Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addressed static code analyis issues (prefast) #1227

Merged
merged 1 commit into from
Jan 5, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion source/shared/core_sqlsrv.h
Original file line number Diff line number Diff line change
Expand Up @@ -1444,7 +1444,7 @@ namespace data_classification {
struct name_id_pair;
struct sensitivity_metadata;

void name_id_pair_free(name_id_pair * pair);
void name_id_pair_free(_Inout_ name_id_pair * pair);
void parse_sensitivity_name_id_pairs(_Inout_ sqlsrv_stmt* stmt, _Inout_ USHORT& numpairs, _Inout_ std::vector<name_id_pair*, sqlsrv_allocator<name_id_pair*>>* pairs, _Inout_ unsigned char **pptr);
void parse_column_sensitivity_props(_Inout_ sensitivity_metadata* meta, _Inout_ unsigned char **pptr, _In_ bool getRankInfo);
USHORT fill_column_sensitivity_array(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSMALLINT colno, _Inout_ zval *column_data);
Expand Down
29 changes: 15 additions & 14 deletions source/shared/core_stmt.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2336,7 +2336,7 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
//

// Check if it's a negative number and if necessary to add the leading zero
bool is_negative = (*field_value == '-');
short is_negative = (*field_value == '-') ? 1 : 0;
char *src = field_value + is_negative;
bool add_leading_zero = false;

Expand All @@ -2354,12 +2354,12 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
scale = field_scale;
}

char buffer[50] = " "; // A buffer with two blank spaces, as leeway
int offset = 1 + is_negative;
char buffer[50] = " "; // A buffer with TWO blank spaces, as leeway
int offset = 1 + is_negative; // for cases like 9.* to 10.* and the minus sign if needed
int src_length = strnlen_s(src);

if (add_leading_zero) {
buffer[offset++] = '0';
buffer[offset++] = '0'; // leading zero added
}
// Copy the original numerical value to the buffer
memcpy_s(buffer + offset, src_length, src, src_length);
Expand All @@ -2375,10 +2375,11 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
}
}

// Remove the extra white space if not used
char *p = buffer;
offset = 0;
while (isspace(*p++)) {
// Remove the extra white space if not used. For a negative number,
// the first pos is always a space
offset = is_negative;
char *p = buffer + offset;
while (*p++ == ' ') {
offset++;
}
if (is_negative) {
Expand Down Expand Up @@ -3017,23 +3018,23 @@ void adjustDecimalPrecision(_Inout_ zval* param_z, _In_ SQLSMALLINT decimal_digi
return;
}

// If std::stold() succeeds, 'idx' is the position of the first character after the numerical value
// If std::stold() succeeds, 'index' is the position of the first character after the numerical value
long double d = 0;
size_t idx;
size_t index;
try {
d = std::stold(std::string(value), &idx);
d = std::stold(std::string(value), &index);
}
catch (const std::logic_error& ) {
return; // invalid input caused the conversion to throw an exception
}
if (idx < value_len) {
if (index < value_len) {
return; // the input contains something else apart from the numerical value
}

// Navigate to the first digit or the decimal point
bool is_negative = (d < 0);
short is_negative = (d < 0) ? 1 : 0;
char *src = value + is_negative;
while (*src != DECIMAL_POINT && !isdigit(*src)) {
while (*src != DECIMAL_POINT && !isdigit(static_cast<unsigned int>(*src))) {
src++;
}

Expand Down
11 changes: 6 additions & 5 deletions source/shared/core_util.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ SQLCHAR SSPWARN[] = "01SSP";
// the script (sqlsrv_configure).
void write_to_log( _In_ unsigned int severity, _In_ const char* msg, ...)
{
SQLSRV_ASSERT( !(g_driver_severity == NULL), "Must register a driver checker function." );
SQLSRV_ASSERT(g_driver_severity != NULL, "Must register a driver checker function.");
if (!g_driver_severity(severity)) {
return;
}
Expand Down Expand Up @@ -491,11 +491,11 @@ namespace data_classification {
const char* ID = "id";
const char* RANK = "rank";

void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(cchOutLen) char** field_name)
void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(field_name_len) char** field_name, _Out_ SQLLEN& field_name_len)
{
sqlsrv_malloc_auto_ptr<SQLWCHAR> temp_field_name;
int temp_field_len = len * sizeof(SQLWCHAR);
SQLLEN field_name_len = 0;
field_name_len = 0;

if (len == 0) {
*field_name = reinterpret_cast<char*>(sqlsrv_malloc(1));
Expand Down Expand Up @@ -538,6 +538,7 @@ namespace data_classification {
while (npairs--) {
int namelen, idlen;
unsigned char *nameptr, *idptr;
SQLLEN field_len;

sqlsrv_malloc_auto_ptr<name_id_pair> pair;
pair = new(sqlsrv_malloc(sizeof(name_id_pair))) name_id_pair();
Expand All @@ -549,7 +550,7 @@ namespace data_classification {
nameptr = ptr;

pair->name_len = namelen;
convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name);
convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name, field_len);
pair->name = name;

ptr += namelen * 2;
Expand All @@ -558,7 +559,7 @@ namespace data_classification {
ptr += idlen * 2;

pair->id_len = idlen;
convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id);
convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id, field_len);
pair->id = id;

pairs->push_back(pair.get());
Expand Down