From 8005b64f4c3006070d67f85f06e491c532bcb8b2 Mon Sep 17 00:00:00 2001 From: Miro Stauder Date: Fri, 4 Mar 2022 21:47:49 +0100 Subject: [PATCH 1/7] add CodeQL workflow --- .github/workflows/codeql.yml | 89 ++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..44db965f8 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,89 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ CodeQL ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ CodeQL ] + schedule: + - cron: '15 13 * * 3' + workflow_dispatch: + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'cpp', 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Update + run: sudo apt-get update + + - name: Install build tools + run: sudo apt-get -y install make automake git wget gcc g++ libtool equivs python python3 + + - name: Install build dependencies + run: sudo apt-get -y install libssl-dev gnutls-dev libgnutls28-dev libmysqlclient-dev libboost-all-dev libunwind8 libunwind-dev uuid-dev ca-certificates + + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + #- name: Autobuild + # uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - if: matrix.language == 'python' || matrix.language == 'java' + name: Autobuild + uses: github/codeql-action/autobuild@v1 + + - if: matrix.language == 'cpp' + name: Build C++ + run: | + make + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From f0272d58d4fb154846b5f4644a1601e4c7fbedce Mon Sep 17 00:00:00 2001 From: Miro Stauder Date: Fri, 4 Mar 2022 21:50:12 +0100 Subject: [PATCH 2/7] avoid fail on empty git describe --- Makefile | 3 ++- lib/Makefile | 3 ++- src/Makefile | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index d98231235..0afae4dfd 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,8 @@ ifndef GIT_VERSION GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -$(error GIT_VERSION is not set) +#$(error GIT_VERSION is not set) +GIT_VERSION := 2.2.0 endif endif diff --git a/lib/Makefile b/lib/Makefile index bb28b7ddf..9a0c0999e 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -1,7 +1,8 @@ ifndef GIT_VERSION GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -$(error GIT_VERSION is not set) +#$(error GIT_VERSION is not set) +GIT_VERSION := 2.2.0 endif endif diff --git a/src/Makefile b/src/Makefile index 14caadcf0..384c0ba6f 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,7 +1,8 @@ ifndef GIT_VERSION GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -$(error GIT_VERSION is not set) +#$(error GIT_VERSION is not set) +GIT_VERSION := 2.2.0 endif endif From 0d7d2458ed8eb39a012983044f025d0f1420f7e9 Mon Sep 17 00:00:00 2001 From: Miro Stauder Date: Thu, 10 Mar 2022 14:42:23 +0100 Subject: [PATCH 3/7] manual CodeQL trigger only --- .github/workflows/codeql.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 44db965f8..c2a80663a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -12,13 +12,13 @@ name: "CodeQL" on: - push: - branches: [ CodeQL ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ CodeQL ] - schedule: - - cron: '15 13 * * 3' +# push: +# branches: [ CodeQL ] +# pull_request: +# # The branches below must be a subset of the branches above +# branches: [ CodeQL ] +# schedule: +# - cron: '15 13 * * 3' workflow_dispatch: jobs: From e84dc7ed0e066c02823c025ca9547a908f80f264 Mon Sep 17 00:00:00 2001 From: Miro Stauder Date: Thu, 10 Mar 2022 14:44:51 +0100 Subject: [PATCH 4/7] fix CodeQL alerts --- include/gen_utils.h | 2 +- lib/ProxySQL_Admin.cpp | 6 +++--- lib/c_tokenizer.cpp | 2 +- src/SQLite3_Server.cpp | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/gen_utils.h b/include/gen_utils.h index f2fa0105b..21b5b977e 100644 --- a/include/gen_utils.h +++ b/include/gen_utils.h @@ -88,7 +88,7 @@ class PtrArray { void * remove_index(unsigned int i) { void *r=pdata[i]; if (i != (len-1)) { - memmove(pdata+(i)*sizeof(void *),pdata+(i+1)*sizeof(void *),(len-i-1)*sizeof(void *)); + memmove((void **)pdata+i,(void **)pdata+i+1,(len-i-1)*sizeof(void *)); } len--; if ( ( len>MIN_ARRAY_LEN ) && ( size > len*MIN_ARRAY_DELETE_RATIO ) ) { diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index d32416e25..2090f170c 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -3459,7 +3459,7 @@ SQLite3_result * ProxySQL_Admin::generate_show_table_status(const char *tablenam pta[0]=NULL; char *tn=NULL; // tablename // note that tablename is passed with a trailing ' - tn=(char *)malloc(strlen(tablename)); + tn=(char *)malloc(strlen(tablename)+1); unsigned int i=0, j=0; while (i opts->groups_grouping_limit) { - memmove(shared_st->res_pre_pos, pattern_start, group_pattern_size * opts->groups_grouping_limit); + memmove(shared_st->res_pre_pos, pattern_start, (long) group_pattern_size * opts->groups_grouping_limit); shared_st->res_pre_pos += group_pattern_size * opts->groups_grouping_limit; *shared_st->res_pre_pos++ = '.'; *shared_st->res_pre_pos++ = '.'; diff --git a/src/SQLite3_Server.cpp b/src/SQLite3_Server.cpp index d14d71afe..b9d7f02e0 100644 --- a/src/SQLite3_Server.cpp +++ b/src/SQLite3_Server.cpp @@ -318,7 +318,7 @@ void SQLite3_Server_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *p SQLite3_result *resultset=NULL; char *strA=NULL; char *strB=NULL; - int strAl, strBl; + size_t strAl, strBl; char *query=NULL; unsigned int query_length=pkt->size-sizeof(mysql_hdr); query=(char *)l_alloc(query_length); @@ -515,9 +515,9 @@ void SQLite3_Server_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *p strB=(char *)"SELECT name AS tables FROM sqlite_master WHERE type='table' AND name LIKE '%s'"; strBl=strlen(strB); char *tn=NULL; // tablename - tn=(char *)malloc(strlen(strA)); + tn=(char *)malloc(strAl+1); unsigned int i=0, j=0; - while (i Date: Thu, 10 Mar 2022 14:47:06 +0100 Subject: [PATCH 5/7] patch deps CodeQL alerts --- deps/Makefile | 14 ++++- deps/libev/ev.c-multiplication-overflow.patch | 18 +++++++ .../connection.c-snprintf-overflow.patch | 20 +++++++ .../a_time.c-multiplication-overflow.patch | 9 ++++ .../curve448.c-multiplication-overflow.patch | 9 ++++ .../ma_array.c-multiplication-overflow.patch | 53 +++++++++++++++++++ ...adb_dyncol.c-multiplication-overflow.patch | 16 ++++++ .../zutil.c-multiplication-overflow.patch | 9 ++++ .../pcretest.c-multiplication-overflow.patch | 9 ++++ .../onepass.cc-multiplication-overflow.patch | 12 +++++ .../sqlite3.c-multiplication-overflow.patch | 18 +++++++ 11 files changed, 185 insertions(+), 2 deletions(-) create mode 100644 deps/libev/ev.c-multiplication-overflow.patch create mode 100644 deps/libmicrohttpd/connection.c-snprintf-overflow.patch create mode 100644 deps/libssl/a_time.c-multiplication-overflow.patch create mode 100644 deps/libssl/curve448.c-multiplication-overflow.patch create mode 100644 deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch create mode 100644 deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch create mode 100644 deps/mariadb-client-library/zutil.c-multiplication-overflow.patch create mode 100644 deps/pcre/pcretest.c-multiplication-overflow.patch create mode 100644 deps/re2/onepass.cc-multiplication-overflow.patch create mode 100644 deps/sqlite3/sqlite3.c-multiplication-overflow.patch diff --git a/deps/Makefile b/deps/Makefile index 2b441693d..02da46a2c 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -58,7 +58,9 @@ libssl/openssl/libssl.a: cd libssl && rm -rf openssl-1.1.1j || true cd libssl && rm -rf openssl-openssl-3.0.0 || true cd libssl && tar -zxf openssl-3.0.0.tar.gz - cd libssl/openssl && ./config no-ssl3 no-tests + cd libssl/openssl && patch crypto/ec/curve448/curve448.c < ../curve448.c-multiplication-overflow.patch + cd libssl/openssl && patch crypto/asn1/a_time.c < ../a_time.c-multiplication-overflow.patch + cd libssl/openssl && ./config no-ssl3 no-tests cd libssl/openssl && CC=${CC} CXX=${CXX} ${MAKE} cd libssl/openssl && ln -s . lib # curl wants this path libssl: libssl/openssl/libssl.a @@ -98,6 +100,7 @@ libhttpserver: libhttpserver/libhttpserver/build/src/.libs/libhttpserver.a libev/libev/.libs/libev.a: cd libev && rm -rf libev-4.24 || true cd libev && tar -zxf libev-4.24.tar.gz + cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch cd libev/libev && ./configure cd libev/libev && CC=${CC} CXX=${CXX} ${MAKE} ev: libev/libev/.libs/libev.a @@ -124,6 +127,7 @@ endif ifeq ($(OS),Darwin) cd libmicrohttpd/libmicrohttpd && patch src/microhttpd/mhd_sockets.c < ../mhd_sockets.c-issue-5977.patch endif + cd libmicrohttpd/libmicrohttpd && patch src/microhttpd/connection.c < ../connection.c-snprintf-overflow.patch cd libmicrohttpd/libmicrohttpd && ./configure --enable-https && CC=${CC} CXX=${CXX} ${MAKE} microhttpd: libmicrohttpd/libmicrohttpd/src/microhttpd/.libs/libmicrohttpd.a @@ -200,6 +204,9 @@ mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: libssl/open ifeq ($(WITHASAN),1) cd mariadb-client-library/mariadb_client && patch -p0 < ../mariadb_asan.patch endif + cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_dyncol.c < ../mariadb_dyncol.c-multiplication-overflow.patch + cd mariadb-client-library/mariadb_client && patch libmariadb/ma_array.c < ../ma_array.c-multiplication-overflow.patch + cd mariadb-client-library/mariadb_client && patch zlib/zutil.c < ../zutil.c-multiplication-overflow.patch cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient # cd mariadb-client-library/mariadb_client/include && make my_config.h @@ -210,6 +217,7 @@ sqlite3/sqlite3/sqlite3.o: cd sqlite3 && rm -rf sqlite-amalgamation-3190200 cd sqlite3 && tar -zxf sqlite-amalgamation-3190200.tar.gz cd sqlite3/sqlite3 && patch sqlite3.c < ../from_unixtime.patch + cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch cd sqlite3/sqlite3 && ${CC} ${MYCFLAGS} -fPIC -c -o sqlite3.o sqlite3.c -DSQLITE_ENABLE_MEMORY_MANAGEMENT -DSQLITE_ENABLE_JSON1 -DSQLITE_DLL=1 cd sqlite3/sqlite3 && ${CC} -shared -o libsqlite3.so sqlite3.o @@ -241,7 +249,8 @@ re2/re2/obj/libre2.a: # cd re2 && tar -zxf re2-20140304.tgz cd re2 && tar -zxf re2.tar.gz # cd re2/re2 && sed -i -e 's/-O3 -g /-O3 -fPIC /' Makefile -# cd re2 && patch re2/util/mutex.h < mutex.h.patch +# cd re2/re2 && patch util/mutex.h < ../mutex.h.patch + cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch cd re2/re2 && sed -i -e 's/-O3 /-O3 -fPIC -DMEMORY_SANITIZER -DRE2_ON_VALGRIND /' Makefile cd re2/re2 && sed -i -e 's/RE2_CXXFLAGS?=-std=c++11 /RE2_CXXFLAGS?=-std=c++11 -fPIC /' Makefile cd re2/re2 && CC=${CC} CXX=${CXX} ${MAKE} @@ -252,6 +261,7 @@ pcre/pcre/.libs/libpcre.a: cd pcre && rm -rf pcre-8.39 cd pcre && rm -rf pcre-8.44 cd pcre && tar -zxf pcre-8.44.tar.gz + cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch cd pcre/pcre && ./configure cd pcre/pcre && CC=${CC} CXX=${CXX} ${MAKE} pcre: pcre/pcre/.libs/libpcre.a diff --git a/deps/libev/ev.c-multiplication-overflow.patch b/deps/libev/ev.c-multiplication-overflow.patch new file mode 100644 index 000000000..e72cdc9bf --- /dev/null +++ b/deps/libev/ev.c-multiplication-overflow.patch @@ -0,0 +1,18 @@ +@@ -1937,7 +1937,7 @@ + while (cnt > ncur); + + /* if size is large, round to MALLOC_ROUND - 4 * longs to accommodate malloc overhead */ +- if (elem * ncur > MALLOC_ROUND - sizeof (void *) * 4) ++ if ((long) elem * ncur > MALLOC_ROUND - sizeof (void *) * 4) + { + ncur *= elem; + ncur = (ncur + elem + (MALLOC_ROUND - 1) + sizeof (void *) * 4) & ~(MALLOC_ROUND - 1); +@@ -1953,7 +1953,7 @@ + array_realloc (int elem, void *base, int *cur, int cnt) + { + *cur = array_nextsize (elem, *cur, cnt); +- return ev_realloc (base, elem * *cur); ++ return ev_realloc (base, (long) elem * *cur); + } + + #define array_init_zero(base,count) \ diff --git a/deps/libmicrohttpd/connection.c-snprintf-overflow.patch b/deps/libmicrohttpd/connection.c-snprintf-overflow.patch new file mode 100644 index 000000000..af08efccc --- /dev/null +++ b/deps/libmicrohttpd/connection.c-snprintf-overflow.patch @@ -0,0 +1,20 @@ +@@ -1582,11 +1582,18 @@ + MHD_HTTP_HEADER_CONNECTION))) && + (MHD_str_equal_caseless_ (pos->value, + "Keep-Alive")) ) ) ) +- off += MHD_snprintf_ (&data[off], ++ { ++ int n = MHD_snprintf_ (&data[off], + size - off, + "%s: %s\r\n", + pos->header, + pos->value); ++ if (n < 0 || n >= size - off) ++ { ++ break; ++ } ++ off += n; ++ } + } + if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) + { diff --git a/deps/libssl/a_time.c-multiplication-overflow.patch b/deps/libssl/a_time.c-multiplication-overflow.patch new file mode 100644 index 000000000..9dbae8092 --- /dev/null +++ b/deps/libssl/a_time.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -248,7 +248,7 @@ + } + o++; + } +- if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign)) ++ if (offset && !OPENSSL_gmtime_adj(&tmp, 0, (long) offset * offsign)) + goto err; + } else { + /* not Z, or not +/- in non-strict mode */ diff --git a/deps/libssl/curve448.c-multiplication-overflow.patch b/deps/libssl/curve448.c-multiplication-overflow.patch new file mode 100644 index 000000000..732b8e1b5 --- /dev/null +++ b/deps/libssl/curve448.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -588,7 +588,7 @@ + assert(position >= 0); + if (odd & (1 << (table_bits + 1))) + delta -= (1 << (table_bits + 1)); +- current -= delta * (1 << pos); ++ current -= (long) delta * (1 << pos); + control[position].power = pos + 16 * (w - 1); + control[position].addend = delta; + position--; diff --git a/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch b/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch new file mode 100644 index 000000000..76bcb496f --- /dev/null +++ b/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch @@ -0,0 +1,53 @@ +@@ -46,7 +46,7 @@ + array->max_element=init_alloc; + array->alloc_increment=alloc_increment; + array->size_of_element=element_size; +- if (!(array->buffer=(char*) malloc(element_size*init_alloc))) ++ if (!(array->buffer=(char*) malloc((long) element_size*init_alloc))) + { + array->max_element=0; + return(TRUE); +@@ -80,7 +80,7 @@ + if (array->elements == array->max_element) + { + char *new_ptr; +- if (!(new_ptr=(char*) realloc(array->buffer,(array->max_element+ ++ if (!(new_ptr=(char*) realloc(array->buffer,(long) (array->max_element+ + array->alloc_increment)* + array->size_of_element))) + return 0; +@@ -111,14 +111,14 @@ + char *new_ptr; + size=(idx+array->alloc_increment)/array->alloc_increment; + size*= array->alloc_increment; +- if (!(new_ptr=(char*) realloc(array->buffer,size* ++ if (!(new_ptr=(char*) realloc(array->buffer,(long) size* + array->size_of_element))) + return TRUE; + array->buffer=new_ptr; + array->max_element=size; + } + memset((array->buffer+array->elements*array->size_of_element), 0, +- (idx - array->elements)*array->size_of_element); ++ (long) (idx - array->elements)*array->size_of_element); + array->elements=idx+1; + } + memcpy(array->buffer+(idx * array->size_of_element),element, +@@ -155,7 +155,7 @@ + char *ptr=array->buffer+array->size_of_element*idx; + array->elements--; + memmove(ptr,ptr+array->size_of_element, +- (array->elements-idx)*array->size_of_element); ++ (long) (array->elements-idx)*array->size_of_element); + } + + +@@ -166,7 +166,7 @@ + if (array->buffer && array->max_element != elements) + { + array->buffer=(char*) realloc(array->buffer, +- elements*array->size_of_element); ++ (long) elements*array->size_of_element); + array->max_element=elements; + } + } diff --git a/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch b/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch new file mode 100644 index 000000000..7df44d4e5 --- /dev/null +++ b/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch @@ -0,0 +1,16 @@ +@@ -3999,13 +3999,13 @@ + (val->x.time_value.neg ? -1 : 1); + break; + case DYN_COL_DATE: +- *ll= (val->x.time_value.year * 10000 + ++ *ll= ((long) val->x.time_value.year * 10000 + + val->x.time_value.month * 100 + + val->x.time_value.day) * + (val->x.time_value.neg ? -1 : 1); + break; + case DYN_COL_TIME: +- *ll= (val->x.time_value.hour * 10000 + ++ *ll= ((long) val->x.time_value.hour * 10000 + + val->x.time_value.minute * 100 + + val->x.time_value.second) * + (val->x.time_value.neg ? -1 : 1); diff --git a/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch b/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch new file mode 100644 index 000000000..524149f84 --- /dev/null +++ b/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -303,7 +303,7 @@ + unsigned size; + { + if (opaque) items += size - size; /* make compiler happy */ +- return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) : ++ return sizeof(uInt) > 2 ? (voidpf)malloc((long) items * size) : + (voidpf)calloc(items, size); + } + diff --git a/deps/pcre/pcretest.c-multiplication-overflow.patch b/deps/pcre/pcretest.c-multiplication-overflow.patch new file mode 100644 index 000000000..31d6bb37d --- /dev/null +++ b/deps/pcre/pcretest.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -4094,7 +4094,7 @@ + #endif + new_info(re, NULL, PCRE_INFO_SIZE, &size); + fprintf(outfile, "Memory allocation (code space): %d\n", +- (int)(size - real_pcre_size - name_count * name_entry_size)); ++ (int)(size - real_pcre_size - (long) name_count * name_entry_size)); + } + + /* If -s or /S was present, study the regex to generate additional info to diff --git a/deps/re2/onepass.cc-multiplication-overflow.patch b/deps/re2/onepass.cc-multiplication-overflow.patch new file mode 100644 index 000000000..67706ace5 --- /dev/null +++ b/deps/re2/onepass.cc-multiplication-overflow.patch @@ -0,0 +1,12 @@ +@@ -611,9 +611,9 @@ + LOG(ERROR) << "nodes:\n" << dump; + } + +- dfa_mem_ -= nalloc*statesize; ++ dfa_mem_ -= static_cast(nalloc)*statesize; + onepass_nodes_ = PODArray(nalloc*statesize); +- memmove(onepass_nodes_.data(), nodes.data(), nalloc*statesize); ++ memmove(onepass_nodes_.data(), nodes.data(), static_cast(nalloc)*statesize); + return true; + + fail: diff --git a/deps/sqlite3/sqlite3.c-multiplication-overflow.patch b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch new file mode 100644 index 000000000..364c7c52a --- /dev/null +++ b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch @@ -0,0 +1,18 @@ +@@ -103301,7 +103301,7 @@ + int n = *pnEntry; + if( (n & (n-1))==0 ){ + int sz = (n==0) ? 1 : 2*n; +- void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry); ++ void *pNew = sqlite3DbRealloc(db, pArray, (long) sz*szEntry); + if( pNew==0 ){ + *pIdx = -1; + return pArray; +@@ -141183,7 +141183,7 @@ + pStart = 0; + }else if( pBuf==0 ){ + sqlite3BeginBenignMalloc(); +- pStart = sqlite3Malloc( sz*cnt ); /* IMP: R-61949-35727 */ ++ pStart = sqlite3Malloc( (long) sz*cnt ); /* IMP: R-61949-35727 */ + sqlite3EndBenignMalloc(); + if( pStart ) cnt = sqlite3MallocSize(pStart)/sz; + }else{ From 37e874daa8d6d33f8f8179e1e16168b84e2b3d88 Mon Sep 17 00:00:00 2001 From: Miro Stauder Date: Tue, 15 Mar 2022 11:56:09 +0100 Subject: [PATCH 6/7] revert f0272d5 - fail on empty git describe --- Makefile | 3 +-- lib/Makefile | 5 ++--- src/Makefile | 5 ++--- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 5c7a1c2a0..614811ba9 100644 --- a/Makefile +++ b/Makefile @@ -4,8 +4,7 @@ ifndef GIT_VERSION GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -# $(error GIT_VERSION is not set) - GIT_VERSION := 2.2.0 + $(error GIT_VERSION is not set) endif endif diff --git a/lib/Makefile b/lib/Makefile index 9a0c0999e..817849be8 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -1,8 +1,7 @@ ifndef GIT_VERSION -GIT_VERSION := $(shell git describe --long --abbrev=7) + GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -#$(error GIT_VERSION is not set) -GIT_VERSION := 2.2.0 + $(error GIT_VERSION is not set) endif endif diff --git a/src/Makefile b/src/Makefile index 384c0ba6f..7d396f833 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,8 +1,7 @@ ifndef GIT_VERSION -GIT_VERSION := $(shell git describe --long --abbrev=7) + GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -#$(error GIT_VERSION is not set) -GIT_VERSION := 2.2.0 + $(error GIT_VERSION is not set) endif endif From 13dca86269ca580738266be245fd027c895a88c4 Mon Sep 17 00:00:00 2001 From: Miro Stauder <29940727+mirostauder@users.noreply.github.com> Date: Fri, 29 Apr 2022 17:42:07 +0200 Subject: [PATCH 7/7] fix whitespace issue --- deps/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deps/Makefile b/deps/Makefile index 03dae2b8f..f7880a7bf 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -52,7 +52,7 @@ libinjection: libinjection/libinjection/src/libinjection.a libssl/openssl/libssl.a: cd libssl && rm -rf openssl-openssl-*/ || true cd libssl && tar -zxf openssl-*.tar.gz - cd libssl/openssl && patch crypto/ec/curve448/curve448.c < ../curve448.c-multiplication-overflow.patch + cd libssl/openssl && patch crypto/ec/curve448/curve448.c < ../curve448.c-multiplication-overflow.patch cd libssl/openssl && patch crypto/asn1/a_time.c < ../a_time.c-multiplication-overflow.patch cd libssl/openssl && ./config no-ssl3 no-tests cd libssl/openssl && CC=${CC} CXX=${CXX} ${MAKE}