Addressed static code analyis issues (prefast) (#1227)

yitam · web-flow · commit 7afe00d23af2 · 2021-01-04T18:28:07.000-08:00
diff --git a/source/shared/core_sqlsrv.h b/source/shared/core_sqlsrv.h
@@ -1444,7 +1444,7 @@ namespace data_classification {
     struct name_id_pair;
     struct sensitivity_metadata;
 
-    void name_id_pair_free(name_id_pair * pair);
+    void name_id_pair_free(_Inout_ name_id_pair * pair);
     void parse_sensitivity_name_id_pairs(_Inout_ sqlsrv_stmt* stmt, _Inout_ USHORT& numpairs, _Inout_ std::vector<name_id_pair*, sqlsrv_allocator<name_id_pair*>>* pairs, _Inout_ unsigned char **pptr);
     void parse_column_sensitivity_props(_Inout_ sensitivity_metadata* meta, _Inout_ unsigned char **pptr, _In_ bool getRankInfo);
     USHORT fill_column_sensitivity_array(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSMALLINT colno, _Inout_ zval *column_data);
diff --git a/source/shared/core_stmt.cpp b/source/shared/core_stmt.cpp
@@ -2336,7 +2336,7 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
     //
 
     // Check if it's a negative number and if necessary to add the leading zero
-    bool is_negative = (*field_value == '-');
+    short is_negative = (*field_value == '-') ? 1 : 0;
     char *src = field_value + is_negative;
     bool add_leading_zero = false;
 
@@ -2354,12 +2354,12 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
         scale = field_scale;
     }
 
-    char buffer[50] = "  ";                  // A buffer with two blank spaces, as leeway
-    int offset = 1 + is_negative; 
+    char buffer[50] = "  ";             // A buffer with TWO blank spaces, as leeway
+    int offset = 1 + is_negative;       // for cases like 9.* to 10.* and the minus sign if needed
     int src_length = strnlen_s(src);
 
     if (add_leading_zero) {
-        buffer[offset++] = '0';
+        buffer[offset++] = '0';         // leading zero added
     }
     // Copy the original numerical value to the buffer
     memcpy_s(buffer + offset, src_length, src, src_length);
@@ -2375,10 +2375,11 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
         }
     }  
 
-    // Remove the extra white space if not used
-    char *p = buffer;
-    offset = 0;
-    while (isspace(*p++)) {
+    // Remove the extra white space if not used. For a negative number,
+    // the first pos is always a space
+    offset = is_negative;
+    char *p = buffer + offset;
+    while (*p++ == ' ') {
         offset++;
     }
     if (is_negative) {
@@ -3017,23 +3018,23 @@ void adjustDecimalPrecision(_Inout_ zval* param_z, _In_ SQLSMALLINT decimal_digi
         return;
     }
 
-    // If std::stold() succeeds, 'idx' is the position of the first character after the numerical value
+    // If std::stold() succeeds, 'index' is the position of the first character after the numerical value
     long double d = 0;
-    size_t idx;
+    size_t index;
     try {
-        d = std::stold(std::string(value), &idx);
+        d = std::stold(std::string(value), &index);
     }
     catch (const std::logic_error& ) {
         return;		// invalid input caused the conversion to throw an exception
     }
-    if (idx < value_len) {
+    if (index < value_len) {
         return;		// the input contains something else apart from the numerical value 
     }
 
     // Navigate to the first digit or the decimal point
-    bool is_negative = (d < 0);
+    short is_negative = (d < 0) ? 1 : 0;
     char *src = value + is_negative;
-    while (*src != DECIMAL_POINT && !isdigit(*src)) {
+    while (*src != DECIMAL_POINT && !isdigit(static_cast<unsigned int>(*src))) {
         src++;
     }
 
diff --git a/source/shared/core_util.cpp b/source/shared/core_util.cpp
@@ -72,7 +72,7 @@ SQLCHAR SSPWARN[] = "01SSP";
 // the script (sqlsrv_configure).
 void write_to_log( _In_ unsigned int severity, _In_ const char* msg, ...)
 {
-    SQLSRV_ASSERT( !(g_driver_severity == NULL), "Must register a driver checker function." );
+    SQLSRV_ASSERT(g_driver_severity != NULL, "Must register a driver checker function.");
     if (!g_driver_severity(severity)) {
         return;
     }
@@ -491,11 +491,11 @@ namespace data_classification {
     const char* ID = "id";
     const char* RANK = "rank";
 
-    void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(cchOutLen) char** field_name)
+    void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(field_name_len) char** field_name, _Out_ SQLLEN& field_name_len)
     {
         sqlsrv_malloc_auto_ptr<SQLWCHAR> temp_field_name;
         int temp_field_len = len * sizeof(SQLWCHAR);
-        SQLLEN field_name_len = 0;
+        field_name_len = 0;
 
         if (len == 0) {
             *field_name = reinterpret_cast<char*>(sqlsrv_malloc(1));
@@ -538,6 +538,7 @@ namespace data_classification {
         while (npairs--) {
             int namelen, idlen;
             unsigned char *nameptr, *idptr;
+            SQLLEN field_len;
 
             sqlsrv_malloc_auto_ptr<name_id_pair> pair;
             pair = new(sqlsrv_malloc(sizeof(name_id_pair))) name_id_pair();
@@ -549,7 +550,7 @@ namespace data_classification {
             nameptr = ptr;
 
             pair->name_len = namelen; 
-            convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name);
+            convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name, field_len);
             pair->name = name;
 
             ptr += namelen * 2;
@@ -558,7 +559,7 @@ namespace data_classification {
             ptr += idlen * 2;
 
             pair->id_len = idlen;
-            convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id);
+            convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id, field_len);
             pair->id = id;
 
             pairs->push_back(pair.get());
