From ff62288f8eed49917ea512d0732769f46e7cd60d Mon Sep 17 00:00:00 2001 From: Tess Gauthier Date: Mon, 13 Feb 2023 11:39:59 -0500 Subject: [PATCH] add codeql fixes/suppressions (#664) --- openbsd-compat/getopt_long.c | 2 +- regress/unittests/test_helper/test_helper.c | 4 ++-- regress/unittests/win32compat/tests.c | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/openbsd-compat/getopt_long.c b/openbsd-compat/getopt_long.c index 4af43e0f4..050489e9e 100644 --- a/openbsd-compat/getopt_long.c +++ b/openbsd-compat/getopt_long.c @@ -383,7 +383,7 @@ start: /* * If we have "-" do nothing, if "--" we are done. */ - if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { + if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { // CodeQL [SM01947]: upstream code; place re-assigned in previous line optind++; place = EMSG; /* diff --git a/regress/unittests/test_helper/test_helper.c b/regress/unittests/test_helper/test_helper.c index 5d330e380..00657d8c7 100644 --- a/regress/unittests/test_helper/test_helper.c +++ b/regress/unittests/test_helper/test_helper.c @@ -159,7 +159,7 @@ main(int argc, char **argv) /* Handle systems without __progname */ if (__progname == NULL) { __progname = strrchr(argv[0], '/'); - if (__progname == NULL || (__progname[0] != '\0' && __progname[1] == '\0')) // fix CodeQL SM01947 + if (__progname == NULL || (__progname[0] != '\0' && __progname[1] == '\0')) // CodeQL [SM01947]: __progname may be longer than 1 byte and prev. checks handle if smaller __progname = argv[0]; else __progname++; @@ -423,7 +423,7 @@ tohex(const void *_s, size_t l) r[j++] = hex[(s[i] >> 4) & 0xf]; // CodeQL [SM02311]: tests rely on assert for NULL checks r[j++] = hex[s[i] & 0xf]; } - r[j] = '\0'; + r[j] = '\0'; // CodeQL [SM02311]: tests rely on assert for NULL checks return r; } diff --git a/regress/unittests/win32compat/tests.c b/regress/unittests/win32compat/tests.c index 018e155e6..ae27730dc 100644 --- a/regress/unittests/win32compat/tests.c +++ b/regress/unittests/win32compat/tests.c @@ -35,6 +35,8 @@ dup_str(char *inStr) int len = strlen(inStr); char *outStr = malloc(len + 1); + if (NULL == outStr) + return NULL; strncpy(outStr, inStr, len); outStr[len] = '\0'; return outStr;