From 1dc1ec04ee7b72353e182b67e8d4e1030f418cb8 Mon Sep 17 00:00:00 2001 From: pancake Date: Mon, 22 Dec 2025 19:35:39 +0100 Subject: [PATCH] Fix a bunch of undefined values, duplicated checks spotted by clang-analyzer --- libr/anal/fcn.c | 4 +-- libr/arch/p/arm/armass64.c | 4 +-- libr/arch/p/lua/lua53.c | 26 +++++++------- libr/arch/p/lua/plugin.c | 6 ++-- libr/arch/p/nds32/nds32-dis.h | 3 +- libr/arch/p/or1k/plugin.c | 2 +- libr/arch/p/tms320/gnu/tic6x-dis.c | 3 +- libr/bin/format/mach0/dsc.c | 17 ++++----- libr/core/cconfig.c | 6 +--- libr/core/cio.c | 6 +++- libr/core/cmd.c | 2 +- libr/core/core.c | 2 +- libr/fs/p/fs_apfs.c | 5 ++- libr/muta/charset.c | 15 ++++---- libr/util/bdiff.c | 55 ++++++++++++++---------------- libr/util/str.c | 16 +++++---- libr/util/strbuf.c | 4 ++- shlr/grub/fs/hfsplus.c | 4 +-- shlr/grub/fs/reiserfs.c | 2 +- 19 files changed, 87 insertions(+), 95 deletions(-) diff --git a/libr/anal/fcn.c b/libr/anal/fcn.c index 3bb5059fb0..b1e4bc4e64 100644 --- a/libr/anal/fcn.c +++ b/libr/anal/fcn.c @@ -1804,8 +1804,8 @@ analopfinish: } break; case R_ANAL_OP_TYPE_UPUSH: - if ((op->type & R_ANAL_OP_TYPE_REG) && last_is_reg_mov_lea && src0 && src0->reg - && src0->reg && !strcmp (src0->reg, last_reg_mov_lea_name)) { + if ((op->type & R_ANAL_OP_TYPE_REG) && last_is_reg_mov_lea \ + && (src0 && src0->reg && !strcmp (src0->reg, last_reg_mov_lea_name))) { last_is_push = true; last_push_addr = last_reg_mov_lea_val; if (anal->iob.is_valid_offset (anal->iob.io, last_push_addr, 1)) { diff --git a/libr/arch/p/arm/armass64.c b/libr/arch/p/arm/armass64.c index b65a192f48..a0742d91ef 100644 --- a/libr/arch/p/arm/armass64.c +++ b/libr/arch/p/arm/armass64.c @@ -563,8 +563,8 @@ static ut32 ngc(ArmOp *op) { static ut32 rev(ArmOp *op) { ut32 data = UT32_MAX; int k = 0; - const bool reg64 = op->operands[0].reg_type & ARM_REG64 && op->operands[0].reg_type & ARM_REG64; - const bool reg32 = op->operands[0].reg_type & ARM_REG32 && op->operands[0].reg_type & ARM_REG32; + const bool reg64 = op->operands[0].reg_type & ARM_REG64; + const bool reg32 = op->operands[0].reg_type & ARM_REG32; check_cond (op->operands[0].type == ARM_GPR); check_cond (op->operands[1].type == ARM_GPR); diff --git a/libr/arch/p/lua/lua53.c b/libr/arch/p/lua/lua53.c index cf9e3a65ac..a6de4c056d 100644 --- a/libr/arch/p/lua/lua53.c +++ b/libr/arch/p/lua/lua53.c @@ -5,7 +5,7 @@ #include "lua53.h" typedef struct plugin_data_t { - ut32 *current_write_prt; + ut32 instructions[256]; ut32 current_write_index; } PluginData; @@ -115,7 +115,7 @@ static int parseNextInstruction(PluginData *state, const char *str) { chars_skipped += j; R_LOG_DEBUG ("Opcode %i Instruction %s", i, instruction_names[i]); - SET_OPCODE (state->current_write_prt[state->current_write_index], i); // sets the opcode + SET_OPCODE (state->instructions[state->current_write_index], i); // sets the opcode doParse1 (state, chars_skipped, parseParameters, str, i); // Parse parameters @@ -237,22 +237,22 @@ static int parseParameter(PluginData *state, const char *str, Parameter paramete } switch (parameter) { case PARAMETER_A: - SETARG_A (state->current_write_prt[state->current_write_index], resultingNumber); + SETARG_A (state->instructions[state->current_write_index], resultingNumber); break; case PARAMETER_B: - SETARG_B (state->current_write_prt[state->current_write_index], resultingNumber); + SETARG_B (state->instructions[state->current_write_index], resultingNumber); break; case PARAMETER_C: - SETARG_C (state->current_write_prt[state->current_write_index], resultingNumber); + SETARG_C (state->instructions[state->current_write_index], resultingNumber); break; case PARAMETER_Ax: - SETARG_Ax (state->current_write_prt[state->current_write_index], resultingNumber); + SETARG_Ax (state->instructions[state->current_write_index], resultingNumber); break; case PARAMETER_Bx: - SETARG_Bx (state->current_write_prt[state->current_write_index], resultingNumber); + SETARG_Bx (state->instructions[state->current_write_index], resultingNumber); break; case PARAMETER_sBx: - SETARG_sBx (state->current_write_prt[state->current_write_index], resultingNumber); + SETARG_sBx (state->instructions[state->current_write_index], resultingNumber); break; } return skipped_chars; @@ -396,29 +396,27 @@ int main(int argc, char **argv) { char *c = "move 1 2\n forprep 13 -2"; int p = 0; PluginData state = {0}; - state.current_write_prt = malloc (8); eprintf ("Parsing String: %s\n", c); eprintf ("-----------------------\n"); doParse0 (state, p, parseNextInstruction, c, (int) strlen (c)); eprintf ("Parsed Characters %i\n", p); - eprintf ("%d %08x\n", state.current_write_index, current_write_prt[state.current_write_index - 1]); + eprintf ("%d %08x\n", state.current_write_index, state.instructions[state.current_write_index - 1]); eprintf ("------------\n"); doParse0 (state, p, parseNextInstruction, c, (int) strlen (c)); eprintf ("Parsed Characters %i\n", p); - eprintf ("%d %08x\n", state.current_write_index, current_write_prt[state.current_write_index - 1]); + eprintf ("%d %08x\n", state.current_write_index, state.instructions[state.current_write_index - 1]); eprintf ("------------\n"); RAsmOp *asmOp = (RAsmOp *) malloc (sizeof (RAsmOp)); - int advanced = lua53dissasm (&state, asmOp, (const char *) current_write_prt, 4); + int advanced = lua53dissasm (&state, asmOp, (const ut8 *) state.instructions, 4); eprintf ("%s\n", asmOp->buf_asm); - lua53dissasm (&state, asmOp, (const char *) current_write_prt + advanced, 4); + lua53dissasm (&state, asmOp, (const ut8 *) state.instructions + advanced, 4); eprintf ("%s\n", asmOp->buf_asm); - free (state.current_write_prt); return 0; } #endif // MAIN_ASM diff --git a/libr/arch/p/lua/plugin.c b/libr/arch/p/lua/plugin.c index 499cd2224c..9f6e85318e 100644 --- a/libr/arch/p/lua/plugin.c +++ b/libr/arch/p/lua/plugin.c @@ -10,8 +10,6 @@ static bool encode(RArchSession *as, RAnalOp *op, RArchEncodeMask mask) { PluginData *pd = as->data; int parsed = 0; - ut32 instruction; - pd->current_write_prt = &instruction; pd->current_write_index = 0; doParse0 (pd, parsed, parseNextInstruction, op->mnemonic); @@ -21,9 +19,9 @@ static bool encode(RArchSession *as, RAnalOp *op, RArchEncodeMask mask) { if (!op->bytes) { return false; } - setInstruction (instruction, op->bytes); + setInstruction (pd->instructions[0], op->bytes); - R_LOG_DEBUG ("parsed: %d instruction: %d", parsed, instruction); + R_LOG_DEBUG ("parsed: %d instruction: %d", parsed, pd->instructions[0]); return true; } diff --git a/libr/arch/p/nds32/nds32-dis.h b/libr/arch/p/nds32/nds32-dis.h index 0eb06d23fe..f78592eabf 100644 --- a/libr/arch/p/nds32/nds32-dis.h +++ b/libr/arch/p/nds32/nds32-dis.h @@ -640,8 +640,7 @@ print_insn32_alu1 (bfd_vma pc ATTRIBUTE_UNUSED, disassemble_info *info, uint32_t mnemonic_alu1[op], gpr_map[rt], gpr_map[ra], gpr_map[rb]); return; case 0x9: /* srli */ - if (ra ==0 && rb == 0 && rb==0) - { + if (ra ==0 && rb == 0) { func (stream, "nop"); return; } diff --git a/libr/arch/p/or1k/plugin.c b/libr/arch/p/or1k/plugin.c index 8d1a6a0af5..ab82573547 100644 --- a/libr/arch/p/or1k/plugin.c +++ b/libr/arch/p/or1k/plugin.c @@ -184,7 +184,7 @@ static int insn_to_op(struct or1k_regs *regs, RAnalOp *op, ut64 addr, insn_t *de o.rd = get_operand_value (insn, type_descr, INSN_OPER_D); o.ra = get_operand_value (insn, type_descr, INSN_OPER_A); o.i = get_operand_value (insn, type_descr, INSN_OPER_I); - if (regs->cpu_enable & (1 << o.ra) & regs->cpu_enable & (1 << o.rd)) { + if (regs->cpu_enable & (1 << o.ra) && regs->cpu_enable & (1 << o.rd)) { regs->cpu[o.rd] = regs->cpu[o.ra] | o.i; regs->cpu_enable |= (1 << o.rd); op->ptr = regs->cpu[o.rd]; diff --git a/libr/arch/p/tms320/gnu/tic6x-dis.c b/libr/arch/p/tms320/gnu/tic6x-dis.c index 5b5e407b37..1dc43cbbd6 100644 --- a/libr/arch/p/tms320/gnu/tic6x-dis.c +++ b/libr/arch/p/tms320/gnu/tic6x-dis.c @@ -1105,8 +1105,7 @@ print_insn_tic6x (bfd_vma addr, struct disassemble_info *info) mem_base_reg_known = true; mem_base_reg = 15; } - if ( enc->coding_method == tic6x_coding_mem_offset_noscale - || enc->coding_method == tic6x_coding_mem_offset_noscale ) + if (enc->coding_method == tic6x_coding_mem_offset_noscale) mem_scaled = false; } break; diff --git a/libr/bin/format/mach0/dsc.c b/libr/bin/format/mach0/dsc.c index 0cfd324a7e..f7db9de1bc 100644 --- a/libr/bin/format/mach0/dsc.c +++ b/libr/bin/format/mach0/dsc.c @@ -41,21 +41,19 @@ static void dsc_header_free(RDSCHeader * self) { free (self); } -static bool dsc_header_get_field(RDSCHeader * self, const char * name, ut8 * out_value, size_t size) { - ut64 cursor; - ut64 data_len; +static bool dsc_header_get_field(RDSCHeader *self, const char *name, ut8 *out_value, size_t size) { const RDSCField * field; ut8 tmp[32]; - data_len = r_buf_size (self->buf); - cursor = 0; - + ut64 data_len = r_buf_size (self->buf); + ut64 cursor = 0; + // Initialize out value to avoid UB + memset (out_value, 0, size); for (field = self->fields; field->name != NULL && cursor < data_len; field++) { st64 field_size = r_buf_fread_at (self->buf, cursor, tmp, field->format, 1); if (field_size < 0) { return false; } - if (!strcmp (field->name, name)) { if (size < field_size) { return false; @@ -63,18 +61,17 @@ static bool dsc_header_get_field(RDSCHeader * self, const char * name, ut8 * out memcpy (out_value, tmp, field_size); return true; } - cursor += field_size; } return false; } -static bool dsc_header_get_u64(RDSCHeader * self, const char * name, ut64 * out_value) { +static bool dsc_header_get_u64(RDSCHeader *self, const char *name, ut64 *out_value) { return dsc_header_get_field (self, name, (ut8 *) out_value, sizeof (ut64)); } -static bool dsc_header_get_u32(RDSCHeader * self, const char * name, ut32 * out_value) { +static bool dsc_header_get_u32(RDSCHeader *self, const char *name, ut32 *out_value) { return dsc_header_get_field (self, name, (ut8 *) out_value, sizeof (ut32)); } diff --git a/libr/core/cconfig.c b/libr/core/cconfig.c index 86ea10bff9..dbda726878 100644 --- a/libr/core/cconfig.c +++ b/libr/core/cconfig.c @@ -767,13 +767,9 @@ static bool cb_asmarch(void *user, void *data) { return false; } r_config_set (core->config, "asm.parser", node->value); - - if (core->anal->cur && ! (core->anal->config->bits & core->anal->config->bits)) { - r_config_set_i (core->config, "asm.bits", bits); - } else if (core->anal->cur && ! (core->rasm->config->bits & core->anal->config->bits)) { + if (core->anal->cur && ! (core->rasm->config->bits & core->anal->config->bits)) { r_config_set_i (core->config, "asm.bits", bits); } - r_debug_set_arch (core->dbg, node->value, bits); if (!r_config_set (core->config, "anal.arch", node->value)) { char *p, *s = strdup (node->value); diff --git a/libr/core/cio.c b/libr/core/cio.c index ceac69f78c..3e56bb77a5 100644 --- a/libr/core/cio.c +++ b/libr/core/cio.c @@ -315,7 +315,11 @@ R_API ut8* r_core_transform_op(RCore *core, const char *arg, char op) { case 's': buf[i] -= str[j]; break; case 'm': buf[i] *= str[j]; break; case 'w': buf[i] = str[j]; break; - case 'd': buf[i] = (str[j])? (buf[i] / str[j]): 0; break; + case 'd': { + ut8 divisor = str[j]; + buf[i] = divisor ? (buf[i] / divisor) : 0; + break; + } case 'r': buf[i] >>= str[j]; break; case 'l': buf[i] <<= str[j]; break; case 'o': buf[i] |= str[j]; break; diff --git a/libr/core/cmd.c b/libr/core/cmd.c index 4deab8010b..f4bcfc591a 100644 --- a/libr/core/cmd.c +++ b/libr/core/cmd.c @@ -3985,7 +3985,7 @@ static int r_core_cmd_subst(RCore *core, char *cmd) { if (R_UNLIKELY (r_str_startswith (cmd, "GET /cmd/"))) { memmove (cmd, cmd + 9, strlen (cmd + 9) + 1); char *http = strstr (cmd, "HTTP"); - if (http) { + if (http && http > cmd) { *http = 0; http--; if (*http == ' ') { diff --git a/libr/core/core.c b/libr/core/core.c index bee8883195..9bd2b19b74 100644 --- a/libr/core/core.c +++ b/libr/core/core.c @@ -3664,7 +3664,7 @@ reaccept: if (!r_str_ncpy (line, "ET /cmd/", 8)) { char *cmd = line + 8; char *http = strstr (cmd, "HTTP"); - if (http) { + if (http && http > cmd) { *http = 0; http--; if (*http == ' ') { diff --git a/libr/fs/p/fs_apfs.c b/libr/fs/p/fs_apfs.c index 161162b091..66d45724e2 100644 --- a/libr/fs/p/fs_apfs.c +++ b/libr/fs/p/fs_apfs.c @@ -632,7 +632,10 @@ static bool apfs_resolve_omap_btree_node(ApfsFS *ctx, ut64 node_oid, ut64 target static bool apfs_resolve_omap(ApfsFS *ctx, ut64 oid, ut64 *paddr) { R_LOG_DEBUG ("apfs_resolve_omap: resolving OID %" PFMT64u ", omap_tree_oid=%" PFMT64u, oid, ctx->omap_tree_oid); - if (!ctx->omap_tree_oid) { + + if (ctx->omap_tree_oid) { + *paddr = 0; + } else { // Direct mapping for simple cases *paddr = oid; R_LOG_DEBUG ("apfs_resolve_omap: direct mapping to paddr %" PFMT64u, *paddr); diff --git a/libr/muta/charset.c b/libr/muta/charset.c index d2950051cc..2a3a37c10f 100644 --- a/libr/muta/charset.c +++ b/libr/muta/charset.c @@ -198,22 +198,21 @@ R_API ut8 *r_muta_charset_encode_ex(const ut8 *in, int in_len, int *out_len, con int byte_len = 0; const ut8 *bytes = r_muta_charset_lookup_encode (table, tok, &byte_len); - if (!bytes || byte_len < 1) { - ut8 q = unknown_byte; - if (!r_muta_charset_outgrow (&out, &outcap, outpos + 1)) { + if (bytes && byte_len > 0) { + if (!r_muta_charset_outgrow (&out, &outcap, outpos + byte_len)) { *out_len = 0; return NULL; } - out[outpos++] = q; + memcpy (out + outpos, bytes, byte_len); + outpos += byte_len; } else { - if (!r_muta_charset_outgrow (&out, &outcap, outpos + byte_len)) { + ut8 q = unknown_byte; + if (!r_muta_charset_outgrow (&out, &outcap, outpos + 1)) { *out_len = 0; return NULL; } - memcpy (out + outpos, bytes, byte_len); - outpos += byte_len; + out[outpos++] = q; } - str += consumed; } diff --git a/libr/util/bdiff.c b/libr/util/bdiff.c index f734f4284f..599642ad72 100644 --- a/libr/util/bdiff.c +++ b/libr/util/bdiff.c @@ -1,15 +1,15 @@ /* radare - LGPL - Copyright 2009-2010 pancake */ /* Adapted code from: - bdiff.c - efficient binary diff extension for Mercurial +bdiff.c - efficient binary diff extension for Mercurial - Copyright 2005, 2006 Matt Mackall +Copyright 2005, 2006 Matt Mackall - This software may be used and distributed according to the terms of - the GNU General Public License, incorporated herein by reference. +This software may be used and distributed according to the terms of +the GNU General Public License, incorporated herein by reference. - Based roughly on Python difflib -*/ +Based roughly on Python difflib + */ #include @@ -33,7 +33,7 @@ struct hunklist { static int splitlines(const char *a, int len, struct line **lr) { int h, i; const char *p, *b = a; - const char * const plast = a + len - 1; + const char *const plast = a + len - 1; struct line *l; if (!a) { @@ -49,7 +49,7 @@ static int splitlines(const char *a, int len, struct line **lr) { } } - *lr = l = (struct line *)malloc(sizeof (struct line) * i); + *lr = l = (struct line *)malloc (sizeof (struct line) * i); if (!l) { return -1; } @@ -93,7 +93,7 @@ static int equatelines(struct line *a, int an, struct line *b, int bn) { /* try to allocate a large hash table to avoid collisions */ for (scale = 4; scale; scale /= 2) { - h = (struct pos *)malloc(scale * buckets * sizeof (struct pos)); + h = (struct pos *)malloc (scale * buckets * sizeof (struct pos)); if (h) { break; } @@ -106,9 +106,9 @@ static int equatelines(struct line *a, int an, struct line *b, int bn) { buckets = buckets * scale - 1; /* clear the hash table */ + memset (h, 0, (buckets + 1) * sizeof (struct pos)); for (i = 0; i <= buckets; i++) { h[i].pos = INT_MAX; - h[i].len = 0; } /* add lines to the hash table chains */ @@ -129,7 +129,7 @@ static int equatelines(struct line *a, int an, struct line *b, int bn) { } /* compute popularity threshold */ - t = (bn >= 4000) ? bn / 1000 : bn + 1; + t = (bn >= 4000)? bn / 1000: bn + 1; /* match items in a to their equivalence class in b */ for (i = 0; i < an; i++) { @@ -154,9 +154,7 @@ static int equatelines(struct line *a, int an, struct line *b, int bn) { return 1; } -static int longest_match(struct line *a, struct line *b, struct pos *pos, - int a1, int a2, int b1, int b2, int *omi, int *omj) -{ +static int longest_match(struct line *a, struct line *b, struct pos *pos, int a1, int a2, int b1, int b2, int *omi, int *omj) { int mi = a1, mj = b1, mk = 0, mb = 0, i, j, k; for (i = a1; i < a2; i++) { @@ -206,19 +204,17 @@ static int longest_match(struct line *a, struct line *b, struct pos *pos, return mk + mb; } -static void recurse(struct line *a, struct line *b, struct pos *pos, - int a1, int a2, int b1, int b2, struct hunklist *l) -{ +static void recurse(struct line *a, struct line *b, struct pos *pos, int a1, int a2, int b1, int b2, struct hunklist *l) { int i, j, k; /* find the longest match in this chunk */ - k = longest_match(a, b, pos, a1, a2, b1, b2, &i, &j); + k = longest_match (a, b, pos, a1, a2, b1, b2, &i, &j); if (!k) { return; } /* and recurse on the remaining chunks on either side */ - recurse(a, b, pos, a1, i, b1, j, l); + recurse (a, b, pos, a1, i, b1, j, l); if (l->head < l->end) { l->head->a1 = i; l->head->a2 = i + k; @@ -226,7 +222,7 @@ static void recurse(struct line *a, struct line *b, struct pos *pos, l->head->b2 = j + k; l->head++; } - recurse(a, b, pos, i + k, a2, j + k, b2, l); + recurse (a, b, pos, i + k, a2, j + k, b2, l); } static struct hunklist diff(struct line *a, int an, struct line *b, int bn) { @@ -237,15 +233,14 @@ static struct hunklist diff(struct line *a, int an, struct line *b, int bn) { /* allocate and fill arrays */ t = equatelines (a, an, b, bn); - pos = (struct pos *)calloc (bn ? bn : 1, sizeof (struct pos)); + pos = (struct pos *)calloc (bn? bn: 1, sizeof (struct pos)); /* we can't have more matches than lines in the shorter file */ - l.head = l.base = (struct hunk *)malloc (sizeof (struct hunk) - * ((ana1 = l.head->a2 = an; l.head->b1 = l.head->b2 = bn; @@ -257,7 +252,7 @@ static struct hunklist diff(struct line *a, int an, struct line *b, int bn) { /* normalize the hunk list, try to push each hunk towards the end */ for (curr = l.base; curr != l.head; curr++) { - struct hunk *next = curr+1; + struct hunk *next = curr + 1; int shift = 0; if (next == l.head) { @@ -297,12 +292,12 @@ R_API int r_diff_buffers_delta(RDiff *d, const ut8 *sa, int la, const ut8 *sb, i int hits = -1; an = splitlines ((const char *)sa, la, &al); - if (an<0) { + if (an < 0) { free (al); return -1; } bn = splitlines ((const char *)sb, lb, &bl); - if (bn<0) { + if (bn < 0) { free (al); free (bl); return -1; @@ -324,7 +319,7 @@ R_API int r_diff_buffers_delta(RDiff *d, const ut8 *sa, int la, const ut8 *sb, i len = bl[h->b1].l - bl[lb].l; offa = al[la].l - al->l; offb = al[h->a1].l - al->l; - rlen = offb-offa; + rlen = offb - offa; if (d->callback) { /* source file */ @@ -357,7 +352,7 @@ R_API int r_diff_buffers_delta(RDiff *d, const ut8 *sa, int la, const ut8 *sb, i la = h->a2; lb = h->b2; } - beach: +beach: free (al); free (bl); free (l.base); diff --git a/libr/util/str.c b/libr/util/str.c index acf273b860..c8c355591b 100644 --- a/libr/util/str.c +++ b/libr/util/str.c @@ -4006,23 +4006,25 @@ R_API char *r_str_nextword(char *s, char ch) { return p; } -R_API char *r_str_scale(const char *s, int w, int h) { +R_API char *r_str_scale(const char *s, const int w, const int h) { R_RETURN_VAL_IF_FAIL (s && w > 0 && h > 0, NULL); char *str = strdup (s); RList *lines = r_str_split_list (str, "\n", 0); int i, j; - int rows = r_list_length (lines); + const int rows = r_list_length (lines); RList *out = r_list_newf (free); int curline = -1; char *linetext = (char *)r_str_pad (NULL, 0, ' ', w); for (i = 0; i < h; i++) { - int zoomedline = (int) (i *((double)rows / h)); + const int zoomedline = (int) (i *((double)rows / h)); const char *srcline = r_list_get_n (lines, zoomedline); - int cols = strlen (srcline); - for (j = 0; j < w; j++) { - int zoomedcol = (int) (j *((double)cols / w)); - linetext[j] = srcline[zoomedcol]; + const int cols = srcline ? strlen (srcline) : 0; + if (cols > 0) { + for (j = 0; j < w; j++) { + const int zoomedcol = (int) (j *((double)cols / w)); + linetext[j] = srcline[zoomedcol]; + } } if (curline != zoomedline) { r_list_append (out, strdup (linetext)); diff --git a/libr/util/strbuf.c b/libr/util/strbuf.c index 8869515856..d745ce75be 100644 --- a/libr/util/strbuf.c +++ b/libr/util/strbuf.c @@ -369,7 +369,9 @@ R_API bool r_strbuf_prepend_n(RStrBuf *sb, const char *s, size_t l) { } if ((sb->len + l + 1) <= sizeof (sb->buf)) { - memmove (&sb->buf[l], sb->buf, sb->len); + /* Guard to help static analyzers reason about bounds. */ + R_RETURN_VAL_IF_FAIL (l < sizeof (sb->buf), false); + memmove (sb->buf + l, sb->buf, sb->len); memcpy (sb->buf, s, l); sb->buf[sb->len + l] = 0; sb->len += l; diff --git a/shlr/grub/fs/hfsplus.c b/shlr/grub/fs/hfsplus.c index 97d9b46926..2d610a861e 100644 --- a/shlr/grub/fs/hfsplus.c +++ b/shlr/grub/fs/hfsplus.c @@ -563,12 +563,12 @@ grub_hfsplus_cmp_extkey (struct grub_hfsplus_key *keya, struct grub_hfsplus_extkey_internal *extkey_b = &keyb->extkey; int diff; - diff = grub_be_to_cpu32 (extkey_a->fileid) - extkey_b->fileid; + diff = (int)grub_be_to_cpu32 (extkey_a->fileid) - (int)extkey_b->fileid; if (diff) return diff; - diff = grub_be_to_cpu32 (extkey_a->start) - extkey_b->start; + diff = (int)grub_be_to_cpu32 (extkey_a->start) - (int)extkey_b->start; return diff; } diff --git a/shlr/grub/fs/reiserfs.c b/shlr/grub/fs/reiserfs.c index d4e526a499..b95d4c24ba 100644 --- a/shlr/grub/fs/reiserfs.c +++ b/shlr/grub/fs/reiserfs.c @@ -1289,7 +1289,7 @@ grub_reiserfs_dir (grub_device_t device, const char *path, void *closure) { struct grub_reiserfs_data *data = 0; - struct grub_fshelp_node root, *found; + struct grub_fshelp_node root = {0}, *found; struct grub_reiserfs_key root_key; struct grub_reiserfs_dir_closure c; -- 2.43.0