From 7afe00d23af206d18eea25c41430780bf74fcdf6 Mon Sep 17 00:00:00 2001 From: Jenny Tam Date: Mon, 4 Jan 2021 18:28:07 -0800 Subject: [PATCH] Addressed static code analyis issues (prefast) (#1227) --- source/shared/core_sqlsrv.h | 2 +- source/shared/core_stmt.cpp | 29 +++++++++++++++-------------- source/shared/core_util.cpp | 11 ++++++----- 3 files changed, 22 insertions(+), 20 deletions(-) diff --git a/source/shared/core_sqlsrv.h b/source/shared/core_sqlsrv.h index fc7855e9..3a3a8af5 100644 --- a/source/shared/core_sqlsrv.h +++ b/source/shared/core_sqlsrv.h @@ -1444,7 +1444,7 @@ namespace data_classification { struct name_id_pair; struct sensitivity_metadata; - void name_id_pair_free(name_id_pair * pair); + void name_id_pair_free(_Inout_ name_id_pair * pair); void parse_sensitivity_name_id_pairs(_Inout_ sqlsrv_stmt* stmt, _Inout_ USHORT& numpairs, _Inout_ std::vector>* pairs, _Inout_ unsigned char **pptr); void parse_column_sensitivity_props(_Inout_ sensitivity_metadata* meta, _Inout_ unsigned char **pptr, _In_ bool getRankInfo); USHORT fill_column_sensitivity_array(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSMALLINT colno, _Inout_ zval *column_data); diff --git a/source/shared/core_stmt.cpp b/source/shared/core_stmt.cpp index 9e59a7da..d87231f8 100644 --- a/source/shared/core_stmt.cpp +++ b/source/shared/core_stmt.cpp @@ -2336,7 +2336,7 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f // // Check if it's a negative number and if necessary to add the leading zero - bool is_negative = (*field_value == '-'); + short is_negative = (*field_value == '-') ? 1 : 0; char *src = field_value + is_negative; bool add_leading_zero = false; @@ -2354,12 +2354,12 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f scale = field_scale; } - char buffer[50] = " "; // A buffer with two blank spaces, as leeway - int offset = 1 + is_negative; + char buffer[50] = " "; // A buffer with TWO blank spaces, as leeway + int offset = 1 + is_negative; // for cases like 9.* to 10.* and the minus sign if needed int src_length = strnlen_s(src); if (add_leading_zero) { - buffer[offset++] = '0'; + buffer[offset++] = '0'; // leading zero added } // Copy the original numerical value to the buffer memcpy_s(buffer + offset, src_length, src, src_length); @@ -2375,10 +2375,11 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f } } - // Remove the extra white space if not used - char *p = buffer; - offset = 0; - while (isspace(*p++)) { + // Remove the extra white space if not used. For a negative number, + // the first pos is always a space + offset = is_negative; + char *p = buffer + offset; + while (*p++ == ' ') { offset++; } if (is_negative) { @@ -3017,23 +3018,23 @@ void adjustDecimalPrecision(_Inout_ zval* param_z, _In_ SQLSMALLINT decimal_digi return; } - // If std::stold() succeeds, 'idx' is the position of the first character after the numerical value + // If std::stold() succeeds, 'index' is the position of the first character after the numerical value long double d = 0; - size_t idx; + size_t index; try { - d = std::stold(std::string(value), &idx); + d = std::stold(std::string(value), &index); } catch (const std::logic_error& ) { return; // invalid input caused the conversion to throw an exception } - if (idx < value_len) { + if (index < value_len) { return; // the input contains something else apart from the numerical value } // Navigate to the first digit or the decimal point - bool is_negative = (d < 0); + short is_negative = (d < 0) ? 1 : 0; char *src = value + is_negative; - while (*src != DECIMAL_POINT && !isdigit(*src)) { + while (*src != DECIMAL_POINT && !isdigit(static_cast(*src))) { src++; } diff --git a/source/shared/core_util.cpp b/source/shared/core_util.cpp index 127a68e2..1b8a2d66 100644 --- a/source/shared/core_util.cpp +++ b/source/shared/core_util.cpp @@ -72,7 +72,7 @@ SQLCHAR SSPWARN[] = "01SSP"; // the script (sqlsrv_configure). void write_to_log( _In_ unsigned int severity, _In_ const char* msg, ...) { - SQLSRV_ASSERT( !(g_driver_severity == NULL), "Must register a driver checker function." ); + SQLSRV_ASSERT(g_driver_severity != NULL, "Must register a driver checker function."); if (!g_driver_severity(severity)) { return; } @@ -491,11 +491,11 @@ namespace data_classification { const char* ID = "id"; const char* RANK = "rank"; - void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(cchOutLen) char** field_name) + void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(field_name_len) char** field_name, _Out_ SQLLEN& field_name_len) { sqlsrv_malloc_auto_ptr temp_field_name; int temp_field_len = len * sizeof(SQLWCHAR); - SQLLEN field_name_len = 0; + field_name_len = 0; if (len == 0) { *field_name = reinterpret_cast(sqlsrv_malloc(1)); @@ -538,6 +538,7 @@ namespace data_classification { while (npairs--) { int namelen, idlen; unsigned char *nameptr, *idptr; + SQLLEN field_len; sqlsrv_malloc_auto_ptr pair; pair = new(sqlsrv_malloc(sizeof(name_id_pair))) name_id_pair(); @@ -549,7 +550,7 @@ namespace data_classification { nameptr = ptr; pair->name_len = namelen; - convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name); + convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name, field_len); pair->name = name; ptr += namelen * 2; @@ -558,7 +559,7 @@ namespace data_classification { ptr += idlen * 2; pair->id_len = idlen; - convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id); + convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id, field_len); pair->id = id; pairs->push_back(pair.get());