From 154f767a9c3f1569a35119543796b88425313249 Mon Sep 17 00:00:00 2001 From: Jef Driesen Date: Fri, 7 Jan 2011 23:43:41 +0100 Subject: [PATCH] Convert assertions into error codes. --- src/cressi_edy_parser.c | 1 - src/hw_ostc.c | 1 - src/hw_ostc_parser.c | 15 ++++++++---- src/mares_common.c | 6 ++++- src/mares_iconhd.c | 1 - src/mares_nemo_parser.c | 12 ++++++---- src/oceanic_atom2_parser.c | 1 - src/oceanic_veo250_parser.c | 1 - src/oceanic_vtpro_parser.c | 1 - src/reefnet_sensus.c | 4 ++-- src/reefnet_sensus_parser.c | 4 ++-- src/reefnet_sensuspro_parser.c | 4 ++-- src/reefnet_sensusultra_parser.c | 4 ++-- src/suunto_common.c | 3 ++- src/suunto_d9_parser.c | 40 +++++++++++++++++++++----------- src/suunto_eon.c | 1 - src/suunto_eon_parser.c | 1 - src/suunto_solution.c | 12 ++++++---- src/suunto_solution_parser.c | 7 +++--- src/suunto_vyper2.c | 1 - src/suunto_vyper_parser.c | 4 ++-- src/uwatec_aladin.c | 1 - src/uwatec_memomouse_parser.c | 7 +++--- src/uwatec_smart_parser.c | 20 +++++++++------- 24 files changed, 89 insertions(+), 63 deletions(-) diff --git a/src/cressi_edy_parser.c b/src/cressi_edy_parser.c index ac97052..dc19561 100644 --- a/src/cressi_edy_parser.c +++ b/src/cressi_edy_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "cressi_edy.h" #include "parser-private.h" diff --git a/src/hw_ostc.c b/src/hw_ostc.c index cc57182..a16e3fe 100644 --- a/src/hw_ostc.c +++ b/src/hw_ostc.c @@ -21,7 +21,6 @@ #include // memcmp, memcpy #include // malloc, free -#include // assert #include "device-private.h" #include "hw_ostc.h" diff --git a/src/hw_ostc_parser.c b/src/hw_ostc_parser.c index 988c0b7..488b200 100644 --- a/src/hw_ostc_parser.c +++ b/src/hw_ostc_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "hw_ostc.h" #include "parser-private.h" @@ -151,6 +150,15 @@ hw_ostc_parser_samples_foreach (parser_t *abstract, sample_callback_t callback, for (unsigned int i = 0; i < NINFO; ++i) { info[i].divisor = (data[37 + i] & 0x0F); info[i].size = (data[37 + i] & 0xF0) >> 4; + switch (i) { + case 0: // Temperature + case 2: // Tank pressure + if (info[i].size != 2) + return PARSER_STATUS_ERROR; + break; + default: // Not yet used. + break; + } } unsigned int time = 0; @@ -217,7 +225,6 @@ hw_ostc_parser_samples_foreach (parser_t *abstract, sample_callback_t callback, unsigned int value = 0; switch (i) { case 0: // Temperature (0.1 °C). - assert (info[i].size == 2); value = array_uint16_le (data + offset); sample.temperature = value / 10.0; if (callback) callback (SAMPLE_TYPE_TEMPERATURE, sample, userdata); @@ -225,7 +232,6 @@ hw_ostc_parser_samples_foreach (parser_t *abstract, sample_callback_t callback, case 1: // Deco/NDL Status break; case 2: // Tank pressure - assert (info[i].size == 2); value = array_uint16_le (data + offset); sample.pressure.tank = 0; sample.pressure.value = value; @@ -242,7 +248,8 @@ hw_ostc_parser_samples_foreach (parser_t *abstract, sample_callback_t callback, } } - assert (data[offset] == 0xFD && data[offset + 1] == 0xFD); + if (data[offset] != 0xFD || data[offset + 1] != 0xFD) + return PARSER_STATUS_ERROR; return PARSER_STATUS_SUCCESS; } diff --git a/src/mares_common.c b/src/mares_common.c index e5a5c1a..b1dd944 100644 --- a/src/mares_common.c +++ b/src/mares_common.c @@ -191,7 +191,11 @@ mares_common_extract_dives (mares_common_device_t *device, const mares_common_la // Verify that the number of freedive entries in the session // equals the number of freedives in the profile data. If // both values are different, the profile data is incomplete. - assert (count == nsamples); + if (count != nsamples) { + WARNING ("Unexpected number of freedive sessions."); + free (buffer); + return DEVICE_STATUS_ERROR; + } // Append the profile data to the main logbook entry. The // buffer is guaranteed to have enough space, and the dives diff --git a/src/mares_iconhd.c b/src/mares_iconhd.c index d63422f..55104df 100644 --- a/src/mares_iconhd.c +++ b/src/mares_iconhd.c @@ -21,7 +21,6 @@ #include // memcpy, memcmp #include // malloc, free -#include // assert #include "device-private.h" #include "mares_iconhd.h" diff --git a/src/mares_nemo_parser.c b/src/mares_nemo_parser.c index 3883180..208454d 100644 --- a/src/mares_nemo_parser.c +++ b/src/mares_nemo_parser.c @@ -21,7 +21,6 @@ #include #include -#include #include "mares_nemo.h" #include "parser-private.h" @@ -332,7 +331,9 @@ mares_nemo_parser_samples_foreach (parser_t *abstract, sample_callback_t callbac break; count++; - assert (count <= n); + + if (count > n) + break; // Time (seconds). time += interval; @@ -350,8 +351,10 @@ mares_nemo_parser_samples_foreach (parser_t *abstract, sample_callback_t callbac // equals the predicted number of samples (from the divetime // in the summary entry). If both values are different, the // the profile data is probably incorrect. - assert (count == n); - + if (count != n) { + WARNING ("Unexpected number of samples."); + return PARSER_STATUS_ERROR; + } } else { // Dive Time (seconds). time += divetime; @@ -363,7 +366,6 @@ mares_nemo_parser_samples_foreach (parser_t *abstract, sample_callback_t callbac if (callback) callback (SAMPLE_TYPE_DEPTH, sample, userdata); } } - assert (offset == size); } return PARSER_STATUS_SUCCESS; diff --git a/src/oceanic_atom2_parser.c b/src/oceanic_atom2_parser.c index 06fc6d2..be946be 100644 --- a/src/oceanic_atom2_parser.c +++ b/src/oceanic_atom2_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "oceanic_atom2.h" #include "oceanic_common.h" diff --git a/src/oceanic_veo250_parser.c b/src/oceanic_veo250_parser.c index ebb2c53..d6f06f3 100644 --- a/src/oceanic_veo250_parser.c +++ b/src/oceanic_veo250_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "oceanic_veo250.h" #include "oceanic_common.h" diff --git a/src/oceanic_vtpro_parser.c b/src/oceanic_vtpro_parser.c index 3d0f7f5..78f9f49 100644 --- a/src/oceanic_vtpro_parser.c +++ b/src/oceanic_vtpro_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "oceanic_vtpro.h" #include "oceanic_common.h" diff --git a/src/reefnet_sensus.c b/src/reefnet_sensus.c index 6c75ff7..1d96d61 100644 --- a/src/reefnet_sensus.c +++ b/src/reefnet_sensus.c @@ -21,7 +21,6 @@ #include // memcmp, memcpy #include // malloc, free -#include // assert #include "device-private.h" #include "reefnet_sensus.h" @@ -412,7 +411,8 @@ reefnet_sensus_extract_dives (device_t *abstract, const unsigned char data[], un // Temperature (degrees Fahrenheit) if ((nsamples % 6) == 0) { - assert (offset + 1 <= previous); + if (offset + 1 > previous) + break; offset++; } diff --git a/src/reefnet_sensus_parser.c b/src/reefnet_sensus_parser.c index 4f667d1..2604161 100644 --- a/src/reefnet_sensus_parser.c +++ b/src/reefnet_sensus_parser.c @@ -20,7 +20,6 @@ */ #include // malloc, free -#include // assert #include "reefnet_sensus.h" #include "parser-private.h" @@ -186,7 +185,8 @@ reefnet_sensus_parser_samples_foreach (parser_t *abstract, sample_callback_t cal // Temperature (degrees Fahrenheit) if ((nsamples % 6) == 0) { - assert (offset + 1 <= size); + if (offset + 1 > size) + return PARSER_STATUS_ERROR; unsigned int temperature = data[offset++]; sample.temperature = (temperature - 32.0) * (5.0 / 9.0); if (callback) callback (SAMPLE_TYPE_TEMPERATURE, sample, userdata); diff --git a/src/reefnet_sensuspro_parser.c b/src/reefnet_sensuspro_parser.c index 27ceb87..ca7d05b 100644 --- a/src/reefnet_sensuspro_parser.c +++ b/src/reefnet_sensuspro_parser.c @@ -21,7 +21,6 @@ #include #include // memcmp -#include #include "reefnet_sensuspro.h" #include "parser-private.h" @@ -167,7 +166,8 @@ reefnet_sensuspro_parser_samples_foreach (parser_t *abstract, sample_callback_t unsigned int offset = 0; while (offset + sizeof (header) <= size) { if (memcmp (data + offset, header, sizeof (header)) == 0) { - assert (offset + 10 <= size); + if (offset + 10 > size) + return PARSER_STATUS_ERROR; unsigned int time = 0; unsigned int interval = array_uint16_le (data + offset + 4); diff --git a/src/reefnet_sensusultra_parser.c b/src/reefnet_sensusultra_parser.c index 5da94e0..f23aec1 100644 --- a/src/reefnet_sensusultra_parser.c +++ b/src/reefnet_sensusultra_parser.c @@ -21,7 +21,6 @@ #include #include // memcmp -#include #include "reefnet_sensusultra.h" #include "parser-private.h" @@ -167,7 +166,8 @@ reefnet_sensusultra_parser_samples_foreach (parser_t *abstract, sample_callback_ unsigned int offset = 0; while (offset + sizeof (header) <= size) { if (memcmp (data + offset, header, sizeof (header)) == 0) { - assert (offset + 16 <= size); + if (offset + 16 > size) + return PARSER_STATUS_ERROR; unsigned int time = 0; unsigned int interval = array_uint16_le (data + offset + 8); diff --git a/src/suunto_common.c b/src/suunto_common.c index 13595f4..9cc4361 100644 --- a/src/suunto_common.c +++ b/src/suunto_common.c @@ -138,7 +138,8 @@ suunto_common_extract_dives (suunto_common_device_t *device, const suunto_common free (buffer); - assert (data[current] == 0x82); + if (data[current] != 0x82) + return DEVICE_STATUS_ERROR; return DEVICE_STATUS_SUCCESS; } diff --git a/src/suunto_d9_parser.c b/src/suunto_d9_parser.c index de9317e..a379c46 100644 --- a/src/suunto_d9_parser.c +++ b/src/suunto_d9_parser.c @@ -21,7 +21,6 @@ #include #include // memcmp -#include #include "suunto_d9.h" #include "parser-private.h" @@ -153,7 +152,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback config += 1; // D4 if (parser->model == 0x15) config += 74; // HelO2 - assert (config + 1 <= size); + if (config + 1 > size) + return PARSER_STATUS_ERROR; // Number of parameters in the configuration data. unsigned int nparams = data[config]; @@ -162,18 +162,21 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback unsigned int profile = config + 2 + nparams * 3; if (parser->model == 0x15) profile += 12; // HelO2 - assert (profile + 5 <= size); + if (profile + 5 > size) + return PARSER_STATUS_ERROR; // Sample recording interval. unsigned int interval_sample_offset = 0x1C - SKIP; if (parser->model == 0x15) interval_sample_offset += 6; // HelO2 unsigned int interval_sample = data[interval_sample_offset]; - assert (interval_sample > 0); + if (interval_sample == 0) + return PARSER_STATUS_ERROR; // Temperature recording interval. unsigned int interval_temperature = data[config + 2 + (nparams - 1) * 3 + 1]; - assert (interval_temperature > 0); + if (interval_temperature == 0) + return PARSER_STATUS_ERROR; // Offset to the first marker position. unsigned int marker = array_uint16_le (data + profile + 3); @@ -196,7 +199,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback // Tank pressure (1/100 bar). if (nparams == 3) { - assert (offset + 2 <= size); + if (offset + 2 > size) + return PARSER_STATUS_ERROR; unsigned int pressure = array_uint16_le (data + offset); if (pressure != 0xFFFF) { sample.pressure.tank = 0; @@ -208,7 +212,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback // Temperature (degrees celcius). if (nsamples % interval_temperature == 0) { - assert (offset + 1 <= size); + if (offset + 1 > size) + return PARSER_STATUS_ERROR; sample.temperature = (signed char) data[offset]; if (callback) callback (SAMPLE_TYPE_TEMPERATURE, sample, userdata); offset += 1; @@ -226,15 +231,18 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback sample.event.value = 0; switch (event) { case 0x01: // Next Event Marker - assert (offset + 4 <= size); + if (offset + 4 > size) + return PARSER_STATUS_ERROR; current = array_uint16_le (data + offset + 0); next = array_uint16_le (data + offset + 2); - assert (marker == current); + if (marker != current) + return PARSER_STATUS_ERROR; marker += next; offset += 4; break; case 0x02: // Surfaced - assert (offset + 2 <= size); + if (offset + 2 > size) + return PARSER_STATUS_ERROR; unknown = data[offset + 0]; seconds = data[offset + 1]; sample.event.type = SAMPLE_EVENT_SURFACE; @@ -243,7 +251,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback offset += 2; break; case 0x03: // Event - assert (offset + 2 <= size); + if (offset + 2 > size) + return PARSER_STATUS_ERROR; type = data[offset + 0]; seconds = data[offset + 1]; switch (type & 0x7F) { @@ -321,7 +330,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback offset += 2; break; case 0x04: // Bookmark/Heading - assert (offset + 4 <= size); + if (offset + 4 > size) + return PARSER_STATUS_ERROR; unknown = data[offset + 0]; seconds = data[offset + 1]; heading = array_uint16_le (data + offset + 2); @@ -337,7 +347,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback offset += 4; break; case 0x05: // Gas Change - assert (offset + 2 <= size); + if (offset + 2 > size) + return PARSER_STATUS_ERROR; percentage = data[offset + 0]; seconds = data[offset + 1]; sample.event.type = SAMPLE_EVENT_GASCHANGE; @@ -347,7 +358,8 @@ suunto_d9_parser_samples_foreach (parser_t *abstract, sample_callback_t callback offset += 2; break; case 0x06: // Gas Change - assert (offset + 4 <= size); + if (offset + 4 > size) + return PARSER_STATUS_ERROR; unknown = data[offset + 0]; unknown = data[offset + 1]; percentage = data[offset + 2]; diff --git a/src/suunto_eon.c b/src/suunto_eon.c index 20dbabc..d915a0e 100644 --- a/src/suunto_eon.c +++ b/src/suunto_eon.c @@ -21,7 +21,6 @@ #include // memcmp, memcpy #include // malloc, free -#include // assert #include "device-private.h" #include "suunto_eon.h" diff --git a/src/suunto_eon_parser.c b/src/suunto_eon_parser.c index 7c4974e..1747ab3 100644 --- a/src/suunto_eon_parser.c +++ b/src/suunto_eon_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "suunto_eon.h" #include "parser-private.h" diff --git a/src/suunto_solution.c b/src/suunto_solution.c index a2152a9..1e581d8 100644 --- a/src/suunto_solution.c +++ b/src/suunto_solution.c @@ -20,7 +20,6 @@ */ #include // malloc, free -#include // assert #include "device-private.h" #include "suunto_solution.h" @@ -296,8 +295,12 @@ suunto_solution_extract_dives (device_t *abstract, const unsigned char data[], u // Get the end of the profile ring buffer. unsigned int eop = data[0x18]; - assert (eop >= RB_PROFILE_BEGIN && eop < RB_PROFILE_END); - assert (data[eop] == 0x82); + if (eop < RB_PROFILE_BEGIN || + eop >= RB_PROFILE_END || + data[eop] != 0x82) + { + return DEVICE_STATUS_ERROR; + } // The profile data is stored backwards in the ringbuffer. To locate // the most recent dive, we start from the end of profile marker and @@ -334,7 +337,8 @@ suunto_solution_extract_dives (device_t *abstract, const unsigned char data[], u } } - assert (data[current] == 0x82); + if (data[current] != 0x82) + return DEVICE_STATUS_ERROR; return DEVICE_STATUS_SUCCESS; } diff --git a/src/suunto_solution_parser.c b/src/suunto_solution_parser.c index 28353a9..9dd607d 100644 --- a/src/suunto_solution_parser.c +++ b/src/suunto_solution_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "suunto_solution.h" #include "parser-private.h" @@ -131,7 +130,8 @@ suunto_solution_parser_samples_foreach (parser_t *abstract, sample_callback_t ca // A value of 0x7D (125) or 0x83 (-125) indicates a descent // or ascent greater than 124 feet. The remaining part of // the total delta value is stored in the next byte. - assert (offset < size); + if (offset + 1 > size) + return PARSER_STATUS_ERROR; depth += (signed char) data[offset++]; } sample.depth = depth * FEET; @@ -160,7 +160,8 @@ suunto_solution_parser_samples_foreach (parser_t *abstract, sample_callback_t ca } } - assert (data[offset] == 0x80); + if (data[offset] != 0x80) + return PARSER_STATUS_ERROR; return PARSER_STATUS_SUCCESS; } diff --git a/src/suunto_vyper2.c b/src/suunto_vyper2.c index 61baf6b..7560087 100644 --- a/src/suunto_vyper2.c +++ b/src/suunto_vyper2.c @@ -21,7 +21,6 @@ #include // memcmp, memcpy #include // malloc, free -#include // assert #include "suunto_common2.h" #include "suunto_vyper2.h" diff --git a/src/suunto_vyper_parser.c b/src/suunto_vyper_parser.c index 4c96251..53077bd 100644 --- a/src/suunto_vyper_parser.c +++ b/src/suunto_vyper_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "suunto_vyper.h" #include "parser-private.h" @@ -231,7 +230,8 @@ suunto_vyper_parser_samples_foreach (parser_t *abstract, sample_callback_t callb sample.event.type = SAMPLE_EVENT_SAFETYSTOP; break; case 0x87: // Gas Change - assert (offset < size); + if (offset + 1 > size) + return PARSER_STATUS_ERROR; sample.event.type = SAMPLE_EVENT_GASCHANGE; sample.event.value = data[offset++]; break; diff --git a/src/uwatec_aladin.c b/src/uwatec_aladin.c index 4b20ab5..3df280b 100644 --- a/src/uwatec_aladin.c +++ b/src/uwatec_aladin.c @@ -21,7 +21,6 @@ #include // malloc, free #include // memcpy -#include // assert #include "device-private.h" #include "uwatec_aladin.h" diff --git a/src/uwatec_memomouse_parser.c b/src/uwatec_memomouse_parser.c index 6df999d..940fa3d 100644 --- a/src/uwatec_memomouse_parser.c +++ b/src/uwatec_memomouse_parser.c @@ -20,7 +20,6 @@ */ #include -#include #include "uwatec_memomouse.h" #include "parser-private.h" @@ -210,13 +209,15 @@ uwatec_memomouse_parser_samples_foreach (parser_t *abstract, sample_callback_t c sample.vendor.data = data + offset; // Decompression information. - assert (offset + 1 <= size); + if (offset + 1 > size) + return PARSER_STATUS_ERROR; sample.vendor.size++; offset++; // Oxygen percentage (O2 series only). if (is_oxygen) { - assert (offset + 1 <= size); + if (offset + 1 > size) + return PARSER_STATUS_ERROR; sample.vendor.size++; offset++; } diff --git a/src/uwatec_smart_parser.c b/src/uwatec_smart_parser.c index c11093f..58384b6 100644 --- a/src/uwatec_smart_parser.c +++ b/src/uwatec_smart_parser.c @@ -21,7 +21,6 @@ #include #include // memcmp -#include #include "uwatec_smart.h" #include "parser-private.h" @@ -148,8 +147,6 @@ uwatec_smart_identify (const unsigned char data[], unsigned int size) } } - assert (0); - return (unsigned int) -1; } @@ -177,7 +174,8 @@ uwatec_galileo_identify (unsigned char value) static unsigned int uwatec_smart_fixsignbit (unsigned int x, unsigned int n) { - assert (n > 0); + if (n <= 0 || n > 32) + return 0; unsigned int signbit = (1 << (n - 1)); unsigned int mask = (0xFFFFFFFF << n); @@ -384,7 +382,10 @@ uwatec_smart_parser_samples_foreach (parser_t *abstract, sample_callback_t callb // Uwatec Smart id = uwatec_smart_identify (data + offset, size - offset); } - assert (id < entries); + if (id >= entries) { + WARNING ("Invalid type bits."); + return PARSER_STATUS_ERROR; + } // Skip the processed type bytes. offset += table[id].ntypebits / NBITS; @@ -405,8 +406,13 @@ uwatec_smart_parser_samples_foreach (parser_t *abstract, sample_callback_t callb offset++; } + // Check for buffer overflows. + if (offset + table[id].extrabytes > size) { + WARNING ("Incomplete sample data."); + return PARSER_STATUS_ERROR; + } + // Process the extra data bytes. - assert (offset + table[id].extrabytes <= size); for (unsigned int i = 0; i < table[id].extrabytes; ++i) { nbits += NBITS; value <<= NBITS; @@ -536,7 +542,5 @@ uwatec_smart_parser_samples_foreach (parser_t *abstract, sample_callback_t callb } } - assert (offset == size); - return PARSER_STATUS_SUCCESS; }