Build with -Wstrict-overflow=5 and fix revealed warnings.

Some of these are actual bugs, but none are security-sensitive.
2022-08-10 11:32:30 -04:00 · 2022-08-10 11:32:30 -04:00 · 6c44f536ad
commit 6c44f536ad
parent 9338aa37c2
6 changed files with 361 additions and 343 deletions
--- a/2
+++ b/2
@ -3,7 +3,7 @@ NDHC_OBJS = $(NDHC_SRCS:.c=.o)
 NDHC_DEP = $(NDHC_SRCS:.c=.d)
 INCL = -I.
-CFLAGS = -MMD -O2 -s -std=gnu99 -pedantic -Wall -Wextra -Wimplicit-fallthrough=0 -Wformat=2 -Wformat-nonliteral -Wformat-security -Wshadow -Wpointer-arith -Wmissing-prototypes -Wunused-const-variable=0 -Wcast-qual -Wsign-conversion -D_GNU_SOURCE -Wno-discarded-qualifiers
+CFLAGS = -MMD -O2 -s -std=gnu99 -pedantic -Wall -Wextra -Wimplicit-fallthrough=0 -Wformat=2 -Wformat-nonliteral -Wformat-security -Wshadow -Wpointer-arith -Wmissing-prototypes -Wunused-const-variable=0 -Wcast-qual -Wsign-conversion -D_GNU_SOURCE -Wno-discarded-qualifiers -Wstrict-overflow=5
 CPPFLAGS += $(INCL)
 all: ragel ndhc
--- a/arp.c
+++ b/arp.c
@ -27,10 +27,10 @@
 #define ARP_MAX_TRIES 3
 // From RFC5227
-int arp_probe_wait = 1000;         // initial random delay (ms)
+unsigned arp_probe_wait = 1000;         // initial random delay (ms)
-int arp_probe_num = 3;             // number of probe packets
+unsigned arp_probe_num = 3;        // number of probe packets
-int arp_probe_min = 1000;          // minimum delay until repeated probe (ms)
+unsigned arp_probe_min = 1000;          // minimum delay until repeated probe (ms)
-int arp_probe_max = 2000;          // maximum delay until repeated probe (ms)
+unsigned arp_probe_max = 2000;          // maximum delay until repeated probe (ms)
 #define ANNOUNCE_WAIT 2000         // delay before announcing
 #define ANNOUNCE_NUM 2             // number of Announcement packets
 #define ANNOUNCE_INTERVAL 2000     // time between Announcement packets
@ -368,12 +368,12 @@ static int arp_is_query_reply(struct arpMsg *am)
    return 1;
 }
-static int arp_gen_probe_wait(struct client_state_t *cs)
+static unsigned arp_gen_probe_wait(struct client_state_t *cs)
 {
-    int range = arp_probe_max - arp_probe_min;
+    unsigned range = arp_probe_max - arp_probe_min;
    if (range < 1000) range = 1000;
    // This is not a uniform distribution but it doesn't matter here.
-    return arp_probe_min + (int)(nk_random_u32(&cs->rnd_state) % (unsigned)range);
+    return arp_probe_min + nk_random_u32(&cs->rnd_state) % range;
 }
 int arp_defense_timeout(struct client_state_t *cs, long long nowts)
@ -477,7 +477,7 @@ int arp_gw_query_timeout(struct client_state_t *cs, long long nowts)
 int arp_collision_timeout(struct client_state_t *cs, long long nowts)
 {
-    if (nowts >= garp.arp_check_start_ts + ANNOUNCE_WAIT ||
+    if (nowts - garp.arp_check_start_ts >= ANNOUNCE_WAIT ||
        garp.send_stats[ASEND_COLLISION_CHECK].count >= arp_probe_num)
    {
        char clibuf[INET_ADDRSTRLEN];
--- a/arp.h
+++ b/arp.h
@ -28,10 +28,10 @@ struct arpMsg {
    uint8_t  pad[18];       // 2a pad for min. ethernet payload (60 bytes)
 };
-extern int arp_probe_wait;
+extern unsigned arp_probe_wait;
-extern int arp_probe_num;
+extern unsigned arp_probe_num;
-extern int arp_probe_min;
+extern unsigned arp_probe_min;
-extern int arp_probe_max;
+extern unsigned arp_probe_max;
 typedef enum {
    AS_NONE = 0,        // Nothing to react to wrt ARP
@ -55,7 +55,7 @@ typedef enum {
 struct arp_stats {
    long long ts;
-    int count;
+    unsigned count;
 };
 struct arp_data {
@ -68,7 +68,7 @@ struct arp_data {
                                  // AS_COLLISION_CHECK state.
    unsigned int total_conflicts; // Total number of address conflicts on
                                  // the interface.  Never decreases.
-    int gw_check_initpings;       // Initial count of ASEND_GW_PING when
+    unsigned gw_check_initpings;  // Initial count of ASEND_GW_PING when
                                  // AS_GW_CHECK was entered.
    uint16_t probe_wait_time;     // Time to wait for a COLLISION_CHECK reply
                                  // (in ms?).
--- a/cfg.c
+++ b/cfg.c
--- a/cfg.rl
+++ b/cfg.rl
@ -108,15 +108,17 @@ struct cfgparse {
    action arp_probe_wait {
        int t = atoi(ccfg.buf);
        if (t >= 0)
-            arp_probe_wait = t;
+            arp_probe_wait = (unsigned)t;
    }
    action arp_probe_num {
        int t = atoi(ccfg.buf);
        if (t >= 0)
-            arp_probe_num = t;
+            arp_probe_num = (unsigned)t;
    }
    action arp_probe_min {
-        int t = atoi(ccfg.buf);
+        int ti = atoi(ccfg.buf);
        if (ti >= 0) {
            unsigned t = (unsigned)ti;
            arp_probe_min = t;
            if (arp_probe_min > arp_probe_max) {
                t = arp_probe_max;
@ -124,8 +126,11 @@ struct cfgparse {
                arp_probe_min = t;
            }
        }
    }
    action arp_probe_max {
-        int t = atoi(ccfg.buf);
+        int ti = atoi(ccfg.buf);
        if (ti >= 0) {
            unsigned t = (unsigned)ti;
            arp_probe_max = t;
            if (arp_probe_min > arp_probe_max) {
                t = arp_probe_max;
@ -133,6 +138,7 @@ struct cfgparse {
                arp_probe_min = t;
            }
        }
    }
    action gw_metric {
        char *q;
        long mt = strtol(ccfg.buf, &q, 10);
--- a/options.c
+++ b/options.c
@ -9,9 +9,9 @@
 #include "options.h"
-static int do_overload_value(const uint8_t *buf, ssize_t blen, int overload)
+static int do_overload_value(const uint8_t *buf, size_t blen, int overload)
 {
-    ssize_t i = 0;
+    size_t i = 0;
    while (i < blen) {
        if (buf[i] == DCODE_PADDING) {
            ++i;
@ -19,7 +19,7 @@ static int do_overload_value(const uint8_t *buf, ssize_t blen, int overload)
        }
        if (buf[i] == DCODE_END)
            break;
-        if (i >= blen - 2)
+        if (i + 2 >= blen)
            break;
        if (buf[i] == DCODE_OVERLOAD) {
            if (buf[i+1] == 1) {