/pidgin/main: 5841bd4da162: Fix even more coverity warnings

[Tomasz Wasilczyk]

Changeset: 5841bd4da1623bcb334df9879330b27b58e635a6
Author:	 Tomasz Wasilczyk <twasilczyk at pidgin.im>
Date:	 2014-05-07 00:39 +0200
Branch:	 release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/5841bd4da162

Description:

Fix even more coverity warnings

diffstat:

 libpurple/dnsquery.c |  4 +++-
 libpurple/dnssrv.c   |  6 ++++++
 libpurple/util.c     |  8 +++++++-
 libpurple/xmlnode.c  |  1 +
 pidgin/gtkthemes.c   |  1 +
 5 files changed, 18 insertions(+), 2 deletions(-)

diffs (90 lines):

diff --git a/libpurple/dnsquery.c b/libpurple/dnsquery.c
--- a/libpurple/dnsquery.c
+++ b/libpurple/dnsquery.c
@@ -38,6 +38,8 @@
 #include <resolv.h>
 #endif
 
+#define MAX_ADDR_RESPONSE_LEN 1048576
+
 #if (defined(__APPLE__) || defined (__unix__)) && !defined(__osf__)
 #define PURPLE_DNSQUERY_USE_FORK
 #endif
@@ -665,7 +667,7 @@ host_resolved(gpointer data, gint source
 		/* Success! */
 		while (rc > 0) {
 			rc = read(query_data->resolver->fd_out, &addrlen, sizeof(addrlen));
-			if (rc > 0 && addrlen > 0) {
+			if (rc > 0 && addrlen > 0 && addrlen < MAX_ADDR_RESPONSE_LEN) {
 				addr = g_malloc(addrlen);
 				rc = read(query_data->resolver->fd_out, addr, addrlen);
 				hosts = g_slist_append(hosts, GINT_TO_POINTER(addrlen));
diff --git a/libpurple/dnssrv.c b/libpurple/dnssrv.c
--- a/libpurple/dnssrv.c
+++ b/libpurple/dnssrv.c
@@ -49,6 +49,8 @@
 #define T_TXT	PurpleDnsTypeTxt
 #endif
 
+#define MAX_ADDR_RESPONSE_LEN 1048576
+
 #include "debug.h"
 #include "dnssrv.h"
 #include "eventloop.h"
@@ -481,6 +483,10 @@ resolved(gpointer data, gint source, Pur
 
 	if (read(source, &type, sizeof(type)) == sizeof(type)) {
 		if (read(source, &size, sizeof(size)) == sizeof(size)) {
+			if (size < -1 || size > MAX_ADDR_RESPONSE_LEN) {
+				purple_debug_warning("dnssrv", "res_query returned invalid number\n");
+				size = 0;
+			}
 			if (size == -1 || size == 0) {
 				if (size == -1) {
 					purple_debug_warning("dnssrv", "res_query returned an error\n");
diff --git a/libpurple/util.c b/libpurple/util.c
--- a/libpurple/util.c
+++ b/libpurple/util.c
@@ -3836,13 +3836,19 @@ url_fetch_recv_cb(gpointer url_data, gin
 	char *data_cursor;
 	gboolean got_eof = FALSE;
 
+	if (!gfud->is_ssl && source < 0) {
+		g_warn_if_reached();
+		len = -1;
+		errno = EINVAL;
+	}
+
 	/*
 	 * Read data in a loop until we can't read any more!  This is a
 	 * little confusing because we read using a different function
 	 * depending on whether the socket is ssl or cleartext.
 	 */
 	while ((gfud->is_ssl && ((len = purple_ssl_read(gfud->ssl_connection, buf, sizeof(buf))) > 0)) ||
-			(!gfud->is_ssl && (len = read(source, buf, sizeof(buf))) > 0))
+		(!gfud->is_ssl && source >= 0 && (len = read(source, buf, sizeof(buf))) > 0))
 	{
 		if((gfud->len + len) > gfud->max_len) {
 			purple_util_fetch_url_error(gfud, _("Error reading from %s: response too long (%d bytes limit)"),
diff --git a/libpurple/xmlnode.c b/libpurple/xmlnode.c
--- a/libpurple/xmlnode.c
+++ b/libpurple/xmlnode.c
@@ -843,6 +843,7 @@ xmlnode_copy(const xmlnode *src)
 			sibling = sibling->next;
 		} else {
 			ret->child = xmlnode_copy(child);
+			/* coverity[copy_paste_error] */
 			sibling = ret->child;
 		}
 		sibling->parent = ret;
diff --git a/pidgin/gtkthemes.c b/pidgin/gtkthemes.c
--- a/pidgin/gtkthemes.c
+++ b/pidgin/gtkthemes.c
@@ -320,6 +320,7 @@ void pidgin_themes_load_smiley_theme(con
 				while (*i && !isspace(*i) && li < sizeof(l) - 1) {
 					if (*i == '\\' && *(i+1) != '\0')
 						i++;
+					/* coverity[tainted_data] */
 					next = g_utf8_next_char(i);
 					if ((next - i) > (sizeof(l) - li -1)) {
 						break;