Fixed Coverity 'High Impact Outstanding' issues:

CIDs in main code: 1446691 1446688 (false positive) 1446672 (false positive) 1446643 1446642 1446641 1446635 (false positive) CIDs in debugger: 1472410 1446728 (false positive) 1446684 1446673 1472409 1446693 1446692 1446726 1446687 1446685 1446683
2024-06-01 14:41:33 +00:00 · 2018-11-06 19:12:10 +00:00 · 2018-11-06 19:12:10 +00:00 · f9b7d9326e
commit f9b7d9326e
parent 3bf94eca9d
9 changed files with 36 additions and 15 deletions
--- a/source/Applewin.cpp
+++ b/source/Applewin.cpp
@ -1281,6 +1281,10 @@ int APIENTRY WinMain(HINSTANCE passinstance, HINSTANCE, LPSTR lpCmdLine, int)
 		{
 			lpCmdLine = GetCurrArg(lpNextArg);
 			lpNextArg = GetNextArg(lpNextArg);
+
+			if (g_hCustomRomF8 != INVALID_HANDLE_VALUE)	// Stop resource leak if -f8rom is specified twice!
+				CloseHandle(g_hCustomRomF8);
+
 			g_hCustomRomF8 = CreateFile(lpCmdLine, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL);
 			if ((g_hCustomRomF8 == INVALID_HANDLE_VALUE) || (GetFileSize(g_hCustomRomF8, NULL) != 0x800))
 				g_bCustomRomF8Failed = true;
--- a/source/Debugger/Debug.cpp
+++ b/source/Debugger/Debug.cpp
@ -3639,7 +3639,7 @@ Update_t CmdFlagClear (int nArgs)
 {
 	int iFlag = (g_iCommand - CMD_FLAG_CLR_C);

-	if (g_iCommand == CMD_FLAG_CLEAR)
+	if (g_iCommand == CMD_FLAG_CLEAR)	// Undocumented: "cl f f ... f", eg: "se n v c" (TODO: Conflicts with monitor command #L -> 000CL)
 	{
 		int iArg = nArgs;
 		while (iArg)
@ -3648,9 +3648,10 @@ Update_t CmdFlagClear (int nArgs)
 			while (iFlag < _6502_NUM_FLAGS)
 			{
 //				if (g_aFlagNames[iFlag] == g_aArgs[iArg].sArg[0])
-				if (g_aBreakpointSource[ BP_SRC_FLAG_N + iFlag ][0] == g_aArgs[iArg].sArg[0])
+				if (g_aBreakpointSource[ BP_SRC_FLAG_N - iFlag ][0] == toupper(g_aArgs[iArg].sArg[0]))
 				{
-					regs.ps &= ~(1 << iFlag);
+					regs.ps &= ~(1 << (7-iFlag));
+					break;
 				}
 				iFlag++;
 			}
@ -3670,7 +3671,7 @@ Update_t CmdFlagSet (int nArgs)
 {
 	int iFlag = (g_iCommand - CMD_FLAG_SET_C);

-	if (g_iCommand == CMD_FLAG_SET)
+	if (g_iCommand == CMD_FLAG_SET)	// Undocumented: "se f f ... f", eg: "se n v c"
 	{
 		int iArg = nArgs;
 		while (iArg)
@ -3679,9 +3680,10 @@ Update_t CmdFlagSet (int nArgs)
 			while (iFlag < _6502_NUM_FLAGS)
 			{
 //				if (g_aFlagNames[iFlag] == g_aArgs[iArg].sArg[0])
-				if (g_aBreakpointSource[ BP_SRC_FLAG_N + iFlag ][0] == g_aArgs[iArg].sArg[0])
+				if (g_aBreakpointSource[ BP_SRC_FLAG_N - iFlag ][0] == toupper(g_aArgs[iArg].sArg[0]))
 				{
-					regs.ps |= (1 << iFlag);
+					regs.ps |= (1 << (7-iFlag));
+					break;
 				}
 				iFlag++;
 			}
@ -4151,8 +4153,12 @@ Update_t CmdConfigSetDebugDir (int nArgs)
 		{
 			_tcsncpy( sPath, g_sCurrentDir, 2 );	// Prefix with drive letter & colon
 			sPath[2] = 0;
+			_tcscat( sPath, g_aArgs[1].sArg );
+		}
+		else
+		{
+			_tcscpy( sPath, g_aArgs[1].sArg );
 		}
-		_tcscat( sPath, g_aArgs[1].sArg );
 	}
 	else									// Relative
 	{
@ -6454,7 +6460,8 @@ Update_t CmdOutputRun (int nArgs)

 //	if (g_aArgs[1].bType & TYPE_QUOTED_2)

-	_tcscpy( sMiniFileName, pFileName );
+	_tcsncpy( sMiniFileName, pFileName, sizeof(sMiniFileName) );
+	sMiniFileName[sizeof(sMiniFileName)-1] = 0;
 //	_tcscat( sMiniFileName, ".aws" ); // HACK: MAGIC STRING

 	if (pFileName[0] == '\\' || pFileName[1] == ':')	// NB. Any prefix quote has already been stripped
@ -7616,7 +7623,7 @@ Update_t CmdZeroPagePointer (int nArgs)
 //	int nPtrNum = g_aArgs[0].sArg[1] - '0'; // HACK: hard-coded to command length
 	int iZP = g_iCommand - CMD_ZEROPAGE_POINTER_0;

-	if( (iZP < 0) || (iZP > MAX_ZEROPAGE_POINTERS) )
+	if( (iZP < 0) || (iZP >= MAX_ZEROPAGE_POINTERS) )
 		return Help_Arg_1( g_iCommand );

 	if (nArgs == 0)
--- a/source/Debugger/Debugger_DisassemblerData.cpp
+++ b/source/Debugger/Debugger_DisassemblerData.cpp
@ -81,16 +81,21 @@ WORD _CmdDefineByteRange(int nArgs,int iArg,DisasmData_t & tData_)
 //	tData_.nArraySize = 0;

 	char *pSymbolName = "";
-	char aSymbolName[ 32 ];
+	char aSymbolName[ MAX_SYMBOLS_LEN+1 ];
 	SymbolTable_Index_e eSymbolTable = SYMBOLS_ASSEMBLY;
 	bool bAutoDefineName = false; // 2.7.0.34

 	if( nArgs > 1 )
 	{
 		if( g_aArgs[ 2 ].eToken == TOKEN_COLON ) // 2.7.0.31 Bug fix: DB range, i.e. DB 174E:174F
+		{
 			bAutoDefineName = true;
+		}
 		else
+		{
 			pSymbolName = g_aArgs[ 1 ].sArg;
+			pSymbolName[MAX_SYMBOLS_LEN] = 0;	// truncate to max symbol length
+		}
 	}
 	else
 	{
--- a/source/Debugger/Debugger_Display.cpp
+++ b/source/Debugger/Debugger_Display.cpp
@ -1792,7 +1792,8 @@ void FormatDisassemblyLine( const DisasmLine_t & line, char * sDisassembly, cons
 		if (line.bTargetImmediate)
 		{
 			strcat( sDisassembly, "#" );
-			strcpy( sTarget, line.sTarget ); // sTarget
+			strncpy( sTarget, line.sTarget, sizeof(sTarget) );
+			sTarget[sizeof(sTarget)-1] = 0;
 		}
 		else
 			sprintf( sTarget, g_aOpmodes[ line.iOpmode ].m_sFormat, line.nTarget );
@ -2460,7 +2461,7 @@ void DrawMemory ( int line, int iMemDump )
 	char sText[ MAX_MEM_VIEW_TXT * 2 ];
 	char sData[ MAX_MEM_VIEW_TXT * 2 ];

-	char sType   [ 4 ] = "Mem";
+	char sType   [ 6 ] = "Mem";
 	char sAddress[ 8 ] = "";

 	int iForeground = FG_INFO_OPCODE;
--- a/source/Debugger/Debugger_Parser.cpp
+++ b/source/Debugger/Debugger_Parser.cpp
@ -127,7 +127,7 @@ int _Arg_Shift( int iSrc, int iEnd, int iDst )
 {
 	if (iDst < 0)
 		return ARG_SYNTAX_ERROR;
-	if (iDst > MAX_ARGS)
+	if (iDst >= MAX_ARGS)
 		return ARG_SYNTAX_ERROR;

 	int nArgs = (iEnd - iSrc);
@ -151,10 +151,10 @@ int _Args_Insert( int iSrc, int iEnd, int nLen )
 	iSrc += nLen;
 	int iDst = iEnd + nLen;

-	if (iDst > MAX_ARGS)
+	if (iDst >= MAX_ARGS)
 		return ARG_SYNTAX_ERROR;

-	if (iSrc > MAX_ARGS)
+	if (iSrc >= MAX_ARGS)
 		return ARG_SYNTAX_ERROR;
 	
 	while (nLen--)
--- a/source/DiskImageHelper.cpp
+++ b/source/DiskImageHelper.cpp
@ -1268,6 +1268,7 @@ ImageError_e CImageHelperBase::CheckZipFile(LPCTSTR pszImageFilename, ImageInfo*
 		return eIMAGE_ERROR_ZIP;

 	strncpy(pImageInfo->szFilenameInZip, szFilename, MAX_PATH);
+	pImageInfo->szFilenameInZip[MAX_PATH-1] = 0;
 	memcpy(&pImageInfo->zipFileInfo.tmz_date, &file_info.tmu_date, sizeof(file_info.tmu_date));
 	pImageInfo->zipFileInfo.dosDate     = file_info.dosDate;
 	pImageInfo->zipFileInfo.internal_fa = file_info.internal_fa;
--- a/source/Memory.cpp
+++ b/source/Memory.cpp
@ -1580,6 +1580,7 @@ void MemInitializeCustomF8ROM(void)
 		{
 			memcpy(memrom, OldRom, Apple2RomSize);	// ROM at $D000...$FFFF
 			bRes = FALSE;
+			// NB. Keep g_hCustomRomF8 handle open - so that any next restart can load it again
 		}

 		if (!bRes)
--- a/source/ParallelPrinter.cpp
+++ b/source/ParallelPrinter.cpp
@ -315,6 +315,7 @@ bool Printer_LoadSnapshot(class YamlLoadHelper& yamlLoadHelper, UINT slot, UINT
 	inactivity					= yamlLoadHelper.LoadUint(SS_YAML_KEY_INACTIVITY);
 	g_PrinterIdleLimit			= yamlLoadHelper.LoadUint(SS_YAML_KEY_IDLELIMIT);
 	strncpy(g_szPrintFilename, yamlLoadHelper.LoadString(SS_YAML_KEY_FILENAME).c_str(), sizeof(g_szPrintFilename));
+	g_szPrintFilename[sizeof(g_szPrintFilename)-1] = 0;

 	if (yamlLoadHelper.LoadBool(SS_YAML_KEY_FILEOPEN))
 	{
--- a/source/SerialComms.cpp
+++ b/source/SerialComms.cpp
@ -1316,6 +1316,7 @@ char* CSuperSerialCard::GetSerialPortChoices()
 void CSuperSerialCard::SetSerialPortName(const char* pSerialPortName)
 {
 	strncpy(m_ayCurrentSerialPortName, pSerialPortName, SIZEOF_SERIALCHOICE_ITEM);
+	m_ayCurrentSerialPortName[SIZEOF_SERIALCHOICE_ITEM-1] = 0;

 	// Init m_aySerialPortChoices, so that we have choices to show if serial is active when we 1st open Config dialog
 	GetSerialPortChoices();