From d5f34ad49d345803767d4a1166d764f9f8485541 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 8 Feb 2015 23:46:04 +0100 Subject: Static Code Analysis: Avoid over-flaw in arithmetic operations by adding more checks. Add extra checks. Solve various issues. --- src/Format/InPlace.c | 12 ++++++++++++ src/Format/Tcformat.c | 14 +++++++------- 2 files changed, 19 insertions(+), 7 deletions(-) (limited to 'src/Format') diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c index 4c5491e3..3998c2a5 100644 --- a/src/Format/InPlace.c +++ b/src/Format/InPlace.c @@ -21,6 +21,7 @@ IMPORTANT: Due to this issue, functions in this file must not directly interact #include #include #include +#include #include "Tcdefs.h" #include "Platform/Finally.h" @@ -71,6 +72,17 @@ static __int64 NewFileSysSizeAfterShrink (HANDLE dev, const char *devicePath, in return -1; } + if ( (ntfsVolData.NumberSectors.QuadPart <= 0) + || (ntfsVolData.NumberSectors.QuadPart > (INT64_MAX / (__int64) ntfsVolData.BytesPerSector)) // overflow test + ) + { + SetLastError (ERROR_INTERNAL_ERROR); + if (!silent) + handleWin32Error (MainDlg); + + return -1; + } + fileSysSize = ntfsVolData.NumberSectors.QuadPart * ntfsVolData.BytesPerSector; desiredNbrSectors = (fileSysSize - TC_TOTAL_VOLUME_HEADERS_SIZE) / ntfsVolData.BytesPerSector; diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index 4984e6cc..995222de 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -2537,13 +2537,12 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg) if (!bInPlaceEncNonSys) SetTimer (hwndDlg, TIMER_ID_RANDVIEW, TIMER_INTERVAL_RANDVIEW, NULL); - if (volParams != NULL) - { - burn ((LPVOID) volParams, sizeof(FORMAT_VOL_PARAMETERS)); - VirtualUnlock ((LPVOID) volParams, sizeof(FORMAT_VOL_PARAMETERS)); - free ((LPVOID) volParams); - volParams = NULL; - } + + // volParams is ensured to be non NULL at this stage + burn ((LPVOID) volParams, sizeof(FORMAT_VOL_PARAMETERS)); + VirtualUnlock ((LPVOID) volParams, sizeof(FORMAT_VOL_PARAMETERS)); + free ((LPVOID) volParams); + volParams = NULL; bVolTransformThreadRunning = FALSE; bVolTransformThreadCancel = FALSE; @@ -9027,6 +9026,7 @@ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, char *lpszComm DialogBoxParamW (hInstance, MAKEINTRESOURCEW (IDD_VOL_CREATION_WIZARD_DLG), NULL, (DLGPROC) MainDialogProc, (LPARAM)lpszCommandLine); + FinalizeApp (); return 0; } -- cgit v1.2.3