From: Kruti Date: Fri, 7 Jun 2024 16:55:03 +0000 (-0700) Subject: [Coverity]: Fix the Y2K38_SAFETY findings from static application security X-Git-Tag: stable-12.4.5~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=539c497e2c29f6023cc17e3e382acc43598cfe33;p=thirdparty%2Fopen-vm-tools.git [Coverity]: Fix the Y2K38_SAFETY findings from static application security testing (SAST) guestInfoServer.c -- 2 issues reported in file issue: casting time_t (64bits) to int (32bits) causing Y2K38_SAFETY. impact: delta is a time delta in seconds, overflow if delta >= (G_MAXINT/1000)+1 fix: Remove cast on delta, cast both values as int64. issue: casting time_t to int for logging to a '%d'. impact: delta is a time delta in seconds, not expected to overflow a 32 bit int. fix: Remove cast on delta, change string to use '%"FMT64"d' format and cast the time_t to int64; time_t is defined as 'long int'. vixTools.c -- 7 issues reported in file issue: casting time_t to int for convertion to string (xml) impact: procStartTime is a time from epoch, it will overflow the int in Y2K38. fix: Remove the cast, change the string to use '%"FMT64"d"' and cast the time_t to int64; time_t is defined as 'long int'. issues: casting time_t to int in call to VixToolsPrintProcInfoEx. impact: The times used are time from epoch and will be impacted by Y2K38. fix: Change signature of VixToolsPrintProcInfoEx to take in time_t types. Change VixToolsPrintProcInfoEx to use '%"FMT64"d' in string conversions. and cast the time_t to int64; time_t is defined as 'long int'. --- diff --git a/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c b/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c index 8ec1236e3..f4e405a9f 100644 --- a/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c +++ b/open-vm-tools/services/plugins/guestInfo/guestInfoServer.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 1998-2023 VMware, Inc. All rights reserved. + * Copyright (c) 1998-2024 Broadcom. All rights reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -304,13 +305,13 @@ GuestInfoCheckIfRunningSlow(ToolsAppCtx *ctx) * Have a long enough delta to ensure that we have really missed a * collection. */ - if (((int) delta * 1000) >= (2 * guestInfoPollInterval)) { + if (((int64)delta * 1000) >= ((int64) 2 * guestInfoPollInterval)) { gchar *msg, *rpcMsg; msg = g_strdup_printf( "*** WARNING: GuestInfo collection interval longer than " - "expected; actual=%d sec, expected=%d sec. ***\n", - (int) delta, guestInfoPollInterval / 1000); + "expected; actual=%"FMT64"d sec, expected=%d sec. ***\n", + (int64) delta, guestInfoPollInterval / 1000); rpcMsg = g_strdup_printf("log %s", msg); diff --git a/open-vm-tools/services/plugins/vix/vixTools.c b/open-vm-tools/services/plugins/vix/vixTools.c index 75d24a29e..46fb83744 100644 --- a/open-vm-tools/services/plugins/vix/vixTools.c +++ b/open-vm-tools/services/plugins/vix/vixTools.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (c) 2007-2023 VMware, Inc. All rights reserved. + * Copyright (c) 2007-2024 Broadcom. All rights reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -590,9 +591,9 @@ static VixError VixToolsPrintProcInfoEx(DynBuf *dstBuffer, const char *name, uint64 pid, const char *user, - int start, + time_t start, int exitCode, - int exitTime); + time_t exitTime); static VixError VixToolsListDirectory(VixCommandRequestHeader *requestMsg, size_t maxBufferSize, @@ -5383,13 +5384,13 @@ VixToolsListProcesses(VixCommandRequestHeader *requestMsg, // IN "%d" #endif "%s" - "%d" + "%"FMT64"d" "", cmdNamePtr, name, (int) procInfo->procId, #if defined(_WIN32) (int) procInfo->procDebugged, #endif - user, (int) procInfo->procStartTime); + user, (int64) procInfo->procStartTime); if (NULL == procBufPtr) { err = VIX_E_OUT_OF_MEMORY; goto quit; @@ -5552,9 +5553,9 @@ VixToolsListProcessesExGenerateData(uint32 numPids, // IN spList->fullCommandLine, spList->pid, spList->user, - (int) spList->startTime, + spList->startTime, spList->exitCode, - (int) spList->endTime); + spList->endTime); if (VIX_OK != err) { goto quit; } @@ -5572,9 +5573,9 @@ VixToolsListProcessesExGenerateData(uint32 numPids, // IN spList->fullCommandLine, spList->pid, spList->user, - (int) spList->startTime, + spList->startTime, spList->exitCode, - (int) spList->endTime); + spList->endTime); if (VIX_OK != err) { goto quit; } @@ -5648,7 +5649,7 @@ VixToolsListProcessesExGenerateData(uint32 numPids, // IN procInfo->procId, (NULL == procInfo->procOwner) ? "" : procInfo->procOwner, - (int) procInfo->procStartTime, + procInfo->procStartTime, 0, 0); if (VIX_OK != err) { goto quit; @@ -5669,7 +5670,7 @@ VixToolsListProcessesExGenerateData(uint32 numPids, // IN procInfo->procId, (NULL == procInfo->procOwner) ? "" : procInfo->procOwner, - (int) procInfo->procStartTime, + procInfo->procStartTime, 0, 0); if (VIX_OK != err) { goto quit; @@ -5996,9 +5997,9 @@ VixToolsPrintProcInfoEx(DynBuf *dstBuffer, // IN/OUT const char *name, // IN uint64 pid, // IN const char *user, // IN - int start, // IN + time_t start, // IN int exitCode, // IN - int exitTime) // IN + time_t exitTime) // IN { VixError err; char *escapedName = NULL; @@ -6038,12 +6039,12 @@ VixToolsPrintProcInfoEx(DynBuf *dstBuffer, // IN/OUT "%s" "%"FMT64"d" "%s" - "%d" + "%"FMT64"d" "%d" - "%d" + "%"FMT64"d" "", cmdNamePtr, escapedName, pid, escapedUser, - start, exitCode, exitTime); + (int64) start, exitCode, (int64) exitTime); if (NULL == procInfoEntry) { err = VIX_E_OUT_OF_MEMORY; goto quit;