From e6150364e10566e78d7cdde6dc8d09f32229aa9e Mon Sep 17 00:00:00 2001
From: Miro Stauder <miro@proxysql.com>
Date: Mon, 13 Feb 2023 18:04:18 +0000
Subject: [PATCH] fixes for issues detected by CodeQL

---
 deps/Makefile                                 | 10 +++---
 deps/libev/ev.c-multiplication-overflow.patch |  6 ++--
 .../sqlite3.c-multiplication-overflow.patch   | 31 ++++++++-----------
 3 files changed, 21 insertions(+), 26 deletions(-)

diff --git a/deps/Makefile b/deps/Makefile
index e3e973c96..83896973b 100644
--- a/deps/Makefile
+++ b/deps/Makefile
@@ -114,7 +114,7 @@ libhttpserver: libhttpserver/libhttpserver/build/src/.libs/libhttpserver.a
 libev/libev/.libs/libev.a:
 	cd libev && rm -rf libev-*/ || true
 	cd libev && tar -zxf libev-*.tar.gz
-#	cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch
+	cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch
 	cd libev/libev && ./configure
 	cd libev/libev && CC=${CC} CXX=${CXX} ${MAKE}
 
@@ -251,7 +251,7 @@ endif
 	cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_rpl.c < ../mariadb_rpl.c.patch
 	cd mariadb-client-library/mariadb_client && patch include/mariadb_rpl.h < ../mariadb_rpl.h.patch
 	cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient
-# cd mariadb-client-library/mariadb_client/include && make my_config.h
+#	cd mariadb-client-library/mariadb_client/include && make my_config.h
 
 mariadb_client: mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a
 
@@ -260,7 +260,7 @@ sqlite3/sqlite3/sqlite3.o:
 	cd sqlite3 && rm -rf sqlite-amalgamation-*/ || true
 	cd sqlite3 && tar -zxf sqlite-amalgamation-*.tar.gz
 	cd sqlite3/sqlite3 && patch -p1 < ../from_unixtime.patch
-#	cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch
+	cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch
 	cd sqlite3/sqlite3 && ${CC} ${MYCFLAGS} -fPIC -c -o sqlite3.o sqlite3.c -DSQLITE_ENABLE_MEMORY_MANAGEMENT -DSQLITE_ENABLE_JSON1 -DSQLITE_DLL=1
 	cd sqlite3/sqlite3 && ${CC} -shared -o libsqlite3.so sqlite3.o
 
@@ -294,7 +294,7 @@ re2/re2/obj/libre2.a:
 	cd re2 && tar -zxf re2-*.tar.gz
 #	cd re2/re2 && sed -i -e 's/-O3 -g /-O3 -fPIC /' Makefile
 #	cd re2/re2 && patch util/mutex.h < ../mutex.h.patch
-#	cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch
+	cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch
 ifeq ($(UNAME_S),Darwin)
 	cd re2/re2 && sed -i '' -e 's/-O3 -g/-O3 -g -std=c++11 -fPIC -DMEMORY_SANITIZER -DRE2_ON_VALGRIND /' Makefile
 #	cd re2/re2 && sed -i '' -e 's/RE2_CXXFLAGS?=-std=c++11 /RE2_CXXFLAGS?=-std=c++11 -fPIC /' Makefile
@@ -310,7 +310,7 @@ re2: re2/re2/obj/libre2.a
 pcre/pcre/.libs/libpcre.a:
 	cd pcre && rm -rf pcre-*/ || true
 	cd pcre && tar -zxf pcre-*.tar.gz
-#	cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch
+	cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch
 	cd pcre/pcre && ./configure
 	cd pcre/pcre && CC=${CC} CXX=${CXX} ${MAKE}
 
diff --git a/deps/libev/ev.c-multiplication-overflow.patch b/deps/libev/ev.c-multiplication-overflow.patch
index e72cdc9bf..45ffc4b2c 100644
--- a/deps/libev/ev.c-multiplication-overflow.patch
+++ b/deps/libev/ev.c-multiplication-overflow.patch
@@ -1,4 +1,4 @@
-@@ -1937,7 +1937,7 @@
+@@ -2253,7 +2253,7 @@
    while (cnt > ncur);
  
    /* if size is large, round to MALLOC_ROUND - 4 * longs to accommodate malloc overhead */
@@ -7,7 +7,7 @@
      {
        ncur *= elem;
        ncur = (ncur + elem + (MALLOC_ROUND - 1) + sizeof (void *) * 4) & ~(MALLOC_ROUND - 1);
-@@ -1953,7 +1953,7 @@
+@@ -2269,7 +2269,7 @@
  array_realloc (int elem, void *base, int *cur, int cnt)
  {
    *cur = array_nextsize (elem, *cur, cnt);
@@ -15,4 +15,4 @@
 +  return ev_realloc (base, (long) elem * *cur);
  }
  
- #define array_init_zero(base,count)	\
+ #define array_needsize_noinit(base,offset,count)
diff --git a/deps/sqlite3/sqlite3.c-multiplication-overflow.patch b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch
index 364c7c52a..fa853379c 100644
--- a/deps/sqlite3/sqlite3.c-multiplication-overflow.patch
+++ b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch
@@ -1,18 +1,13 @@
-@@ -103301,7 +103301,7 @@
-   int n = *pnEntry;
-   if( (n & (n-1))==0 ){
-     int sz = (n==0) ? 1 : 2*n;
--    void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry);
-+    void *pNew = sqlite3DbRealloc(db, pArray, (long) sz*szEntry);
-     if( pNew==0 ){
-       *pIdx = -1;
-       return pArray;
-@@ -141183,7 +141183,7 @@
-     pStart = 0;
-   }else if( pBuf==0 ){
-     sqlite3BeginBenignMalloc();
--    pStart = sqlite3Malloc( sz*cnt );  /* IMP: R-61949-35727 */
-+    pStart = sqlite3Malloc( (long) sz*cnt );  /* IMP: R-61949-35727 */
-     sqlite3EndBenignMalloc();
-     if( pStart ) cnt = sqlite3MallocSize(pStart)/sz;
-   }else{
+@@ -173310,10 +173310,10 @@
+ #ifndef SQLITE_OMIT_TWOSIZE_LOOKASIDE
+   if( sz>=LOOKASIDE_SMALL*3 ){
+     nBig = szAlloc/(3*LOOKASIDE_SMALL+sz);
+-    nSm = (szAlloc - sz*nBig)/LOOKASIDE_SMALL;
++    nSm = (szAlloc - (long) sz*nBig)/LOOKASIDE_SMALL;
+   }else if( sz>=LOOKASIDE_SMALL*2 ){
+     nBig = szAlloc/(LOOKASIDE_SMALL+sz);
+-    nSm = (szAlloc - sz*nBig)/LOOKASIDE_SMALL;
++    nSm = (szAlloc - (long) sz*nBig)/LOOKASIDE_SMALL;
+   }else
+ #endif /* SQLITE_OMIT_TWOSIZE_LOOKASIDE */
+   if( sz>0 ){