconfig.c | 16 +++++++++------- src/zdir.c | 2 +- src/zfile.c | 8 ++++++++ src/zgossip_msg.c | 2 +- src/zhash.c | 5 +++-- src/zhashx.c | 7 ++++--- src/zlist.c | 6 +++--- src/zlistx.c | 6 +++--- src/zloop.c | 8 ++++---- src/zrex.c | 4 ++-- src/zsock.c | 2 +- src/zstr.c | 2 +- src/zsys.c | 12 ++++++------ 17 files changed, 72 insertions(+), 59 deletions(-) diff --git a/foreign/sha1/sha1.c b/foreign/sha1/sha1.c index f221f1f35..2befaa73c 100644 --- a/foreign/sha1/sha1.c +++ b/foreign/sha1/sha1.c @@ -243,14 +243,14 @@ sha1_pad(struct sha1_ctxt * ctxt) if (padlen < 8) { memset(&ctxt->m.b8[padstart], 0, padlen); - COUNT += padlen; + COUNT += (uint8_t) padlen; COUNT %= 64; sha1_step(ctxt); padstart = COUNT % 64; /* should be 0 */ padlen = 64 - padstart; /* should be 64 */ } memset(&ctxt->m.b8[padstart], 0, padlen - 8); - COUNT += (padlen - 8); + COUNT += ((uint8_t) padlen - 8); COUNT %= 64; #ifdef WORDS_BIGENDIAN PUTPAD(ctxt->c.b8[0]); @@ -292,7 +292,7 @@ sha1_loop(struct sha1_ctxt * ctxt, const uint8_t *input0, size_t len) copysiz = (gaplen < len - off) ? gaplen : len - off; memmove(&ctxt->m.b8[gapstart], &input[off], copysiz); - COUNT += copysiz; + COUNT += (uint8_t) copysiz; COUNT %= 64; ctxt->c.b64[0] += copysiz * 8; if (COUNT % 64 == 0) diff --git a/foreign/slre/slre.c b/foreign/slre/slre.c index 55f39a89f..5b508476e 100644 --- a/foreign/slre/slre.c +++ b/foreign/slre/slre.c @@ -404,12 +404,12 @@ slre_compile (struct slre *r, const char *re) } static int -match (const struct slre *, int, const char *, int, int *, struct cap *); +match (const struct slre *, int, const char *, size_t, size_t *, struct cap *); static void -loop_greedy (const struct slre *r, int pc, const char *s, int len, int *ofs) +loop_greedy (const struct slre *r, int pc, const char *s, size_t len, size_t *ofs) { - int saved_offset, matched_offset; + size_t saved_offset, matched_offset; saved_offset = matched_offset = *ofs; @@ -424,9 +424,9 @@ loop_greedy (const struct slre *r, int pc, const char *s, int len, int *ofs) } static void -loop_non_greedy (const struct slre *r, int pc, const char *s,int len, int *ofs) +loop_non_greedy (const struct slre *r, int pc, const char *s, size_t len, size_t *ofs) { - int saved_offset = *ofs; + size_t saved_offset = *ofs; while (match (r, pc + 2, s, len, ofs, NULL)) { saved_offset = *ofs; @@ -438,7 +438,7 @@ loop_non_greedy (const struct slre *r, int pc, const char *s,int len, int *ofs) } static int -is_any_of (const unsigned char *p, int len, const char *s, int *ofs) +is_any_of (const unsigned char *p, int len, const char *s, size_t *ofs) { int i, ch; @@ -454,7 +454,7 @@ is_any_of (const unsigned char *p, int len, const char *s, int *ofs) } static int -is_any_but (const unsigned char *p, int len, const char *s, int *ofs) +is_any_but (const unsigned char *p, int len, const char *s, size_t *ofs) { int i, ch; @@ -469,9 +469,10 @@ is_any_but (const unsigned char *p, int len, const char *s, int *ofs) } static int -match (const struct slre *r, int pc, const char *s, int len, int *ofs, struct cap *caps) +match (const struct slre *r, int pc, const char *s, size_t len, size_t *ofs, struct cap *caps) { - int n, saved_offset, res = 1; + int res = 1; + size_t n, saved_offset; while (res && r->code [pc] != END) { assert (pc < r->code_size); @@ -642,14 +643,14 @@ match (const struct slre *r, int pc, const char *s, int len, int *ofs, struct ca } int -slre_match (const struct slre *r, const char *buf, int len, struct cap *caps) +slre_match(const struct slre *r, const char *buf, size_t len, struct cap *caps) { - int ofs = 0; int res = 0; + size_t ofs = 0; if (r->anchored) res = match (r, 0, buf, len, &ofs, caps); else { - int i; + size_t i; for (i = 0; i < len && res == 0; i++) { ofs = i; res = match (r, 0, buf, len, &ofs, caps); diff --git a/foreign/slre/slre.h b/foreign/slre/slre.h index 54877642d..98bdf69aa 100644 --- a/foreign/slre/slre.h +++ b/foreign/slre/slre.h @@ -67,7 +67,7 @@ struct slre { */ struct cap { const char *ptr; /* Pointer to the substring */ - int len; /* Substring length */ + size_t len; /* Substring length */ }; /* @@ -86,7 +86,7 @@ int slre_compile(struct slre *, const char *re); * hold all captures. The caller function must make sure it is! So, the * array_size = number_of_round_bracket_pairs + 1 */ -int slre_match(const struct slre *, const char *buf, int buf_len, +int slre_match(const struct slre *, const char *buf, size_t buf_len, struct cap *captured_substrings); #endif /* SLRE_HEADER_DEFINED */ diff --git a/src/zarmour.c b/src/zarmour.c index c9fba6fab..1a16926d9 100644 --- a/src/zarmour.c +++ b/src/zarmour.c @@ -209,9 +209,9 @@ s_base64_encode (const byte *data, size_t length, const char *alphabet, bool pad static byte * -s_base64_decode (const char *data, size_t *size, const char *alphabet, int linebreakchars) +s_base64_decode (const char *data, size_t *size, const char *alphabet, size_t linebreakchars) { - int length = strlen (data); + size_t length = strlen (data); while (length > 0 && !strchr (alphabet, data[length - 1])) --length; const byte *needle = (const byte *) data, *ceiling = (const byte *) (data + length); length -= linebreakchars; @@ -302,7 +302,7 @@ s_base32_encode (const byte *data, size_t length, const char *alphabet, bool pad static byte * -s_base32_decode (const char *data, size_t *size, const char *alphabet, int linebreakchars) +s_base32_decode (const char *data, size_t *size, const char *alphabet, size_t linebreakchars) { size_t length = strlen (data); while (length > 0 && !strchr (alphabet, _UPPER_CASE(data[length - 1]))) --length; @@ -372,9 +372,9 @@ s_base16_encode (const byte *data, size_t length, const char *alphabet) } static byte * -s_base16_decode (const char *data, size_t *size, const char *alphabet, int linebreakchars) +s_base16_decode (const char *data, size_t *size, const char *alphabet, size_t linebreakchars) { - int length = strlen (data); + size_t length = strlen (data); const byte *needle = (const byte *) data, *ceiling = (const byte *) (data + length); length -= linebreakchars; *size = length / 2 + 1; @@ -418,7 +418,7 @@ s_z85_decode (const char *data, size_t *size) { assert (data); assert (size); - int length = strlen (data); + size_t length = strlen (data); assert (length % 5 == 0); *size = 4 * length / 5 + 1; byte *bytes = (byte *) zmalloc (*size); @@ -475,7 +475,7 @@ zarmour_encode (zarmour_t *self, const byte *data, size_t data_size) if (self->line_breaks && self->line_length > 0 && strlen (encoded) > self->line_length) { #endif char *line_end = self->line_end; - int nbr_lines = strlen (encoded) / self->line_length; + size_t nbr_lines = strlen (encoded) / self->line_length; size_t new_length = nbr_lines * (self->line_length + strlen (line_end)) + strlen (encoded) % self->line_length; @@ -513,7 +513,7 @@ zarmour_decode (zarmour_t *self, const char *data, size_t *decode_size) assert (data); assert (decode_size); - int linebreakchars = 0; + size_t linebreakchars = 0; char *line_end = self->line_end; const char *pos = data; while ((pos = strstr (pos, line_end))) { diff --git a/src/zconfig.c b/src/zconfig.c index 496ef071a..a093e8f85 100644 --- a/src/zconfig.c +++ b/src/zconfig.c @@ -173,7 +173,7 @@ zconfig_put (zconfig_t *self, const char *path, const char *value) // Check length of next path segment const char *slash = strchr (path, '/'); - int length = strlen (path); + size_t length = strlen (path); if (slash) length = slash - path; @@ -287,7 +287,7 @@ zconfig_locate (zconfig_t *self, const char *path) if (*path == '/') path++; const char *slash = strchr (path, '/'); - int length = strlen (path); + size_t length = strlen (path); if (slash) length = slash - path; @@ -462,9 +462,10 @@ s_config_printf (zconfig_t *self, void *arg, char *format, ...) else fprintf ((FILE *) arg, "%s", string); } - int size = strlen (string); + size_t size = strlen (string); free (string); - return size; + assert(size <= INT_MAX); + return (int) size; } @@ -613,7 +614,7 @@ zconfig_chunk_load (zchunk_t *chunk) remaining -= cur_size + (eoln? 1: 0); // Trim line - int length = strlen (cur_line); + size_t length = strlen (cur_line); while (length && isspace ((byte) cur_line [length - 1])) cur_line [--length] = 0; @@ -682,13 +683,14 @@ s_collect_level (char **start, int lineno) char *readptr = *start; while (*readptr == ' ') readptr++; - int level = (readptr - *start) / 4; + ptrdiff_t level = (readptr - *start) / 4; if (level * 4 != readptr - *start) { zclock_log ("E (zconfig): (%d) indent 4 spaces at once", lineno); level = -1; } *start = readptr; - return level; + assert (level <= INT_MAX); + return (int) level; } // Collect property name diff --git a/src/zdir.c b/src/zdir.c index 7d313d5d7..b328799bc 100644 --- a/src/zdir.c +++ b/src/zdir.c @@ -318,7 +318,7 @@ static int s_file_compare (void *item1, void *item2); zfile_t ** zdir_flatten (zdir_t *self) { - int flat_size; + size_t flat_size; if (self) flat_size = self->count + 1; else diff --git a/src/zfile.c b/src/zfile.c index f3228a343..236be557b 100644 --- a/src/zfile.c +++ b/src/zfile.c @@ -538,7 +538,15 @@ zfile_digest (zfile_t *self) zdigest_update (self->digest, zchunk_data (chunk), zchunk_size (chunk)); zchunk_destroy (&chunk); + +#ifdef _MSC_VER + // off_t is defined as long (32 bit on Windows, 64 bit otherwise) + assert (blocksz <= INT_MAX - offset); + offset += (off_t) blocksz; +#else offset += blocksz; +#endif + chunk = zfile_read (self, blocksz, offset); } zchunk_destroy (&chunk); diff --git a/src/zgossip_msg.c b/src/zgossip_msg.c index 8838d7343..9edd8487c 100644 --- a/src/zgossip_msg.c +++ b/src/zgossip_msg.c @@ -155,7 +155,7 @@ struct _zgossip_msg_t { // Put a string to the frame #define PUT_STRING(host) { \ size_t string_size = strlen (host); \ - PUT_NUMBER1 (string_size); \ + PUT_NUMBER1 ((byte) string_size); \ memcpy (self->needle, (host), string_size); \ self->needle += string_size; \ } diff --git a/src/zhash.c b/src/zhash.c index 196ccff8c..625ae2081 100644 --- a/src/zhash.c +++ b/src/zhash.c @@ -36,7 +36,7 @@ typedef struct _item_t { void *value; // Opaque item value struct _item_t *next; // Next item in the hash slot - qbyte index; // Index of item in table + size_t index; // Index of item in table char *key; // Item's original key zhash_free_fn *free_fn; // Value free function if any } item_t; @@ -703,7 +703,8 @@ zhash_pack (zhash_t *self) needle += strlen ((char *) item->key); // Store value as longstr - *(uint32_t *) needle = htonl (strlen ((char *) item->value)); + size_t length = strlen ((char *) item->value); + *(uint32_t *) needle = htonl ((u_long) length); needle += 4; memcpy (needle, (char *) item->value, strlen ((char *) item->value)); needle += strlen ((char *) item->value); diff --git a/src/zhashx.c b/src/zhashx.c index bd8139d27..74485a485 100644 --- a/src/zhashx.c +++ b/src/zhashx.c @@ -42,7 +42,7 @@ typedef struct _item_t { void *value; // Opaque item value struct _item_t *next; // Next item in the hash slot - qbyte index; // Index of item in table + size_t index; // Index of item in table const void *key; // Item's original key // Supporting deprecated v2 functionality; we can't quite replace // this with strdup/zstr_free as zhashx_insert also uses autofree. @@ -824,7 +824,7 @@ zhashx_pack (zhashx_t *self) return NULL; byte *needle = zframe_data (frame); // Store size as number-4 - *(uint32_t *) needle = htonl ((uint32_t) self->size); + *(uint32_t *) needle = htonl ((u_long) self->size); needle += 4; for (index = 0; index < limit; index++) { item_t *item = self->items [index]; @@ -835,7 +835,8 @@ zhashx_pack (zhashx_t *self) needle += strlen ((char *) item->key); // Store value as longstr - *(uint32_t *) needle = htonl (strlen ((char *) item->value)); + size_t lenth = strlen ((char *) item->value); + *(uint32_t *) needle = htonl ((u_long) lenth); needle += 4; memcpy (needle, (char *) item->value, strlen ((char *) item->value)); needle += strlen ((char *) item->value); diff --git a/src/zlist.c b/src/zlist.c index bc78e17f2..943445185 100644 --- a/src/zlist.c +++ b/src/zlist.c @@ -390,14 +390,14 @@ zlist_sort (zlist_t *self, zlist_compare_fn *compare) compare = self->compare_fn; // Uses a comb sort, which is simple and reasonably fast. // See http://en.wikipedia.org/wiki/Comb_sort - int gap = self->size; + size_t gap = self->size; bool swapped = false; while (gap > 1 || swapped) { if (gap > 1) - gap = (int) ((double) gap / 1.3); + gap = (size_t) ((double) gap / 1.3); node_t *base = self->head; node_t *test = self->head; - int jump = gap; + size_t jump = gap; while (jump--) test = test->next; diff --git a/src/zlistx.c b/src/zlistx.c index 74bcb2538..ae1d34376 100644 --- a/src/zlistx.c +++ b/src/zlistx.c @@ -449,13 +449,13 @@ zlistx_sort (zlistx_t *self) // Uses a comb sort, which is simple and reasonably fast // See http://en.wikipedia.org/wiki/Comb_sort assert (self); - int gap = self->size; + size_t gap = self->size; bool swapped = false; while (gap > 1 || swapped) { - gap = (int) ((double) gap / 1.3); + gap = (size_t) ((double) gap / 1.3); node_t *base = self->head->next; node_t *test = self->head->next; - int jump = gap; + size_t jump = gap; while (jump--) test = test->next; diff --git a/src/zloop.c b/src/zloop.c index 9b13a08a5..617e50289 100644 --- a/src/zloop.c +++ b/src/zloop.c @@ -368,8 +368,8 @@ zloop_destroy (zloop_t **self_p) // a zombie list while (zlistx_first (self->zombies)) { // Get timer_id back from pointer - int timer_id = (byte *) zlistx_detach (self->zombies, NULL) - (byte *) NULL; - s_timer_remove (self, timer_id); + ptrdiff_t timer_id = (byte *) zlistx_detach (self->zombies, NULL) - (byte *) NULL; + s_timer_remove (self, (int) timer_id); } zlistx_destroy (&self->zombies); zlistx_destroy (&self->readers); @@ -859,8 +859,8 @@ zloop_start (zloop_t *self) // a faster lookup on the timer list. while (zlistx_first (self->zombies)) { // Get timer_id back from pointer - int timer_id = (byte *) zlistx_detach (self->zombies, NULL) - (byte *) NULL; - s_timer_remove (self, timer_id); + ptrdiff_t timer_id = (byte *) zlistx_detach (self->zombies, NULL) - (byte *) NULL; + s_timer_remove (self, (int) timer_id); } if (rc == -1) break; diff --git a/src/zrex.c b/src/zrex.c index 1df6ba603..2928c795d 100644 --- a/src/zrex.c +++ b/src/zrex.c @@ -56,7 +56,7 @@ struct _zrex_t { bool valid; // Is expression valid or not? const char *strerror; // Error message if any uint hits; // Number of hits matched - uint hit_set_len; // Length of hit set + size_t hit_set_len; // Length of hit set char *hit_set; // Captured hits as single string char *hit [MAX_HITS]; // Pointers into hit_set struct cap caps [MAX_HITS]; // Position/length for each hit @@ -149,7 +149,7 @@ zrex_matches (zrex_t *self, const char *text) // memory holding all hits as null-terminated strings uint index; // First count total length of hit strings - uint hit_set_len = 0; + size_t hit_set_len = 0; for (index = 0; index < self->hits; index++) hit_set_len += self->caps [index].len + 1; if (hit_set_len > self->hit_set_len) { diff --git a/src/zsock.c b/src/zsock.c index 966d5f3f5..df792bd12 100644 --- a/src/zsock.c +++ b/src/zsock.c @@ -1173,7 +1173,7 @@ zsock_bsend (void *self, const char *picture, ...) if (!string) string = ""; size_t string_size = strlen (string); - PUT_NUMBER1 (string_size); + PUT_NUMBER1 ((byte) string_size); memcpy (needle, string, string_size); needle += string_size; } diff --git a/src/zstr.c b/src/zstr.c index d66e5d9ed..968ca3121 100644 --- a/src/zstr.c +++ b/src/zstr.c @@ -38,7 +38,7 @@ s_send_string (void *dest, bool more, char *string) assert (dest); void *handle = zsock_resolve (dest); - int len = strlen (string); + size_t len = strlen (string); zmq_msg_t message; zmq_msg_init_size (&message, len); memcpy (zmq_msg_data (&message), string, len); diff --git a/src/zsys.c b/src/zsys.c index 7cf1ed88d..2c0b896a6 100644 --- a/src/zsys.c +++ b/src/zsys.c @@ -182,7 +182,7 @@ zsys_init (void) #if (ZMQ_VERSION >= ZMQ_MAKE_VERSION (3, 2, 0)) // TODO: this causes TravisCI to break; libzmq does not return a // valid socket on zmq_socket(), after this... - zmq_ctx_set (s_process_ctx, ZMQ_MAX_SOCKETS, s_max_sockets); + zmq_ctx_set (s_process_ctx, ZMQ_MAX_SOCKETS, (int) s_max_sockets); #endif s_initialized = true; @@ -1165,7 +1165,7 @@ zsys_set_io_threads (size_t io_threads) #if (ZMQ_VERSION >= ZMQ_MAKE_VERSION (3, 2, 0)) // TODO: this causes TravisCI to break; libzmq does not return a // valid socket on zmq_socket(), after this... - zmq_ctx_set (s_process_ctx, ZMQ_MAX_SOCKETS, s_max_sockets); + zmq_ctx_set (s_process_ctx, ZMQ_MAX_SOCKETS, (int) s_max_sockets); #endif ZMUTEX_UNLOCK (s_mutex); } @@ -1197,13 +1197,13 @@ zsys_set_max_sockets (size_t max_sockets) size_t zsys_socket_limit (void) { - int socket_limit; + size_t socket_limit; #if (ZMQ_VERSION >= ZMQ_MAKE_VERSION (4, 1, 0)) if (s_process_ctx) - socket_limit = zmq_ctx_get (s_process_ctx, ZMQ_SOCKET_LIMIT); + socket_limit = (size_t) zmq_ctx_get (s_process_ctx, ZMQ_SOCKET_LIMIT); else { void *ctx = zmq_init (1); - socket_limit = zmq_ctx_get (ctx, ZMQ_SOCKET_LIMIT); + socket_limit = (size_t) zmq_ctx_get (ctx, ZMQ_SOCKET_LIMIT); zmq_term (ctx); } // ZeroMQ used to report a nonsense value (2^31) which if used would @@ -1214,7 +1214,7 @@ zsys_socket_limit (void) #else socket_limit = 1024; #endif - return (size_t) socket_limit; + return socket_limit; } From 298637c4688aef6f325e9bb44782b5334c509666 Mon Sep 17 00:00:00 2001 From: evoskuil Date: Tue, 21 Apr 2015 04:53:41 -0700 Subject: [PATCH 4/4] Replace assertion overflow guards with failure returns. --- src/zconfig.c | 10 +++++++--- src/zfile.c | 10 ++++------ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/zconfig.c b/src/zconfig.c index a093e8f85..84564226f 100644 --- a/src/zconfig.c +++ b/src/zconfig.c @@ -464,7 +464,9 @@ s_config_printf (zconfig_t *self, void *arg, char *format, ...) } size_t size = strlen (string); free (string); - assert(size <= INT_MAX); + if (size > INT_MAX) + return -1; + return (int) size; } @@ -675,7 +677,7 @@ zconfig_chunk_load (zchunk_t *chunk) } -// Count and verify indentation level, -1 means a syntax error +// Count and verify indentation level, -1 means a syntax error or overflow static int s_collect_level (char **start, int lineno) @@ -689,7 +691,9 @@ s_collect_level (char **start, int lineno) level = -1; } *start = readptr; - assert (level <= INT_MAX); + if (level > INT_MAX) + return -1; + return (int) level; } diff --git a/src/zfile.c b/src/zfile.c index 236be557b..a4e47f3ff 100644 --- a/src/zfile.c +++ b/src/zfile.c @@ -539,14 +539,12 @@ zfile_digest (zfile_t *self) zchunk_data (chunk), zchunk_size (chunk)); zchunk_destroy (&chunk); -#ifdef _MSC_VER // off_t is defined as long (32 bit on Windows, 64 bit otherwise) - assert (blocksz <= INT_MAX - offset); - offset += (off_t) blocksz; -#else - offset += blocksz; -#endif + // This guards against overflow in both contexts. + if (blocksz > LONG_MAX - offset) + return NULL; + offset += (off_t) blocksz; chunk = zfile_read (self, blocksz, offset); } zchunk_destroy (&chunk);