diff --git a/lib/cf-https-connect.c b/lib/cf-https-connect.c index b4a4605295..4f055d6e12 100644 --- a/lib/cf-https-connect.c +++ b/lib/cf-https-connect.c @@ -75,6 +75,7 @@ static void cf_hc_baller_reset(struct cf_hc_baller *b, static bool cf_hc_baller_is_active(struct cf_hc_baller *b) { + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ return b->cf && !b->result; } diff --git a/lib/content_encoding.c b/lib/content_encoding.c index 3a0549c4b1..9c739d9b03 100644 --- a/lib/content_encoding.c +++ b/lib/content_encoding.c @@ -654,6 +654,7 @@ void Curl_all_content_encodings(char *buf, size_t blen) *p++ = ' '; } } + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ p[-2] = '\0'; } } diff --git a/lib/mime.c b/lib/mime.c index f480bc7042..2079dc99ca 100644 --- a/lib/mime.c +++ b/lib/mime.c @@ -1753,6 +1753,7 @@ static bool content_type_match(const char *contenttype, const char *target, size_t len) { if(contenttype && curl_strnequal(contenttype, target, len)) + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ switch(contenttype[len]) { case '\0': case '\t': diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index 6164cd388b..cdd778e93c 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -411,6 +411,7 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length) { size_t i; for(i = 0; i < length; i++) { + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ dest[2 * i] = (unsigned char)src[i]; dest[2 * i + 1] = '\0'; } @@ -832,6 +833,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, DEBUGASSERT(size == hostoff); if(unicode) + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ unicodecpy(&ntlmbuf[size], host, hostlen / 2); else memcpy(&ntlmbuf[size], host, hostlen); diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index f17f9142be..fd92205a69 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -1048,6 +1048,7 @@ static size_t multissl_version(char *buffer, size_t size) backends[0] = '\0'; + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ for(i = 0; available_backends[i]; ++i) { char vb[200]; bool paren = (selected != available_backends[i]); @@ -1088,6 +1089,7 @@ static int multissl_setup(const struct Curl_ssl *backend) env = curl_getenv("CURL_SSL_BACKEND"); if(env) { + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ for(i = 0; available_backends[i]; i++) { if(curl_strequal(env, available_backends[i]->info.name)) { Curl_ssl = available_backends[i]; @@ -1134,6 +1136,7 @@ CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name, CURLSSLSET_UNKNOWN_BACKEND; #endif + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ for(i = 0; available_backends[i]; i++) { if(available_backends[i]->info.id == id || (name && curl_strequal(available_backends[i]->info.name, name))) { diff --git a/tests/server/dnsd.c b/tests/server/dnsd.c index dc49723da3..e1862d188f 100644 --- a/tests/server/dnsd.c +++ b/tests/server/dnsd.c @@ -180,6 +180,7 @@ static void add_answer(unsigned char *bytes, size_t *w, size_t i = *w; /* add answer */ + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ bytes[i++] = 0xc0; bytes[i++] = 0x0c; /* points to the query at this fixed packet index */ diff --git a/tests/server/getpart.c b/tests/server/getpart.c index 6bff92ab1a..09b09fc78c 100644 --- a/tests/server/getpart.c +++ b/tests/server/getpart.c @@ -99,6 +99,7 @@ static int readline(char **buffer, size_t *bufsize, size_t *length, } *length = offset + line_length(*buffer + offset, bytestoread); + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if(*(*buffer + *length - 1) == '\n') break; offset = *length; diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c index 67829922dc..680bdb0340 100644 --- a/tests/server/rtspd.c +++ b/tests/server/rtspd.c @@ -655,6 +655,7 @@ static int rtspd_get_request(curl_socket_t sock, struct rtspd_httprequest *req) logmsg("Read %zd bytes", got); req->offset += (size_t)got; + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ reqbuf[req->offset] = '\0'; done_processing = rtspd_ProcessRequest(req); diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c index c8b21beee9..43525ef367 100644 --- a/tests/server/sockfilt.c +++ b/tests/server/sockfilt.c @@ -1023,6 +1023,7 @@ static bool juggle(curl_socket_t *sockfdp, #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Warith-conversion" #endif + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ FD_SET(sockfd, &fds_read); #ifdef __DJGPP__ #pragma GCC diagnostic pop diff --git a/tests/server/socksd.c b/tests/server/socksd.c index 4d599e16b6..4453061fd1 100644 --- a/tests/server/socksd.c +++ b/tests/server/socksd.c @@ -560,6 +560,7 @@ static int tunnel(struct perclient *cp, fd_set *fds) ssize_t nread; ssize_t nwrite; char buffer[512]; + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if(FD_ISSET(cp->clientfd, fds)) { /* read from client, send to remote */ nread = recv(cp->clientfd, buffer, sizeof(buffer), 0); @@ -573,6 +574,7 @@ static int tunnel(struct perclient *cp, fd_set *fds) else return 1; } + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if(FD_ISSET(cp->remotefd, fds)) { /* read from remote, send to client */ nread = recv(cp->remotefd, buffer, sizeof(buffer), 0); @@ -680,6 +682,7 @@ static bool socksd_incoming(curl_socket_t listenfd) return FALSE; } + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if((clients < 2) && FD_ISSET(sockfd, &fds_read)) { curl_socket_t newfd = accept(sockfd, NULL, NULL); if(CURL_SOCKET_BAD == newfd) { diff --git a/tests/server/sws.c b/tests/server/sws.c index 2b94e52938..277d0f6120 100644 --- a/tests/server/sws.c +++ b/tests/server/sws.c @@ -1311,6 +1311,7 @@ static curl_socket_t connect_to(const char *ipaddr, unsigned short port) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Warith-conversion" #endif + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ FD_SET(serverfd, &output); #ifdef __DJGPP__ #pragma GCC diagnostic pop @@ -1490,6 +1491,7 @@ static void http_connect(curl_socket_t *infdp, #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Warith-conversion" #endif + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ FD_SET(serverfd[i], &input); #ifdef __DJGPP__ #pragma GCC diagnostic pop @@ -1607,6 +1609,7 @@ static void http_connect(curl_socket_t *infdp, size_t len; if(clientfd[i] != CURL_SOCKET_BAD) { len = sizeof(readclient[i]) - tos[i]; + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if(len && FD_ISSET(clientfd[i], &input)) { /* read from client */ rc = sread(clientfd[i], &readclient[i][tos[i]], len); @@ -1625,6 +1628,7 @@ static void http_connect(curl_socket_t *infdp, } if(serverfd[i] != CURL_SOCKET_BAD) { len = sizeof(readserver[i])-toc[i]; + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if(len && FD_ISSET(serverfd[i], &input)) { /* read from server */ rc = sread(serverfd[i], &readserver[i][toc[i]], len); @@ -1662,6 +1666,7 @@ static void http_connect(curl_socket_t *infdp, } } if(serverfd[i] != CURL_SOCKET_BAD) { + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ if(tos[i] && FD_ISSET(serverfd[i], &output)) { /* write to server */ rc = swrite(serverfd[i], readclient[i], tos[i]); diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c index 193afac137..b03cd419ab 100644 --- a/tests/server/tftpd.c +++ b/tests/server/tftpd.c @@ -913,6 +913,7 @@ static int do_tftp(struct testcase *test, struct tftphdr *tp, ssize_t size) filename = cp; do { bool endofit = true; + /* NOLINTNEXTLINE(clang-analyzer-security.ArrayBound) */ while(cp < &trsbuf.storage[size]) { if(*cp == '\0') { endofit = false;