From d5302c0bad94f808f0b192599ddc6b93436c5e91 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Wed, 17 Jul 2024 14:30:59 +0100 Subject: [PATCH] [misc] fix Coverity warnings * Also use a new if_not_assert() construct where possible. --- src/badblocks.c | 11 +++++++- src/bled/crc32.c | 2 ++ src/bled/decompress_gunzip.c | 14 ++++++++-- src/bled/libbb.h | 1 + src/bled/xz_config.h | 1 + src/bled/xz_dec_bcj.c | 1 + src/bled/xz_dec_lzma2.c | 7 +++-- src/dev.c | 18 ++++++++----- src/drive.c | 12 ++++++--- src/ext2fs/dirhash.c | 1 + src/ext2fs/initialize.c | 5 +++- src/format.c | 50 +++++++++++++++++++++++++----------- src/iso.c | 9 ++++--- src/process.c | 9 +++---- src/registry.h | 15 ++++------- src/rufus.c | 6 ++--- src/rufus.h | 3 +++ src/rufus.rc | 10 ++++---- src/stdfn.c | 12 ++++----- src/stdio.c | 3 ++- src/stdlg.c | 3 ++- src/ui.c | 3 ++- src/vhd.c | 5 ++-- src/wue.c | 3 ++- 24 files changed, 134 insertions(+), 70 deletions(-) diff --git a/src/badblocks.c b/src/badblocks.c index 9fd29d28..7a2a3d18 100644 --- a/src/badblocks.c +++ b/src/badblocks.c @@ -426,6 +426,11 @@ static unsigned int test_rw(HANDLE hDrive, blk64_t last_block, size_t block_size cancel_ops = -1; return 0; } + if ((first_block * block_size > 1 * PB) || (last_block * block_size > 1 * PB)) { + uprintf("%sDisk is too large\n", bb_prefix); + cancel_ops = -1; + return 0; + } buffer = allocate_buffer(2 * blocks_at_once * block_size); if (!buffer) { @@ -543,8 +548,12 @@ static unsigned int test_rw(HANDLE hDrive, blk64_t last_block, size_t block_size for (i=0; i < got; i++) { if (memcmp(read_buffer + i * block_size, buffer + i * block_size, - block_size)) + block_size)) { + if_not_assert(currently_testing * block_size < 1 * PB) + goto out; + // coverity[overflow_const] bb_count += bb_output(currently_testing+i-got, CORRUPTION_ERROR); + } } if (v_flag > 1) print_status(); diff --git a/src/bled/crc32.c b/src/bled/crc32.c index ead99050..98e416ad 100644 --- a/src/bled/crc32.c +++ b/src/bled/crc32.c @@ -38,6 +38,7 @@ static void crc32init_le(uint32_t *crc32table_le) crc32table_le[0] = 0; for (i = 1 << (CRC_LE_BITS - 1); i; i >>= 1) { + // coverity[overflow_const] crc = (crc >> 1) ^ ((crc & 1) ? CRCPOLY_LE : 0); for (j = 0; j < 1 << CRC_LE_BITS; j += 2 * i) crc32table_le[i + j] = crc ^ crc32table_le[j]; @@ -81,6 +82,7 @@ static void crc32init_be(uint32_t *crc32table_be) uint32_t crc = 0x80000000; for (i = 1; i < 1 << CRC_BE_BITS; i <<= 1) { + // coverity[overflow_const] crc = (crc << 1) ^ ((crc & 0x80000000) ? CRCPOLY_BE : 0); for (j = 0; j < i; j++) crc32table_be[i + j] = crc ^ crc32table_be[j]; diff --git a/src/bled/decompress_gunzip.c b/src/bled/decompress_gunzip.c index 1d3d832e..6f0ddcf9 100644 --- a/src/bled/decompress_gunzip.c +++ b/src/bled/decompress_gunzip.c @@ -280,6 +280,7 @@ static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current bytebuffer_offset++; *current += 8; } + // coverity[return_overflow] return bitbuffer; } @@ -661,7 +662,7 @@ static NOINLINE int inflate_codes(STATE_PARAM_ONLY) /* called once from inflate_block */ -static void inflate_stored_setup(STATE_PARAM int my_n, int my_b, int my_k) +static void inflate_stored_setup(STATE_PARAM unsigned my_n, unsigned my_b, unsigned my_k) { inflate_stored_n = my_n; inflate_stored_b = my_b; @@ -1043,7 +1044,15 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate) n = (nwrote <0)?nwrote:-1; goto ret; } - IF_DESKTOP(n += nwrote;) +#if ENABLE_DESKTOP + long long int v = n + nwrote; + if (v < n) { + bb_simple_error_msg("overflow"); + n = -1; + goto ret; + } + n = v; +#endif if (r == 0) break; } @@ -1054,6 +1063,7 @@ inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate) bytebuffer_offset--; bytebuffer[bytebuffer_offset] = gunzip_bb & 0xff; gunzip_bb >>= 8; + // coverity[overflow_const] gunzip_bk -= 8; } ret: diff --git a/src/bled/libbb.h b/src/bled/libbb.h index 7d178236..000a1a66 100644 --- a/src/bled/libbb.h +++ b/src/bled/libbb.h @@ -23,6 +23,7 @@ #include "platform.h" #include "msapi_utf8.h" +#include #include #include #include diff --git a/src/bled/xz_config.h b/src/bled/xz_config.h index 05d90af9..682ec553 100644 --- a/src/bled/xz_config.h +++ b/src/bled/xz_config.h @@ -18,6 +18,7 @@ /* #define XZ_DEC_ARMTHUMB */ /* #define XZ_DEC_SPARC */ +#include #include #include #include diff --git a/src/bled/xz_dec_bcj.c b/src/bled/xz_dec_bcj.c index 219a8bc8..495d8a3f 100644 --- a/src/bled/xz_dec_bcj.c +++ b/src/bled/xz_dec_bcj.c @@ -109,6 +109,7 @@ static noinline_for_stack size_t XZ_FUNC bcj_x86( if ((buf[i] & 0xFE) != 0xE8) continue; + // coverity[overflow_const] prev_pos = i - prev_pos; if (prev_pos > 3) { prev_mask = 0; diff --git a/src/bled/xz_dec_lzma2.c b/src/bled/xz_dec_lzma2.c index 7d936a83..ed519d6d 100644 --- a/src/bled/xz_dec_lzma2.c +++ b/src/bled/xz_dec_lzma2.c @@ -622,7 +622,7 @@ static void XZ_FUNC lzma_len(struct xz_dec_lzma2 *s, struct lzma_len_dec *l, uint32_t pos_state) { uint16_t *probs; - uint32_t limit; + uint32_t limit, v; if (!rc_bit(&s->rc, &l->choice)) { probs = l->low[pos_state]; @@ -641,7 +641,9 @@ static void XZ_FUNC lzma_len(struct xz_dec_lzma2 *s, struct lzma_len_dec *l, } } - s->lzma.len += rc_bittree(&s->rc, probs, limit) - limit; + v = s->lzma.len + rc_bittree(&s->rc, probs, limit) - limit; + assert(v >= s->lzma.len); + s->lzma.len = (v < s->lzma.len) ? 0 : v; } /* Decode a match. The distance will be stored in s->lzma.rep0. */ @@ -660,6 +662,7 @@ static void XZ_FUNC lzma_match(struct xz_dec_lzma2 *s, uint32_t pos_state) lzma_len(s, &s->lzma.match_len_dec, pos_state); probs = s->lzma.dist_slot[lzma_get_dist_state(s->lzma.len)]; + // coverity[overflow_const] dist_slot = rc_bittree(&s->rc, probs, DIST_SLOTS) - DIST_SLOTS; if (dist_slot < DIST_MODEL_START) { diff --git a/src/dev.c b/src/dev.c index b223b4bb..801fb124 100644 --- a/src/dev.c +++ b/src/dev.c @@ -137,7 +137,8 @@ BOOL CyclePort(int index) DWORD size; USB_CYCLE_PORT_PARAMS cycle_port; - assert(index < MAX_DRIVES); + if_not_assert(index < MAX_DRIVES) + return -1; // Wait at least 10 secs between resets if (GetTickCount64() < LastReset + 10000ULL) { uprintf("You must wait at least 10 seconds before trying to reset a device"); @@ -190,7 +191,8 @@ int CycleDevice(int index) SP_DEVINFO_DATA dev_info_data; SP_PROPCHANGE_PARAMS propchange_params; - assert(index < MAX_DRIVES); + if_not_assert(index < MAX_DRIVES) + return ERROR_INVALID_DRIVE; if ((index < 0) || (safe_strlen(rufus_drive[index].id) < 8)) return ERROR_INVALID_PARAMETER; @@ -583,8 +585,10 @@ BOOL GetDevices(DWORD devnum) // Better safe than sorry. And yeah, we could have used arrays of // arrays to avoid this, but it's more readable this way. - assert((uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))); - assert((card_start > 0) && (card_start < ARRAYSIZE(genstor_name))); + if_not_assert((uasp_start > 0) && (uasp_start < ARRAYSIZE(usbstor_name))) + goto out; + if_not_assert((card_start > 0) && (card_start < ARRAYSIZE(genstor_name))) + goto out; devid_list = NULL; if (full_list_size != 0) { @@ -671,7 +675,8 @@ BOOL GetDevices(DWORD devnum) } // Also test for "_SD&" instead of "_SD_" and so on to allow for devices like // "SCSI\DiskRicoh_Storage_SD&REV_3.0" to be detected. - assert(strlen(scsi_card_name_copy) > 1); + if_not_assert(strlen(scsi_card_name_copy) > 1) + continue; scsi_card_name_copy[strlen(scsi_card_name_copy) - 1] = '&'; if (safe_strstr(buffer, scsi_card_name_copy) != NULL) { props.is_CARD = TRUE; @@ -999,7 +1004,8 @@ BOOL GetDevices(DWORD devnum) rufus_drive[num_drives].display_name = safe_strdup(display_name); rufus_drive[num_drives].label = safe_strdup(label); rufus_drive[num_drives].size = drive_size; - assert(rufus_drive[num_drives].size != 0); + if_not_assert(rufus_drive[num_drives].size != 0) + break; if (hub_path != NULL) { rufus_drive[num_drives].hub = safe_strdup(hub_path); rufus_drive[num_drives].port = props.port; diff --git a/src/drive.c b/src/drive.c index e3a9d7cb..8d0514d8 100644 --- a/src/drive.c +++ b/src/drive.c @@ -280,9 +280,12 @@ char* GetLogicalName(DWORD DriveIndex, uint64_t PartitionOffset, BOOL bKeepTrail // Sanity checks len = safe_strlen(volume_name); - assert(len > 4); - assert(safe_strnicmp(volume_name, volume_start, 4) == 0); - assert(volume_name[len - 1] == '\\'); + if_not_assert(len > 4) + continue; + if_not_assert(safe_strnicmp(volume_name, volume_start, 4) == 0) + continue; + if_not_assert(volume_name[len - 1] == '\\') + continue; drive_type = GetDriveTypeA(volume_name); if ((drive_type != DRIVE_REMOVABLE) && (drive_type != DRIVE_FIXED)) @@ -1817,7 +1820,8 @@ const char* GetFsName(HANDLE hPhysical, LARGE_INTEGER StartingOffset) } } assert(rev < ARRAYSIZE(ext_names)); - ret = ext_names[rev]; + if (rev < ARRAYSIZE(ext_names)) + ret = ext_names[rev]; goto out; } diff --git a/src/ext2fs/dirhash.c b/src/ext2fs/dirhash.c index 42fe98bb..434910ce 100644 --- a/src/ext2fs/dirhash.c +++ b/src/ext2fs/dirhash.c @@ -45,6 +45,7 @@ static void TEA_transform(__u32 buf[4], __u32 const in[]) int n = 16; do { + // coverity[overflow_const] sum += DELTA; b0 += ((b1 << 4)+a) ^ (b1+sum) ^ ((b1 >> 5)+b); b1 += ((b0 << 4)+c) ^ (b0+sum) ^ ((b0 >> 5)+d); diff --git a/src/ext2fs/initialize.c b/src/ext2fs/initialize.c index afe7d6e9..04c032d2 100644 --- a/src/ext2fs/initialize.c +++ b/src/ext2fs/initialize.c @@ -11,6 +11,7 @@ */ #include "config.h" +#include #include #include #if HAVE_UNISTD_H @@ -374,7 +375,9 @@ ipg_retry: * adjust inode count to reflect the adjusted inodes_per_group */ if ((__u64)super->s_inodes_per_group * fs->group_desc_count > ~0U) { - ipg--; + assert(ipg != 0); + if (ipg != 0) + ipg--; goto ipg_retry; } super->s_inodes_count = super->s_inodes_per_group * diff --git a/src/format.c b/src/format.c index e468883f..fe5b2b69 100644 --- a/src/format.c +++ b/src/format.c @@ -117,8 +117,7 @@ static BOOLEAN __stdcall FormatExCallback(FILE_SYSTEM_CALLBACK_COMMAND Command, if (IS_ERROR(ErrorStatus)) return FALSE; - assert((actual_fs_type >= 0) && (actual_fs_type < FS_MAX)); - if ((actual_fs_type < 0) || (actual_fs_type >= FS_MAX)) + if_not_assert((actual_fs_type >= 0) && (actual_fs_type < FS_MAX)) return FALSE; switch(Command) { @@ -1108,6 +1107,10 @@ static int sector_write(int fd, const void* _buf, unsigned int count) if (sec_size == 0) sec_size = 512; + if_not_assert(sec_size <= 64 * KB) + return -1; + if_not_assert(count <= 1 * GB) + return -1; // If we are on a sector boundary and count is multiple of the // sector size, just issue a regular write @@ -1116,6 +1119,8 @@ static int sector_write(int fd, const void* _buf, unsigned int count) // If we have an existing partial sector, fill and write it if (sec_buf_pos > 0) { + if_not_assert(sec_size >= sec_buf_pos) + return -1; fill_size = min(sec_size - sec_buf_pos, count); memcpy(&sec_buf[sec_buf_pos], buf, fill_size); sec_buf_pos += fill_size; @@ -1133,10 +1138,18 @@ static int sector_write(int fd, const void* _buf, unsigned int count) written = _write(fd, &buf[fill_size], sec_num * sec_size); if (written < 0) return written; - else if (written != sec_num * sec_size) - return fill_size + written; + if (written != sec_num * sec_size) { + // Detect overflows + // coverity[overflow] + int v = fill_size + written; + if_not_assert(v >= fill_size) + return -1; + else + return v; + } sec_buf_pos = count - fill_size - written; - assert(sec_buf_pos < sec_size); + if_not_assert(sec_buf_pos < sec_size) + return -1; // Keep leftover bytes, if any, in the sector buffer if (sec_buf_pos != 0) @@ -1180,7 +1193,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive) uprintf("Could not allocate disk zeroing buffer"); goto out; } - assert((uintptr_t)buffer % SelectedDrive.SectorSize == 0); + if_not_assert((uintptr_t)buffer % SelectedDrive.SectorSize == 0) + goto out; // Clear buffer memset(buffer, fast_zeroing ? 0xff : 0x00, buf_size); @@ -1192,7 +1206,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive) uprintf("Could not allocate disk comparison buffer"); goto out; } - assert((uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0); + if_not_assert((uintptr_t)cmp_buffer % SelectedDrive.SectorSize == 0) + goto out; } read_size[0] = buf_size; @@ -1290,7 +1305,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive) uprintf("Could not allocate disk write buffer"); goto out; } - assert((uintptr_t)sec_buf % SelectedDrive.SectorSize == 0); + if_not_assert((uintptr_t)sec_buf% SelectedDrive.SectorSize == 0) + goto out; sec_buf_pos = 0; bled_init(256 * KB, uprintf, NULL, sector_write, update_progress, NULL, &ErrorStatus); bled_ret = bled_uncompress_with_handles(hSourceImage, hPhysicalDrive, img_report.compression_type); @@ -1312,7 +1328,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive) goto out; } } else { - assert(img_report.compression_type != IMG_COMPRESSION_FFU); + if_not_assert(img_report.compression_type != IMG_COMPRESSION_FFU) + goto out; // VHD/VHDX require mounting the image first if (img_report.compression_type == IMG_COMPRESSION_VHD || img_report.compression_type == IMG_COMPRESSION_VHDX) { @@ -1338,7 +1355,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive) uprintf("Could not allocate disk write buffer"); goto out; } - assert((uintptr_t)buffer % SelectedDrive.SectorSize == 0); + if_not_assert((uintptr_t)buffer% SelectedDrive.SectorSize == 0) + goto out; // Start the initial read ReadFileAsync(hSourceImage, &buffer[read_bufnum * buf_size], (DWORD)MIN(buf_size, target_size)); @@ -1365,7 +1383,8 @@ static BOOL WriteDrive(HANDLE hPhysicalDrive, BOOL bZeroDrive) // 2. WriteFile fails unless the size is a multiple of sector size if (read_size[read_bufnum] % SelectedDrive.SectorSize != 0) { - assert(HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize) <= buf_size); + if_not_assert(HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize) <= buf_size) + goto out; read_size[read_bufnum] = HI_ALIGN_X_TO_Y(read_size[read_bufnum], SelectedDrive.SectorSize); } @@ -1660,7 +1679,8 @@ DWORD WINAPI FormatThread(void* param) if (img_report.compression_type == IMG_COMPRESSION_FFU) { char cmd[MAX_PATH + 128], *physical = NULL; // Should have been filtered out beforehand - assert(has_ffu_support); + if_not_assert(has_ffu_support) + goto out; safe_unlockclose(hPhysicalDrive); physical = GetPhysicalName(SelectedDrive.DeviceNumber); static_sprintf(cmd, "dism /Apply-Ffu /ApplyDrive:%s /ImageFile:\"%s\"", physical, image_path); @@ -1848,8 +1868,7 @@ DWORD WINAPI FormatThread(void* param) // All good } else if (target_type == TT_UEFI) { // For once, no need to do anything - just check our sanity - assert((boot_type == BT_IMAGE) && IS_EFI_BOOTABLE(img_report) && (fs_type <= FS_NTFS)); - if ( (boot_type != BT_IMAGE) || !IS_EFI_BOOTABLE(img_report) || (fs_type > FS_NTFS) ) { + if_not_assert((boot_type == BT_IMAGE) && IS_EFI_BOOTABLE(img_report) && (fs_type <= FS_NTFS)) { ErrorStatus = RUFUS_ERROR(ERROR_INSTALL_FAILURE); goto out; } @@ -1924,7 +1943,8 @@ DWORD WINAPI FormatThread(void* param) ErrorStatus = RUFUS_ERROR(APPERR(ERROR_CANT_PATCH)); } } else { - assert(!img_report.is_windows_img); + if_not_assert(!img_report.is_windows_img) + goto out; if (!ExtractISO(image_path, drive_name, FALSE)) { if (!IS_ERROR(ErrorStatus)) ErrorStatus = RUFUS_ERROR(APPERR(ERROR_ISO_EXTRACT)); diff --git a/src/iso.c b/src/iso.c index a57f22ce..a5b978be 100644 --- a/src/iso.c +++ b/src/iso.c @@ -1571,8 +1571,8 @@ uint32_t ReadISOFileToBuffer(const char* iso, const char* iso_file, uint8_t** bu goto out; } file_length = udf_get_file_length(p_udf_file); - if (file_length > UINT32_MAX) { - uprintf("Only files smaller than 4 GB are supported"); + if (file_length > 1 * GB) { + uprintf("Only files smaller than 1 GB are supported"); goto out; } nblocks = (uint32_t)((file_length + UDF_BLOCKSIZE - 1) / UDF_BLOCKSIZE); @@ -1604,10 +1604,11 @@ try_iso: goto out; } file_length = p_statbuf->total_size; - if (file_length > UINT32_MAX) { - uprintf("Only files smaller than 4 GB are supported"); + if (file_length > 1 * GB) { + uprintf("Only files smaller than 1 GB are supported"); goto out; } + // coverity[cast_overflow] nblocks = (uint32_t)((file_length + ISO_BLOCKSIZE - 1) / ISO_BLOCKSIZE); *buf = malloc(nblocks * ISO_BLOCKSIZE + 1); if (*buf == NULL) { diff --git a/src/process.c b/src/process.c index 0060c397..5505912e 100644 --- a/src/process.c +++ b/src/process.c @@ -407,7 +407,8 @@ static PWSTR GetProcessCommandLine(HANDLE hProcess) ucmdline = (UNICODE_STRING*)(pp + cmd_offset); // In the absolute, someone could craft a process with dodgy attributes to try to cause an overflow - ucmdline->Length = min(ucmdline->Length, 512); + // coverity[cast_overflow] + ucmdline->Length = min(ucmdline->Length, (USHORT)512); wcmdline = (PWSTR)calloc(ucmdline->Length + 1, sizeof(WCHAR)); if (!ReadProcessMemory(hProcess, ucmdline->Buffer, wcmdline, ucmdline->Length, NULL)) { safe_free(wcmdline); @@ -493,8 +494,7 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) // Work on our own copy of the handle names so we don't have to hold the // mutex for string comparison. Update only if the version has changed. if (blocking_process.nVersion[0] != blocking_process.nVersion[1]) { - assert(blocking_process.wHandleName != NULL && blocking_process.nHandles != 0); - if (blocking_process.wHandleName == NULL || blocking_process.nHandles == 0) { + if_not_assert(blocking_process.wHandleName != NULL && blocking_process.nHandles != 0) { ReleaseMutex(hLock); goto out; } @@ -930,8 +930,7 @@ BYTE GetProcessSearch(uint32_t timeout, uint8_t access_mask, BOOL bIgnoreStalePr return 0; } - assert(blocking_process.hLock != NULL); - if (blocking_process.hLock == NULL) + if_not_assert(blocking_process.hLock != NULL) return 0; retry: diff --git a/src/registry.h b/src/registry.h index db85ee3e..e05f00ad 100644 --- a/src/registry.h +++ b/src/registry.h @@ -37,11 +37,9 @@ static __inline BOOL DeleteRegistryKey(HKEY key_root, const char* key_name) HKEY hSoftware = NULL; LONG s; - assert(key_root == REGKEY_HKCU); - if (key_root != REGKEY_HKCU) + if_not_assert(key_root == REGKEY_HKCU) return FALSE; - assert(key_name != NULL); - if (key_name == NULL) + if_not_assert(key_name != NULL) return FALSE; if (RegOpenKeyExA(key_root, "SOFTWARE", 0, KEY_READ|KEY_CREATE_SUB_KEY, &hSoftware) != ERROR_SUCCESS) @@ -135,15 +133,12 @@ static __inline BOOL _SetRegistryKey(HKEY key_root, const char* key_name, DWORD HKEY hRoot = NULL, hApp = NULL; DWORD dwDisp, dwType = reg_type; - assert(key_name != NULL); - if (key_name == NULL) + if_not_assert(key_name != NULL) return FALSE; - assert(key_root == REGKEY_HKCU); - if (key_root != REGKEY_HKCU) + if_not_assert(key_root == REGKEY_HKCU) return FALSE; // Validate that we are always dealing with a short key - assert(strchr(key_name, '\\') == NULL); - if (strchr(key_name, '\\') != NULL) + if_not_assert(strchr(key_name, '\\') == NULL) return FALSE; if (RegOpenKeyExA(key_root, NULL, 0, KEY_READ|KEY_CREATE_SUB_KEY, &hRoot) != ERROR_SUCCESS) { diff --git a/src/rufus.c b/src/rufus.c index 74c73cbc..37747e25 100755 --- a/src/rufus.c +++ b/src/rufus.c @@ -1131,7 +1131,8 @@ static void DisplayISOProps(void) // Insert the image name into the Boot selection dropdown and (re)populate the Image option dropdown static void UpdateImage(BOOL update_image_option_only) { - assert(image_index != 0); + if_not_assert(image_index != 0) + return; if (!update_image_option_only) { if (ComboBox_GetItemData(hBootType, image_index) == BT_IMAGE) @@ -1429,8 +1430,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param) } if (boot_type == BT_IMAGE) { - assert(image_path != NULL); - if (image_path == NULL) + if_not_assert(image_path != NULL) goto out; if ((size_check) && (img_report.projected_size > (uint64_t)SelectedDrive.DiskSize)) { // This ISO image is too big for the selected target diff --git a/src/rufus.h b/src/rufus.h index 5007f9bd..471de019 100644 --- a/src/rufus.h +++ b/src/rufus.h @@ -15,6 +15,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ +#include #include #include #include @@ -36,6 +37,7 @@ #define MB 1048576LL #define GB 1073741824LL #define TB 1099511627776LL +#define PB 1125899906842624LL /* * Features not ready for prime time and that may *DESTROY* your data - USE AT YOUR OWN RISKS! @@ -186,6 +188,7 @@ static __inline void static_repchr(char* p, char s, char r) { } #define to_unix_path(str) static_repchr(str, '\\', '/') #define to_windows_path(str) static_repchr(str, '/', '\\') +#define if_not_assert(cond) assert(cond); if (!(cond)) extern void uprintf(const char *format, ...); extern void uprintfs(const char *str); diff --git a/src/rufus.rc b/src/rufus.rc index 8392db42..c38e7663 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.6.2189" +CAPTION "Rufus 4.6.2190" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -397,8 +397,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,6,2189,0 - PRODUCTVERSION 4,6,2189,0 + FILEVERSION 4,6,2190,0 + PRODUCTVERSION 4,6,2190,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -416,13 +416,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.6.2189" + VALUE "FileVersion", "4.6.2190" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "� 2011-2024 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-4.6.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.6.2189" + VALUE "ProductVersion", "4.6.2190" END END BLOCK "VarFileInfo" diff --git a/src/stdfn.c b/src/stdfn.c index 2dd57632..5265bf94 100644 --- a/src/stdfn.c +++ b/src/stdfn.c @@ -80,8 +80,7 @@ BOOL htab_create(uint32_t nel, htab_table* htab) if (htab == NULL) { return FALSE; } - assert(htab->table == NULL); - if (htab->table != NULL) { + if_not_assert(htab->table == NULL) { uprintf("Warning: htab_create() was called with a non empty table"); return FALSE; } @@ -197,8 +196,7 @@ uint32_t htab_hash(char* str, htab_table* htab) // Not found => New entry // If the table is full return an error - assert(htab->filled < htab->size); - if (htab->filled >= htab->size) { + if_not_assert(htab->filled < htab->size) { uprintf("Hash table is full (%d entries)", htab->size); return 0; } @@ -1199,7 +1197,8 @@ BOOL MountRegistryHive(const HKEY key, const char* pszHiveName, const char* pszH LSTATUS status; HANDLE token = INVALID_HANDLE_VALUE; - assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)); + if_not_assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)) + return FALSE; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token)) { uprintf("Could not get current process token: %s", WindowsErrorString()); @@ -1230,7 +1229,8 @@ BOOL UnmountRegistryHive(const HKEY key, const char* pszHiveName) { LSTATUS status; - assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)); + if_not_assert((key == HKEY_LOCAL_MACHINE) || (key == HKEY_USERS)) + return FALSE; status = RegUnLoadKeyA(key, pszHiveName); if (status != ERROR_SUCCESS) { diff --git a/src/stdio.c b/src/stdio.c index 61984aff..59909196 100644 --- a/src/stdio.c +++ b/src/stdio.c @@ -857,7 +857,8 @@ uint32_t ResolveDllAddress(dll_resolver_t* resolver) // NB: SymLoadModuleEx() does not load a PDB unless the file has an explicit '.pdb' extension base_address = pfSymLoadModuleEx(hRufus, NULL, path, NULL, DEFAULT_BASE_ADDRESS, 0, NULL, 0); - assert(base_address == DEFAULT_BASE_ADDRESS); + if_not_assert(base_address == DEFAULT_BASE_ADDRESS) + goto out; // On Windows 11 ARM64 the following call will return *TWO* different addresses for the same // call, because most Windows DLL's are ARM64X, which means that they are an unholy union of // both X64 and ARM64 code in the same binary... diff --git a/src/stdlg.c b/src/stdlg.c index e75987c4..39e0e127 100644 --- a/src/stdlg.c +++ b/src/stdlg.c @@ -588,7 +588,8 @@ INT_PTR CALLBACK NotificationCallback(HWND hDlg, UINT message, WPARAM wParam, LP return (INT_PTR)TRUE; case IDC_MORE_INFO: if (notification_more_info != NULL) { - assert(notification_more_info->callback != NULL); + if_not_assert(notification_more_info->callback != NULL) + return (INT_PTR)FALSE; if (notification_more_info->id == MORE_INFO_URL) { ShellExecuteA(hDlg, "open", notification_more_info->url, NULL, NULL, SW_SHOWNORMAL); } else { diff --git a/src/ui.c b/src/ui.c index 166e2b0a..e83c77a3 100644 --- a/src/ui.c +++ b/src/ui.c @@ -575,7 +575,8 @@ void SetSectionHeaders(HWND hDlg) memset(wtmp, 0, sizeof(wtmp)); GetWindowTextW(hCtrl, wtmp, ARRAYSIZE(wtmp) - 4); wlen = wcslen(wtmp); - assert(wlen < ARRAYSIZE(wtmp) - 2); + if_not_assert(wlen < ARRAYSIZE(wtmp) - 2) + break; wtmp[wlen++] = L' '; wtmp[wlen++] = L' '; SetWindowTextW(hCtrl, wtmp); diff --git a/src/vhd.c b/src/vhd.c index 4ab0236d..4446d89a 100644 --- a/src/vhd.c +++ b/src/vhd.c @@ -1006,8 +1006,9 @@ static DWORD WINAPI VhdSaveImageThread(void* param) OVERLAPPED overlapped = { 0 }; DWORD r = ERROR_NOT_FOUND, flags; - assert(img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHD || - img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHDX); + if_not_assert(img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHD || + img_save->Type == VIRTUAL_STORAGE_TYPE_DEVICE_VHDX) + return ERROR_INVALID_PARAMETER; UpdateProgressWithInfoInit(NULL, FALSE); diff --git a/src/wue.c b/src/wue.c index b257cb67..9fadd53d 100644 --- a/src/wue.c +++ b/src/wue.c @@ -905,7 +905,8 @@ BOOL ApplyWindowsCustomization(char drive_letter, int flags) // If we have a windowsPE section, copy the answer files to the root of boot.wim as // Autounattend.xml. This also results in that file being automatically copied over // to %WINDIR%\Panther\unattend.xml for later passes processing. - assert(mount_path != NULL); + if_not_assert(mount_path != NULL) + goto out; static_sprintf(path, "%s\\Autounattend.xml", mount_path); if (!CopyFileU(unattend_xml_path, path, TRUE)) { uprintf("Could not create boot.wim 'Autounattend.xml': %s", WindowsErrorString());