From 57a7643252b8afc34da124315e4194a942d804ea Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Sat, 29 Mar 2025 02:03:28 +0100 Subject: [PATCH] fuzz: Address clang-tidy bugprone-narrowing-conversions The symptom was: > [..]/expat/fuzz/xml_parse_fuzzer.c:68:40: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors] > 68 | XML_Parse(p, (const XML_Char *)data, size, 0); > | ^ > [..]/expat/fuzz/xml_parse_fuzzer.c:69:44: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors] > 69 | if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) { > | ^ > [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:69:32: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors] > 69 | void *buf = XML_GetBuffer(p, size); > | ^ > [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:72:22: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors] > 72 | XML_ParseBuffer(p, size, 0); > | ^ > [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:73:26: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors] > 73 | buf = XML_GetBuffer(p, size); > | ^ > [..]/expat/fuzz/xml_parsebuffer_fuzzer.c:78:26: error: narrowing conversion from 'size_t' (aka 'unsigned long') to signed type 'int' is implementation-defined [bugprone-narrowing-conversions,-warnings-as-errors] > 78 | if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) { > | ^ --- expat/fuzz/xml_parse_fuzzer.c | 6 ++++-- expat/fuzz/xml_parsebuffer_fuzzer.c | 10 ++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/expat/fuzz/xml_parse_fuzzer.c b/expat/fuzz/xml_parse_fuzzer.c index 6a1affe2..90c38549 100644 --- a/expat/fuzz/xml_parse_fuzzer.c +++ b/expat/fuzz/xml_parse_fuzzer.c @@ -15,6 +15,7 @@ */ #include +#include // for INT_MAX #include #include "expat.h" @@ -65,8 +66,9 @@ ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) { XML_SetUserData(p, p); XML_SetElementHandler(p, start, end); XML_SetCharacterDataHandler(p, may_stop_character_handler); - XML_Parse(p, (const XML_Char *)data, size, 0); - if (XML_Parse(p, (const XML_Char *)data, size, 1) == XML_STATUS_ERROR) { + assert(size <= INT_MAX); + XML_Parse(p, (const XML_Char *)data, (int)size, 0); + if (XML_Parse(p, (const XML_Char *)data, (int)size, 1) == XML_STATUS_ERROR) { XML_ErrorString(XML_GetErrorCode(p)); } XML_GetCurrentLineNumber(p); diff --git a/expat/fuzz/xml_parsebuffer_fuzzer.c b/expat/fuzz/xml_parsebuffer_fuzzer.c index cfc4af20..0db67dce 100644 --- a/expat/fuzz/xml_parsebuffer_fuzzer.c +++ b/expat/fuzz/xml_parsebuffer_fuzzer.c @@ -15,6 +15,7 @@ */ #include +#include // for INT_MAX #include #include @@ -66,16 +67,17 @@ ParseOneInput(XML_Parser p, const uint8_t *data, size_t size) { XML_SetUserData(p, p); XML_SetElementHandler(p, start, end); XML_SetCharacterDataHandler(p, may_stop_character_handler); - void *buf = XML_GetBuffer(p, size); + assert(size <= INT_MAX); + void *buf = XML_GetBuffer(p, (int)size); assert(buf); memcpy(buf, data, size); - XML_ParseBuffer(p, size, 0); - buf = XML_GetBuffer(p, size); + XML_ParseBuffer(p, (int)size, 0); + buf = XML_GetBuffer(p, (int)size); if (buf == NULL) { return; } memcpy(buf, data, size); - if (XML_ParseBuffer(p, size, 1) == XML_STATUS_ERROR) { + if (XML_ParseBuffer(p, (int)size, 1) == XML_STATUS_ERROR) { XML_ErrorString(XML_GetErrorCode(p)); } XML_GetCurrentLineNumber(p);