[ox] Address unsafe buffer warnings

2025-05-06 22:25:13 -05:00 · 2025-05-06 22:25:13 -05:00 · a8c1387d5a
commit a8c1387d5a
parent ff1e8f260b
19 changed files with 117 additions and 44 deletions
--- a/deps/ox/src/ox/clargs/clargs.cpp
+++ b/deps/ox/src/ox/clargs/clargs.cpp
@ -29,7 +29,7 @@ ClArgs::ClArgs(ox::SpanView<const char*> args) noexcept {
 						m_bools[arg] = false;
 					}
 					m_strings[arg] = val;
-					if (auto r = ox::atoi(val.c_str()); r.error == 0) {
+					if (auto r = ox::strToInt(val); r.error == 0) {
 						m_ints[arg] = r.value;
 					}
 					++i;
--- a/deps/ox/src/ox/claw/read.cpp
+++ b/deps/ox/src/ox/claw/read.cpp
@ -81,7 +81,7 @@ Result<ClawHeader> readClawHeader(ox::BufferView buff) noexcept {
 		return ox::Error(4, "Claw format does not match any supported format/version combo");
 	}
 	hdr.typeName = typeName;
-	std::ignore = ox::atoi(versionStr).copyTo(hdr.typeVersion);
+	std::ignore = ox::strToInt(versionStr).copyTo(hdr.typeVersion);
 	hdr.data = buffRaw;
 	hdr.dataSize = buffLen;
 	return hdr;
--- a/deps/ox/src/ox/fs/filesystem/filelocation.cpp
+++ b/deps/ox/src/ox/fs/filesystem/filelocation.cpp
@ -31,10 +31,10 @@ FileAddress::FileAddress(uint64_t inode) noexcept {
 FileAddress::FileAddress(ox::StringViewCR path) noexcept {
 	auto pathSize = path.bytes();
 	m_data.path = new char[pathSize + 1];
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	memcpy(m_data.path, path.data(), pathSize);
 OX_CLANG_NOWARN_BEGIN(-Wunsafe-buffer-usage)
 	m_data.path[pathSize] = 0;
-OX_CLANG_NOWARN_END
+	OX_ALLOW_UNSAFE_BUFFERS_END
 	m_type = FileAddressType::Path;
 }
@ -48,9 +48,11 @@ FileAddress &FileAddress::operator=(const FileAddress &other) noexcept {
 		case FileAddressType::Path:
 		{
 			if (other.m_data.path) {
 				OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 				auto strSize = ox::strlen(other.m_data.path) + 1;
 				m_data.path = new char[strSize];
 				ox::memcpy(m_data.path, other.m_data.path, strSize);
 				OX_ALLOW_UNSAFE_BUFFERS_END
 			} else {
 				m_data.constPath = "";
 				m_type = FileAddressType::ConstPath;
--- a/deps/ox/src/ox/fs/test/tests.cpp
+++ b/deps/ox/src/ox/fs/test/tests.cpp
@ -119,7 +119,9 @@ const std::map<ox::StringView, std::function<ox::Error(ox::StringView)>> tests =
 				auto constexpr path = ox::StringLiteral("/usr/share/charset.gbag");
 				ox::PathIterator it(path.c_str(), path.len());
 				auto buff = static_cast<char*>(ox_alloca(path.len() + 1));
 				OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 				oxAssert(it.dirPath(buff, path.len()) == 0 && ox::strcmp(buff, "/usr/share/") == 0, "PathIterator shows incorrect dir path");
 				OX_ALLOW_UNSAFE_BUFFERS_END
 				return ox::Error(0);
 			}
 		},
@ -127,7 +129,9 @@ const std::map<ox::StringView, std::function<ox::Error(ox::StringView)>> tests =
 			"PathIterator::hasNext",
 			[](ox::StringView) {
 				const auto path = "/file1";
 				OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 				ox::PathIterator it(path, ox::strlen(path));
 				OX_ALLOW_UNSAFE_BUFFERS_END
 				oxAssert(it.hasNext(), "PathIterator shows incorrect hasNext");
 				oxAssert(!it.next().hasNext(), "PathIterator shows incorrect hasNext");
 				return ox::Error(0);
@ -163,9 +167,11 @@ const std::map<ox::StringView, std::function<ox::Error(ox::StringView)>> tests =
 			[](ox::StringView) {
 				constexpr auto buffLen = 5000;
 				constexpr auto str1 = "Hello, World!";
 				OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 				constexpr auto str1Len = ox::strlen(str1) + 1;
 				constexpr auto str2 = "Hello, Moon!";
 				constexpr auto str2Len = ox::strlen(str2) + 1;
 				OX_ALLOW_UNSAFE_BUFFERS_END
 				auto list = new (ox_alloca(buffLen)) ox::ptrarith::NodeBuffer<uint32_t, ox::FileStoreItem<uint32_t>>(buffLen);
 				oxAssert(ox::FileStore32::format(list, buffLen), "FileStore::format failed.");
 				ox::FileStore32 fileStore(list, buffLen);
--- a/deps/ox/src/ox/fs/tool.cpp
+++ b/deps/ox/src/ox/fs/tool.cpp
@ -57,7 +57,9 @@ static ox::Error runRead(ox::FileSystem *fs, ox::Span<const char*> args) noexcep
 		return ox::Error(1);
 	}
 	OX_REQUIRE(buff, fs->read(ox::StringView(args[1])));
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	std::ignore = fwrite(buff.data(), sizeof(decltype(buff)::value_type), buff.size(), stdout);
 	OX_ALLOW_UNSAFE_BUFFERS_END
 	return ox::Error(0);
 }
--- a/deps/ox/src/ox/mc/intops.hpp
+++ b/deps/ox/src/ox/mc/intops.hpp
@ -71,7 +71,9 @@ constexpr McInt encodeInteger(I pInput) noexcept {
 	// move input to uint64_t to allow consistent bit manipulation, and to avoid
 	// overflow concerns
 	uint64_t val = 0;
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	ox::memcpy(&val, &input, sizeof(input));
 	OX_ALLOW_UNSAFE_BUFFERS_END
 	if (val) {
 		// bits needed to represent number factoring in space possibly
 		// needed for signed bit
@ -94,7 +96,9 @@ constexpr McInt encodeInteger(I pInput) noexcept {
 		}
 		if (bytes == 9) {
 			out.data[0] = bytesIndicator;
 			OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 			ox::memcpy(&out.data[1], &leVal, 8);
 			OX_ALLOW_UNSAFE_BUFFERS_END
 			if (inputNegative) {
 				out.data[1] |= 0b1000'0000;
 			}
@ -104,7 +108,9 @@ constexpr McInt encodeInteger(I pInput) noexcept {
 			auto intermediate =
 				static_cast<uint64_t>(leVal.raw() | (negBit << (valBits - 1))) << bytes |
 				static_cast<uint64_t>(bytesIndicator);
 			OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 			ox::memcpy(&out.data[0], &intermediate, sizeof(intermediate));
 			OX_ALLOW_UNSAFE_BUFFERS_END
 		}
 		out.length = bytes;
 	}
@ -160,7 +166,9 @@ constexpr Result<I> decodeInteger(Reader_c auto&rdr, std::size_t *bytesRead) noe
 			ox::Array<uint32_t, 2> d = {};
 			//d[0] = decoded & 0xffff'ffff;
 			//d[1] = decoded >> 32;
 		 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 			ox::memcpy(&d[0], &decoded, sizeof(decoded));
 		 	OX_ALLOW_UNSAFE_BUFFERS_END
 			auto bit = negBit;
 			for (; bit < ox::min<std::size_t>(Bits<I>, 32); ++bit) {
 				d[0] |= 1 << bit;
@ -175,7 +183,9 @@ constexpr Result<I> decodeInteger(Reader_c auto&rdr, std::size_t *bytesRead) noe
 				d[0] = d[1];
 				d[1] = d0Tmp;
 			}
 		 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 			ox::memcpy(&out, &d[0], sizeof(out));
 			OX_ALLOW_UNSAFE_BUFFERS_END
 			return out;
 		}
 	}
--- a/deps/ox/src/ox/mc/write.hpp
+++ b/deps/ox/src/ox/mc/write.hpp
@ -211,10 +211,12 @@ constexpr Error MetalClawWriter<Writer>::field(const char *name, const IString<L
 }
 template<Writer_c Writer>
-constexpr Error MetalClawWriter<Writer>::fieldCString(const char*, const char *const*val, std::size_t) noexcept {
+constexpr Error MetalClawWriter<Writer>::fieldCString(const char*, const char *const*val, std::size_t buffLen) noexcept {
 	bool fieldSet = false;
 	if (!m_unionIdx.has_value() || *m_unionIdx == m_field) {
-		const auto strLen = *val ? ox::strlen(*val) : 0;
+		OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 		const auto strLen = *val ? ox::strnlen_s(*val, buffLen) : 0;
 		OX_ALLOW_UNSAFE_BUFFERS_END
 		// write the length
 		const auto strLenBuff = mc::encodeInteger(strLen);
 		OX_RETURN_ERROR(m_writer.write(reinterpret_cast<const char*>(strLenBuff.data.data()), strLenBuff.length));
--- a/deps/ox/src/ox/model/modelvalue.hpp
+++ b/deps/ox/src/ox/model/modelvalue.hpp
@ -997,7 +997,7 @@ constexpr ModelValue::ModelValue(const ModelValue &other) noexcept {
 		case Type::SignedInteger16:
 		case Type::SignedInteger32:
 		case Type::SignedInteger64:
-			ox::memcpy(&m_data, &other.m_data, sizeof(m_data));
+			m_data = other.m_data;
 			break;
 		case Type::String:
 			m_data.str = new String(other.get<String>());
@ -1030,8 +1030,8 @@ constexpr ModelValue::ModelValue(ModelValue &&other) noexcept {
 		case Type::SignedInteger16:
 		case Type::SignedInteger32:
 		case Type::SignedInteger64:
-			ox::memcpy(&m_data, &other.m_data, sizeof(m_data));
+			m_data = other.m_data;
-			ox::memset(&other.m_data, 0, sizeof(m_data));
+			other.m_data.ui64 = 0;
 			break;
 		case Type::String:
 			m_data.str = other.m_data.str;
@ -1223,7 +1223,7 @@ constexpr ModelValue &ModelValue::operator=(const ModelValue &other) noexcept {
 		case Type::SignedInteger16:
 		case Type::SignedInteger32:
 		case Type::SignedInteger64:
-			ox::memcpy(&m_data, &other.m_data, sizeof(m_data));
+			m_data = other.m_data;
 			break;
 		case Type::String:
 			m_data.str = new String(other.get<String>());
@ -1261,8 +1261,8 @@ constexpr ModelValue &ModelValue::operator=(ModelValue &&other) noexcept {
 		case Type::SignedInteger16:
 		case Type::SignedInteger32:
 		case Type::SignedInteger64:
-			ox::memcpy(&m_data, &other.m_data, sizeof(m_data));
+			m_data = other.m_data;
-			ox::memset(&other.m_data, 0, sizeof(m_data));
+			other.m_data = {};
 			break;
 		case Type::String:
 			m_data.str = other.m_data.str;
--- a/deps/ox/src/ox/oc/read.cpp
+++ b/deps/ox/src/ox/oc/read.cpp
@ -15,7 +15,7 @@ namespace ox {
 OrganicClawReader::OrganicClawReader(const uint8_t *buff, std::size_t buffSize) {
 	auto json = reinterpret_cast<const char*>(buff);
-	auto jsonLen = ox::strnlen(json, buffSize);
+	auto jsonLen = ox::strnlen_s(json, buffSize);
 	Json::CharReaderBuilder parserBuilder;
 	auto parser = std::unique_ptr<Json::CharReader>(parserBuilder.newCharReader());
 	if (!parser->parse(json, json + jsonLen, &m_json, nullptr)) {
--- a/deps/ox/src/ox/oc/read.hpp
+++ b/deps/ox/src/ox/oc/read.hpp
@ -8,7 +8,11 @@
 #pragma once
 #include <ox/std/def.hpp>
 OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 #include <json/json.h>
 OX_ALLOW_UNSAFE_BUFFERS_END
 #include <ox/model/fieldcounter.hpp>
 #include <ox/model/modelhandleradaptor.hpp>
--- a/deps/ox/src/ox/oc/write.hpp
+++ b/deps/ox/src/ox/oc/write.hpp
@ -8,7 +8,11 @@
 #pragma once
 #include <ox/std/def.hpp>
 OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 #include <json/json.h>
 OX_ALLOW_UNSAFE_BUFFERS_END
 #include <ox/model/fieldcounter.hpp>
 #include <ox/model/modelhandleradaptor.hpp>
@ -258,7 +262,9 @@ Result<ox::Buffer> writeOC(const auto &val) noexcept {
 	const auto str = Json::writeString(jsonBuilder, writer.m_json);
 	Result<Buffer> buff;
 	buff.value.resize(str.size() + 1);
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	memcpy(buff.value.data(), str.data(), str.size() + 1);
 	OX_ALLOW_UNSAFE_BUFFERS_END
 	return buff;
 }
@ -270,7 +276,9 @@ Result<ox::String> writeOCString(const auto &val) noexcept {
 	const auto str = Json::writeString(jsonBuilder, writer.m_json);
 	Result<ox::String> buff;
 	buff.value.resize(str.size());
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	memcpy(buff.value.data(), str.data(), str.size() + 1);
 	OX_ALLOW_UNSAFE_BUFFERS_END
 	return buff;
 }
--- a/deps/ox/src/ox/std/cstrops.hpp
+++ b/deps/ox/src/ox/std/cstrops.hpp
@ -30,9 +30,12 @@ constexpr T1 strncpy(T1 dest, T2 src, std::size_t maxLen) noexcept {
 }
 [[nodiscard]]
-constexpr auto strnlen(const char *str1, std::size_t maxLen) noexcept {
+constexpr size_t strnlen_s(const char *str, size_t const maxLen) noexcept {
-	std::size_t len = 0;
+	if (!str) [[unlikely]] {
-	for (; len < maxLen && str1[len]; len++);
+		return 0;
 	}
 	size_t len = 0;
 	for (; len < maxLen && str[len]; len++);
 	return len;
 }
--- a/deps/ox/src/ox/std/span.hpp
+++ b/deps/ox/src/ox/std/span.hpp
@ -8,6 +8,10 @@
 #pragma once
 #if __has_include(<array>)
 #include <array>
 #endif
 #include "array.hpp"
 #include "bit.hpp"
 #include "def.hpp"
@ -35,6 +39,20 @@ class Span {
 		constexpr Span() noexcept = default;
 #if __has_include(<array>)
 		template<std::size_t sz>
 		constexpr Span(std::array<T, sz> &a) noexcept:
 			m_items(a.data()),
 			m_size(a.size()) {
 		}
 		template<std::size_t sz>
 		constexpr Span(std::array<ox::remove_const_t<T>, sz> const&a) noexcept:
 			m_items(a.data()),
 			m_size(a.size()) {
 		}
 #endif
 		template<std::size_t sz>
 		constexpr Span(ox::Array<T, sz> &a) noexcept:
 			m_items(a.data()),
--- a/deps/ox/src/ox/std/stringliteral.hpp
+++ b/deps/ox/src/ox/std/stringliteral.hpp
@ -32,7 +32,9 @@ class StringLiteral: public detail::BaseStringView {
 		constexpr explicit StringLiteral(const char *str, std::size_t len) noexcept: BaseStringView(str, len) {}
 		OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 		constexpr explicit StringLiteral(char const *str) noexcept: StringLiteral(str, ox::strlen(str)) {}
 		OX_ALLOW_UNSAFE_BUFFERS_END
 		constexpr StringLiteral &operator=(StringLiteral const&other) noexcept {
 			if (&other != this) {
--- a/deps/ox/src/ox/std/stringview.hpp
+++ b/deps/ox/src/ox/std/stringview.hpp
@ -100,7 +100,8 @@ constexpr auto toStdStringView(StringViewCR sv) noexcept {
 #endif
-constexpr ox::Result<int> atoi(ox::StringViewCR str) noexcept {
+constexpr ox::Result<int> strToInt(ox::StringViewCR str) noexcept {
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	int total = 0;
 	int multiplier = 1;
 	for (auto i = static_cast<int64_t>(str.len()) - 1; i != -1; --i) {
@ -113,6 +114,7 @@ constexpr ox::Result<int> atoi(ox::StringViewCR str) noexcept {
 		}
 	}
 	return total;
 	OX_ALLOW_UNSAFE_BUFFERS_END
 }
--- a/deps/ox/src/ox/std/strops.cpp
+++ b/deps/ox/src/ox/std/strops.cpp
@ -9,6 +9,8 @@
 #include "def.hpp"
 #include "strops.hpp"
 OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 static_assert(ox::strcmp("asdf", "hijk") < 0, "asdf < hijk");
 static_assert(ox::strcmp("hijk", "asdf") > 0, "hijk > asdf");
 static_assert(ox::strcmp("resize", "read") > 0, "resize > read");
@ -42,3 +44,5 @@ std::size_t strlen(const char *str) {
 }
 #endif
 OX_ALLOW_UNSAFE_BUFFERS_END
--- a/deps/ox/src/ox/std/test/tests.cpp
+++ b/deps/ox/src/ox/std/test/tests.cpp
@ -145,6 +145,7 @@ OX_CLANG_NOWARN_END
 			return ox::Error{};
 		}
 	},
 	OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 	{
 		"ABCDEFG != HIJKLMN",
 		[]() {
@ -169,6 +170,7 @@ OX_CLANG_NOWARN_END
 			return ox::Error(ox::memcmp("ABCDEFGHI", "ABCDEFG", 7) != 0);
 		}
 	},
 	OX_ALLOW_UNSAFE_BUFFERS_END
 	{
 		"IString",
 		[]() {
--- a/deps/ox/src/ox/std/tracehook.cpp
+++ b/deps/ox/src/ox/std/tracehook.cpp
@ -39,6 +39,8 @@ enum LogChan {
 	Debug = 4,
 };
 OX_ALLOW_UNSAFE_BUFFERS_BEGIN
 template<LogChan chan>
 static void log(ox::StringViewCR str) {
 	const auto sz = ox::min<std::size_t>(0x100, str.bytes());
@ -103,5 +105,7 @@ void oxTraceHook([[maybe_unused]] const char *file, [[maybe_unused]] int line,
 #endif
 }
 OX_ALLOW_UNSAFE_BUFFERS_END
 }
--- a/deps/ox/src/ox/std/uuid.hpp
+++ b/deps/ox/src/ox/std/uuid.hpp
@ -105,6 +105,10 @@ class UUID {
 		ox::Array<uint8_t, 16> m_value{};
 	public:
 		static constexpr auto TypeName = "net.drinkingtea.ox.UUID";
 		static constexpr auto TypeVersion = 1;
 		static void seedGenerator(const RandomSeed &seed) noexcept;
 		static ox::Result<UUID> generate() noexcept;