add codeql fixes/suppressions (#664)

2023-02-13 11:39:59 -05:00 · 2023-02-13 11:39:59 -05:00 · ff62288f8e
parent e46452f647
commit ff62288f8e
3 changed files with 5 additions and 3 deletions
--- a/openbsd-compat/getopt_long.c
+++ b/openbsd-compat/getopt_long.c
@ -383,7 +383,7 @@ start:
 		/*
 		 * If we have "-" do nothing, if "--" we are done.
 		 */
-		if (place[1] != '\0' && *++place == '-' && place[1] == '\0') {
+		if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { // CodeQL [SM01947]: upstream code; place re-assigned in previous line
 			optind++;
 			place = EMSG;
 			/*
--- a/regress/unittests/test_helper/test_helper.c
+++ b/regress/unittests/test_helper/test_helper.c
@ -159,7 +159,7 @@ main(int argc, char **argv)
 	/* Handle systems without __progname */
 	if (__progname == NULL) {
 		__progname = strrchr(argv[0], '/');
-		if (__progname == NULL || (__progname[0] != '\0' && __progname[1] == '\0')) // fix CodeQL SM01947
+		if (__progname == NULL || (__progname[0] != '\0' && __progname[1] == '\0')) // CodeQL [SM01947]: __progname may be longer than 1 byte and prev. checks handle if smaller
 			__progname = argv[0];	
 		else
 			__progname++;
@ -423,7 +423,7 @@ tohex(const void *_s, size_t l)
 		r[j++] = hex[(s[i] >> 4) & 0xf]; // CodeQL [SM02311]: tests rely on assert for NULL checks
 		r[j++] = hex[s[i] & 0xf];
 	}
-	r[j] = '\0';
+	r[j] = '\0'; // CodeQL [SM02311]: tests rely on assert for NULL checks
 	return r;
 }

--- a/regress/unittests/win32compat/tests.c
+++ b/regress/unittests/win32compat/tests.c
@ -35,6 +35,8 @@ dup_str(char *inStr)

 	int len = strlen(inStr);
 	char *outStr = malloc(len + 1);
+	if (NULL == outStr)
+		return NULL;
 	strncpy(outStr, inStr, len);
 	outStr[len] = '\0';
 	return outStr;