From 1e4991c4ad9f6499354ce7611fb3370b383bbbe3 Mon Sep 17 00:00:00 2001 From: Reini Urban Date: Sun, 8 May 2022 16:59:23 +0200 Subject: [PATCH] codeql: integer-multiplication-cast-to-long Multiplication result converted to larger type with possible arithmetic overflow. codeql #2, #3, #5 --- src/decode.c | 2 +- src/dwg.spec | 2 +- src/dwg_api.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/decode.c b/src/decode.c index 0a59306d53..8b1365a823 100644 --- a/src/decode.c +++ b/src/decode.c @@ -1889,7 +1889,7 @@ read_2004_compressed_section (Bit_Chain *dat, Dwg_Data *restrict dwg, info->name, info->num_sections, info->max_decomp_size); return DWG_ERR_VALUEOUTOFBOUNDS; } - if (info->size > info->num_sections * info->max_decomp_size || info->size < 0) + if (info->size > (int64_t)info->num_sections * (int64_t)info->max_decomp_size || info->size < 0) { LOG_ERROR ("Invalid section %s size %" PRId64 " > %u * " FORMAT_RL, info->name, info->size, info->num_sections, info->max_decomp_size); diff --git a/src/dwg.spec b/src/dwg.spec index 30c019641e..a41b4c5b4a 100644 --- a/src/dwg.spec +++ b/src/dwg.spec @@ -6159,7 +6159,7 @@ DWG_ENTITY (TABLE) VALUEOUTOFBOUNDS (num_rows, 5000) FIELD_VECTOR (col_widths, BD, num_cols, 142); FIELD_VECTOR (row_heights, BD, num_rows, 141); - FIELD_VALUE (num_cells) = FIELD_VALUE (num_rows) * FIELD_VALUE (num_cols); + FIELD_VALUE (num_cells) = (unsigned long)FIELD_VALUE (num_rows) * FIELD_VALUE (num_cols); #define cell cells[rcount1] REPEAT (num_cells, cells, Dwg_TABLE_Cell) REPEAT_BLOCK diff --git a/src/dwg_api.c b/src/dwg_api.c index f69b4d5490..735e9286d5 100644 --- a/src/dwg_api.c +++ b/src/dwg_api.c @@ -23419,7 +23419,7 @@ dwg_add_POLYLINE_PFACE (Dwg_Object_BLOCK_HEADER *restrict blkhdr, API_ADD_ENTITY (POLYLINE_PFACE); pl = obj; _pl = _obj; - _pl->vertex = malloc ((numverts + numfaces) * sizeof (BITCODE_H)); + _pl->vertex = malloc (((unsigned long)numverts + numfaces) * sizeof (BITCODE_H)); if (!_pl->vertex) return NULL; _pl->has_vertex = 1;